Problems with Spyware, Adware, Malware?
Try this out...
I wrote the guide to assist friends when they had a bad infection and I
wrote it as a "throw the whole kitchen including the sink approach" to
correcting any generic malware or spyware infection. So, there are less
invasive ways to clean up your machine that is specific to whatever you're
infected with.
Remember with an infection, you've already let the burglar into the house
and re-enabling your home security system afterwards--you need to disinfect
whatever is a foothold in your system. Hopefully, this guide will get you back up and computing again without having to reinstall your whole system and praying that you have all of the backups.
1) Download the following items...
Microsoft Malicious Software Removal Tool http://www.microsoft.com/security/malwareremove/default.mspx
McAfee Stinger http://vil.nai.com/vil/stinger/
Trend Sysclean Package http://www.trendmicro.com/download/dcs.asp
Latest Trend Pattern File. http://www.trendmicro.com/download/pattern.asp
Adaware SE (free personal version v1.05) http://www.lavasoftusa.com/
Spybot http://www.safer-networking.org/
Microsoft AntiSpyware (Beta) http://www.microsoft.com/athome/security/spyware/software/default.mspx
Create a directory.
On drive "C:\"
(e.g., "c:\New Folder") or the desktop
(e.g., "C:\Documents and Settings\YOYO\Desktop\New Folder")
Download Sysclean.com and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
Extract the contents of the ZIP file and place the contents in the same directory assysclean.com.
2) Update all of the software listed above with their latest definitions.
3) Dump the contents of your IE cache
Start --> settings --> control panel --> Internet options --> delete files
AND
Dump the contents of your Sun Java cache
Start --> settings --> control panel --> Java plug-in --> cache --> clear
4) If you are using WinME or WinXP, disable System Restore http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
5) Reboot your PC into Safe Mode and shutdown as many applications as possible
Why Safe Mode?
In a nutshell, SafeMode loads the bare minimum in terms of services and background programs to get Windows started. This includes not loading extraneous drivers for your graphics card and other devices, as well as Spyware, malware, and all of those nasty critters that have hit your system.
SafeMode is also a valuable tool when it comes to eradicating malware- particularly worms- from your computer system. Often, even if you update your antivirus software to detect the latest threat it can't do anything to remove worms that are running in memory. Rebooting your computer won't help because the worm will generally already have loaded itself in memory before you can do anything about it. If you boot into SafeMode though the file that starts the worm will not be allowed to start and you can then run your antivirus software scan to detect and remove the malicious files.
So, how do you get to this magical SafeMode? Well, the "standard" way is to press the F8 key on your keyboard when Windows starts loading.
6) Using all of the tools listed above, perform a Full Scan of your platform and clean/delete any infectors/parasites found. This may take a little while.
7) Restart your PC and perform a "final" Full Scan of your platform using all of the utilities listed above.
8) If you are using WinME or WinXP, Re-enable System Restore and re-apply any System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
9) Reboot your PC
10) If you are using WinME or WinXP, create a new Restore point
11) Good House Keeping
Run WindowsUpdate http://windowsupdate.microsoft.com (for both the OS and Office)
Enable Windows AutomaticUpdates
12) Additional Diagnostics
*This is only required if the system appears to still be infected and requires more investigation.
Diagnostic Tool HiJackThis: http://www.tomcoyote.org/hjt/
Users Guide: http://www.iamnotageek.com/a/401-p1.php
Let me know if guide helped you.
Posts
Visitor
No comments:
Post a Comment