harryp said:
577
"Hi-jack This" won't stay open either.
You need to go to another machine that is unconnected to the sick
computer. That machine needs an Internet connection and a cd burner.
Download TrendMicro's Sysclean, burn to cd-r, and take it to the sick
machine. You need to copy the Sysclean folder from the cd-r to the hard
drive of the machine needing the scanning. While you are at the clean,
unconnected machine, download updated virus definitions for the
full-featured av you own and also the other malware removal tools you
will need for full cleanup (see below). Burn to the same cd-r on which
you saved Sysclean.
TrendMicro's Sysclean is an extensive antivirus tool which has the
advantage of not needing to be installed. It requires two parts - the
scanning engine and the virus pattern files.
1. Create a new folder on your Desktop or the C: drive named something
useful like "Sysclean".
2. Go here and download the two parts of the program to that folder:
http://www.trendmicro.com/download/dcs.asp - Sysclean
http://www.trendmicro.com/download/pattern.asp - virus pattern files
The pattern files will be zipped - extract them with your unzipper (like
WinZip) or if you have XP, you can just open the folder. You need to
put the extracted files in the Sysclean folder you made.
3. Restart your computer in Safe Mode. Get into Safe Mode by repeatedly
tapping the F8 key as the computer is starting up to get to the proper
menu.*
4. Go to the Sysclean folder you made and double-click on sysclean.com.
Start the scan. After the scan is finished, look at the log. You may
need to make a note of where any viruses were found if they were not
able to be removed so you can manually delete them.
*Many times people say they can't get into Safe Mode with F8 because
they are not hitting the very brief window of time when you need to do
this. Try:
1. As the computer is starting up, repeatedly tap the F8 key to get to
Safe Mode.
2. If F8 doesn't work, try F5.
After you have scanned with Sysclean, you should be able to run or
uninstall/reinstall your full-featured antivirus program. Use the
updated definitions you got for it that are on the cd-r. Do not connect
the infected machine to the Internet or any lan yet. Do a full scan in
Safe Mode with your av.
After you've removed the viruses, continue your cleaning by using other
malware removal tools (Number item not shown is to scan with av in Safe
Mode):
2) remove spyware with Spybot Search & Destroy
(
www.safer-networking.org) and Ad-aware (
www.lavasoftusa.com). These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from
http://www.intermute.com/spysubtract/cwshredder_download.html. I would
not install the other Intermute programs, however. Alternately, there
are CoolWebSearch malware removal steps at
http://www.silentrunners.org/sr_cwsremoval.html. A combination of
HijackThis and About:Buster (
http://www.majorgeeks.com) works well in
removing homepage hijackers. Always read the instructions before
running a spyware removal tool. Be sure to update these programs before
running, and it is a good idea to do virus/spyware scans in Safe Mode.
Make sure you are able to see all hidden files and extensions (View tab
in Folder Options);
3) If you are running Windows ME or XP, you should disable/enable System
Restore because malware will be in the Restore Points. With ME, you
must disable System Restore completely. With XP, you can delete all but
the most recent (presumably clean) System Restore point from the More
Options section of Disk Cleanup (Run>cleanmgr).
4) make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update;
5) run a firewall.
Malke
