Virus and Spyware Removal Guide – 12-Step Process For Computer System Recovery
Disclaimer: the information herein is provided as-is with no warranty, no guarantee, and no technical support: use it at your own risk!
- FIRST STEP: Back it up!
Before doing anything, note that removing certain viruses and spyware may involve taking certain actions that could be catastrophic to your system and/or your data. Therefore, it is always best to back it up first. Then no matter what you do in an attempt to fix the problems the computer has, and how bad you mess it up in the process, you can always restore it back to how it was before you started working on it. The best way to back it up is with a disk imaging program such as Norton Ghost. Temporarily add another hard drive to the system and copy the existing drive to the one you just added using the disk imaging software.
- SECOND STEP: Prevent automatic reinfection!
DISABLE SYSTEM RESTORE so no infections can creep back up out of there. Also, make certain that your computer is NOT connected to the internet and leave it that way until everything has been cleaned out. This will prevent your computer from downloading and installing new infections while you are trying to clean out the ones that are on there already. Also, we ARE going to need to be able to download files from the internet, so you will need a second computer which is connected to the internet and does not have any viruses or spyware on it. The second computer should also have a CD-RW drive (or CD burner) and you’ll need to have blank CDs handy in order to transfer downloaded files from the clean computer to the infected computer.
- THIRD STEP: Get the tools!
From the clean computer, download all the installation files and definition updates for them and make a CD with them all on there and ready for installation on the infected computer. The following programs are either free to use or free for home users, and they are known to be good programs to use. Other antivirus programs you would need to pay for such as CA Antivirus or Norton Antivirus are also good (Note: only use the anitivirus products, not the internet security bundles), and the paid version of Spy Sweeper is also good for spyware removal. Some are also shareware and require you to buy the program if you want to keep it on your computer.AVG Anti-Virus Free Edition (Free version for home users only)
AVG Anti-Spyware Free Edition (Free version for home users only)
AVG Anti-Rootkit Free Edition (Free version for home users only)
Windows Defender (Windows XP or Vista only)
Spybot Search and Destroy
Lavasoft Ad-Aware SE Personal (Free version for home users only)
Spyware Terminator
CCleaner
Windows 2000 Service Pack 4
Windows XP Service Pack 2
Windows Vista Service Pack 1
- FOURTH STEP: Install and update the tools!
Put that CD full of tools and updates in the infected computer, while it is running in normal mode, and install all of the programs. Then apply all of the updates which are also on that CD to each program.
- FIFTH STEP: Run the tools in safe mode!
Boot the computer into safe mode and run each of the scans, which can be done one at a time or all simultaneously. To help the other scans run faster, we recommend running CCleaner first to clean out all of your temporary files, leaving behind fewer files for the other scans to scan through.
- SIXTH STEP: Clean it out!
When each scan completes, go through the procedure to fix anything it identifies as an ‘infected object’, ‘critical object’, or ‘problem’. After the cleaning has completed, close that program and wait for the others to finish their scans. Note that it is not necessary to remove what is known as MRU Lists.
- SEVENTH STEP: Do it again and again!
After running all the scans the first time, then reboot the computer back into safe mode, and run them all again. Repeat this process over and over until all the scans either report that they find no critical objects or infections anymore, or they continue to find the same infections over and over. For each infection that won’t seem to go away, make a note of the name of the infection and the locations of the infected files and registry items.
- EIGHTH STEP: Manually remove the remaining infections!
From the clean computer, do some online research, such as a google search, for each of the remaining infections. Find and download specialized removal tools and instructions for those infections, but be sure they are good and from a trusted source, and be careful running them because they can harm your system if not run properly! Some of the commonly needed removal tools are: HiJackThis, SmitRem (removes Spy Axe and Smitfraud), CWShredder, AboutBuster, LSPFix, WinSockFix, Unlocker NOW also note that some of the remaining infected files may need to be manually removed by booting the computer on a boot floppy, boot CD, or in recovery mode. Some of the remaining registry entries may need to be manually removed using the registry editor.
- NINTH STEP: Run the final safe mode scans!
