Advertisement
How to add spoiler tags, edit posts, add images etc. How to - a user's guide to the new version of Boards
Mods please check the Moderators Group for an important update on Mod tools. If you do not have access to the group, please PM Niamh. Thanks!

"I think I have a virus" - Please Read & Try BEFORE Posting (Updated 12/02/2010)

  • #1
    Closed Accounts Posts: 17,209 aidan_walsh


    So you think you might have a virus or some other form of malware on your computer? Well, you've come to the right place. Here we can help you remove whatever is on your system that shouldn't be, and help you make sure it doesn't get back on again.

    First off, its important to realise that not every issue with a computer is malware related - in fact, very few are. Many issues can be caused by incorrect settings, how applications act and interact, or error and bugs in software so its important to keep your system and its applications up to date.

    Also, please do not try steps that are outlined in other threads. These posts are tailored to the individual issue at hand, and performing scans and only following the steps listed in those could have the potential to cause further issues with your system, or perhaps miss additional infections you may have that the other poster did not.


Comments



  • Step 1: Preparation
    Backup Your Registry with ERUNT
    • Please use the following link and scroll down to ERUNT and download it.
      http://aumha.org/freeware/freeware.php
    • For version with the Installer:
      Use the setup program to install ERUNT on your computer
    • For the zipped version:
      Unzip all the files into a folder of your choice.

    Click Erunt.exe to backup your registry to the folder of your choice.
    Note: to restore your registry, go to the folder and start ERDNT.exe


    Download SysRestorePoint to your desktop and unzip it to it's own folder.
    • Double click SysRestorePoint.exe so that we can make a new system restore point.
    • A box will pop up after it has made a new point, usually after a few seconds. Close that window and exit the program.

    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




  • Step 2: Scan for Spyware/Adware

    Malwarebytes Anti-Malware has been very effective at helping remove some of the more difficult infections.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:

    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process and if asked to restart the computer please do so immediately.

    A second opinion never hurt anyone, so now we download SuperAntiSpyware.
    1. Install it and double-click the icon on your desktop to run it.
    2. It will ask if you want to update the program definitions, click Yes.
    3. Under Configuration and Preferences, click the Preferences button.
    4. Click the Scanning Control tab.
    5. Under Scanner Options make sure the following are checked:
      • Close browsers before scanning
      • Scan for tracking cookies
      • Terminate memory threats before quarantining.
      • Please leave the others unchecked.
      • Click the Close button to leave the control center screen.
    6. On the main screen, under Scan for Harmful Software click Scan your computer.
    7. On the left check C:\Fixed Drive.
    8. On the right, under Complete Scan, choose Perform Complete Scan.
    9. Click Next to start the scan. Please be patient while it scans your computer.
    10. After the scan is complete a summary box will appear. Click OK.
    11. Make sure everything in the white box has a check next to it, then click Next.
    12. It will quarantine what it found and if it asks if you want to reboot, click Yes.
    13. To retrieve the removal information for me please do the following:
      • After reboot, double-click the SUPERAntispyware icon on your desktop.
      • Click Preferences. Click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • It will open in your default text editor (such as Notepad/Wordpad).
      • Please highlight everything in the notepad, then right-click and choose copy.
    14. Click close and close again to exit the program.
    15. Save the log information. If needed (still infected) paste this info along with your HijackThis log.




  • Step 3: Windows Update
    Keeping your system up to date is a very important aspect of keeping your computer safe.

    If you haven't been running Windows Updates already, switch them on now.

    In XP, click into the Control Panel and click into Automatic Updates. Set it to install updates automatically at a time that is right for you.

    In Vista, click into the Control Panel and find Windows Updates. Click on Change Settings on the right hand side and set it to install updates automatically at a time that is right for you.

    The computer will need to be on for Windows to check for updates, it will not wake to do it itself. This means you need to specify a time that you are reasonably sure the computer will be on at.

    For more immediate patching, open Internet Explorer and go to http://windowsupdate.microsoft.com. Follow the instructions on screen and run it as many times as it takes to tell you there are no more required updates available for your computer.

    You can get a quick guide to what updates are available for your computer each month in our Microsoft System Updates thread.


    Step 4: Reboot and Test
    The scans we are after running should have removed a lot of what could potentially be on your system. The only real way to know if any difference has been made is to restart the computer, try to recreate the problem and see if its reoccurs. If it doesn't, you can stop here. If it does, proceed to the next step.




  • Step 5: Post Logs
    Automated tools are great, but they can't catch everything. Sometimes, a malware will use randomly generated folder and file names to hide themselves, other times a malware might simply be too new. Sometimes, a good old fashioned fresh pair of eyes is the best way to detect an infection. Thats where logs can help.

    Please download DDS and save it to your desktop.
    • Disable any script blocking protection
    • Double click dds.pif to run the tool.
    • When done, two DDS.txts will open.
    • Save both reports to your desktop.

    Please include the contents of the following in your query:

    DDS.txt
    Attach.txt.

    Credit: don77 at geekstogo.com for the inspiration and much of the instructional text.


This discussion has been closed.
Advertisement