I have a (Insert appropriate word here: Malware, Virus, Trojan, Hijacker, Spyware, Adware, Rootkit, Other) infection. What do I do?
I have certainly cleaned allot of these up in my time. I usually use Sysinternals (Now owned by Microsoft) Process Explorer to terminate the Malware processes, Run Hijackthis to prevent the items starting the next time I boot, clear suspect files from temporary files areas and C:\Windows and C:\Windows\System32 but how can I help you to do this?
I have experience and have gained a gut feel for removing Malware files. I look at file sizes, icons, dates and sizes. Especially files with names taken from those that Microsoft have made but are in the wrong folders. I can not pass this onto you but I can guide you and help you to possibly make your system stable again.
Lets assume your system is stable enough to download some tools from the internet. Lets also assume we do not know what we are looking for.
First, please clear your temporary files with the ATF tool
Run Hijackthis (HJT) do not select to fix anything or remove anything. Create the log and save it where you can find it again.(This will show us what is running on your system)
Download and run GetRunKey. Save off the result test file. Take note of the Corrupt Autoexec.NT solutions on the page.(This will show what starts up at system boot). You will need to have a free registration to download the file at the end of the post.
Download and run GetUnKey. Save off the result test file. Take note of the Corrupt Autoexec.NT solutions.(This will show what is installed). You will need to have a free registration to download the file at the end of the post.
Show New . Save off the result test file. Take note of the Corrupt Autoexec.NT solutions.
(This will tell us what is new on your system). You will need to have a free registration to download the file at the end of the post.
If you are using Windows XP, we need you to run "Tasklist" at a command prompt. Go to the Start button, go to the Run box. Type in CMD and press the enter key.
In the black window, type in "tasklist". From the results output, open the cmd menu, select Edit - Mark. Highlight as much text as able (It will be highlighted white) and then past the results into Notepad. Save off this list.
Take these 4 (Maybe 5 files) text files and email them to firstname.lastname@example.org. Include in the Subject the text: [Malware]
Include any symptoms or observations you have made in the body of the email.
Now that you have sent this in, Download Pocket Killbox (we might need this to delete and terminate running applications.
Registrar Lite for Windows XP/2000/NT/ME/9x (It is a freeware flexible registry editor. It allows cutting, pasting, copying, and moving of keys and values as if it were Windows Explorer. It has extensive search and replace capabilities, a bookmark editor that optionally colours bookmarked keys and adds key descriptions, flexible value editors that allow importing data from files)
Now download and install Spybot. Update it. Inoculate your system and run a scan. When you are done, run an online Trend Micro Housecall scan. Hopefully it will find and remove the Malware. If it does not, I will have your text files to review. Look these items both up Here.
A great online resource to assist you further can be found at:
Steps to remove Spyware/Malware & Keeping your computer safe and secure More options
Help make this article easy to find for others.
If you belong to one of the following Network sites, please click to vote for this page.
(If you are not registered, it is free)
To keep up to date you can
refer to my blog
If you are viewing this page then these specific other pages in this series might be of interest to you:
Tools to remove Malware and Viruses
Tools to remove Malware etc but still under review by me
A page dedicated to helping you get the information needed to remove Malware
Spybot installation steps
How to perform an online Housecall Virus scan
What is Malware ?
Why are people using my email address?
How did someone steal my Email address?
Why is my email being blocked ?
How can I reduce spam ?
Why did I get infected ?
How to Handle Spam!
Why do I get all these bounce backs to my email address ?
What is a driveby Malware attack ?