Just for thoroughness, reboot into safe mode again and run each of the scans one last time to make sure they all report that there are no remaining infections. Clean out any remaining infections per the above steps and make sure the scans are clean before continuing.
- TENTH STEP: Back to normal mode!
Now boot the computer back into normal mode and run each of the scans again, making sure they do not find any new infections which may have appeared simply because you booted into normal mode. If the previous steps were done thoroughly, there should be no new infections. But to be on the safe side, we run them again, just to be sure the system is clean.
- ELEVENTH STEP: Service packs then online!
Now that the system is clean, install any service packs which were previously downloaded and reboot. Then we can go back on the internet. Plug it in and verify that the internet works by loading yahoo.com or google.com.
- TWELFTH STEP: Windows updates, program updates, be diligent!
Download and install all critical updates and service packs from Windows Update over and over again, until there are no more left to get. Then download all the updates for each of the antivirus and antispyware programs on your computer. Once the computer is all cleaned out and updated, re-enable system restore. From now on, always make sure your computer remains updated, and be careful what you browse, download, and install in order to prevent getting infected again. Take a proactive stance: periodically, maybe once a week, run the updates and scans manually. To finish it off and get your computer running well, also perform a tune-up. For more information, please read our Windows XP® Tune-up Guide. Also, once all viruses and spyware have been cleaned out, remove all antispyware programs except for Windows Defender, and remove all antivirus programs except your favorite one (for home users we recommend keeping AVG Anti-Virus Free Edition).
- APPENDIX A: Computer does not boot!
If at any point in this process the computer does not boot anymore, then make sure you have backed up the entire system according to the first step. After the backup is completed, then boot the computer using your windows installation CD to run CHKDSK in recovery mode to repair the file system and/or run a windows repair (also known as an overlay). This should allow the system to boot again as long as the hardware is all okay. If the backup and/or repair cannot be completed then some basic hardware diagnostics are in order such as memtest and drive fitness test. Also note that after you run a windows repair operation, one or more device drivers may also need to be reloaded such as for your display adapter, network adapter, USB ports, etc.
- APPENDIX B: Alternate cleaning out method!
Install and update the cleaning tools on a known clean system. Remove the infected (or boot) hard drive from the infected computer and add it onto the clean computer as a secondary hard drive. Run all the scans on the infected hard drive while it is on the clean computer, removing all the infected files. Note however that this does not clean the registry on the infected hard drive. Therefore, return the infected hard drive back to the infected computer and run all the scans from there also to clean out the system registry.
That’s it! You’re Done! Follow those steps whenever your PC becomes infected with a virus or spyware, and it will help your computer run better and more error free, in addition to remaining secure from a wide variety of threats. Also, of course, remember that if you live or work near Milwaukee, Wisconsin you could always hire us to do your spyware and virus removal for you. We’d be happy to help out.
Windows® and Windows XP® are registered trademarks of Microsoft Corporation.
This is a guide to virus and spyware removal for your Windows® computer written by Tony Farrell, co-owner of aur Computer Service for the benefit of our Milwaukee area customers. It is provided as a guide only and does not include any support, warranty, or guarantee of results. Use the information contained within at your own risk. You are not allowed to reproduce this guide in any form without permission, however, you may place a link on your web site which leads to it.
comments
Leave a Reply
You must be logged in to post a comment. Click facebook button to login with facebook account.
Computers For Sale- Milwaukee – $225 – IBM ThinkCentre SFF P4 3.2 Hyperthreading 1024MB DVDRW 250GB XP Pro
- Milwaukee – $160 – Dell Dimension 3000 Celeron 2.53Ghz 512MB CDRW 80GB XP Home
- Milwaukee – $150 – Dell Dimension 3000 P4 2.8Ghz 512MB CDROM 80GB XP Home
- Milwaukee – $225 – Dell Optiplex GX240 Intel P4 1.7Ghz 512MB 250GB CDRW XP Pro
- Milwaukee – $275 – IBM ThinkCentre SFF with 17″ LCD – P4 3.2Ghz with Hyperthreading 1024MB 40GB CDROM XP Pro