Assuming Your Massively Infected

I created an entry on my Gochu-Jang blog about how to clean an infected computer. I post it here as my first helpful forway into my techie blog.

I created a tutorial for a fellow Hatracker on how to clean junk off of his/her computer. I am proud of it and want to post it here for my own reference. Before doing anything intensive or invasive on your computer, be sure to make a back up of critical and personal files.

Here goes my reply (edited for my blog) to his/her post about how s/he thought his/her computer was slow because of spyware--and not thinking it is a virus because s/he stated:

"I have Norton AV software..."

That is your first mistake. I don't know how many computers I have seen become MUCH faster once Norton is removed. I like F-Prot. It uses very few system resources and gets the job done. I would NOT use Norton or McAffee. You are better off using a free program. Here is a good link to see what anti-virus to use.

Here is my list of how to speed up your computer--if you suspect Adware. First off Download CCleaner, Spybot, Adaware, and Hijack This. ** if you end up using Hijack This, be sure to read this tutorial. It is a very powerful and dangerous (but effective) program. Also, if you don't have a good anti-virus program, get one, install it, and make sure it is updated. Be sure to get the WhenURemover and the VX2 Cleaner from the Adaware site.

You can/should also install and/or update any othe security tool that you are comfortable with, like Microsoft's Defender, commercial products, or specific removal tools (like the ones on the Hijack This download page) for particular nasties. A good rule of thumb is to only have ONE anti-virus program on your machine and as many spyware programs as you want installed (at least two).

I usually stick with Adaware, Spybot, CCleaner, F-Prot, Hijack This, and tools like Kazaabegone from the Hijack This page. The programs I stick with usually will clean everything or clean most everything and let me know what I need to manually remove with HijackThis.

I rarely use a commercial product or Defender, and if I do use something like webroot, I still couple it with adaware and spybot. I don't like Microsoft Defender but many people love it. If a computer is REALLY messed up, I will use Defender and/or Bazooka and/or a commercial product. They seem to work good against Trojans.

Install AND update all of your removal programs. Hijack This does not need to be updated as it has no reference files. Both Spybot and Adaware have definition files/includes you can manually download if the update is prevented because of malware.

1: Boot into safe mode (usually F8 during start up).

2: Make sure you can view hidden folders (My Computer - Folder Options - View - Show Hidden Files (these are the steps for my 2000pro. XP may be slightly different; I can't remember).

2.** A critical step belongs here for Windows XP users. Turn off "System Restore" at this stage. System Restore stores save points (including any malware or virus) you can roll back to if you have a major software conflict. When you turn it off, it deletes all of the old save points. You turn it off by alt-clicking My Computer and choosing the "System Restore" tab. Just check the box for turning off System Restore.

3: Go to Add/Remove programs and uninstall any programs you don't recognize and are sure should NOT be there. Usually anything with "Bug," "Tool," "Bar," "Shopping," "Save," "Search," or "Weather" is a bad sign.

4: Go into your program folder and delete any program folders that are bad or that you have uninstalled...like "MYwebSearch" et cetera. Some programs install directly into your C: and not C:--Program Files, so also check your C:.

5: Run CCleaner. CCleaner checks for all of your temp folders and cleans them out. It also scrubs your Internet history, cache, index, blah blah blah. It takes out ALOT of blah. If you are not cleaning house, you can easily have 600MB+ of junk that is fragging your drive or taking up space. I once saw CCleaner clear 1.6G of junk!! A lot of malware tends to reside in temp folders. ~Just be sure you don't install the optional yahoo toolbar. Gah...I hate all tool bars!!!!!!

6: Run Spybot, Adaware, any other spyware remover program or tool you use, and your Antivirus. It is important to run CCleaner first---otherwise it will take forever to check each file because it has to go through your temp folders. That is why I put CCleaner in it’s own step. If you are prompted to reboot, go ahead and reboot back into safemode and continue where you left off.

7: Open CCleaner again. Instead of clicking "Run Cleaner," go to "Issues" and scan for issues. This searches your registry for keys that don't belong there. Most programs leave registry keys after they are uninstalled. Spyware/Malware/Viruses et cetera also have a habit of leaving keys in your registry. Altho I have never seen CCleaner take out a Critical Key, it is good form to save a backup when prompted. As with most registry cleaners, you should run it a couple times until it doesn't detect any old/useless keys.

8: If you know a little bit about ‘Hijack This,’ now is the time to run it. It will scan for all your start up programs and hidden programs. Most of the entries are necessary--if you fix something your computer needs...well....ya better make sure it is backed up and you have all the tools to reformat and reinstall everything. BE VERY CAREFUL!!! Or just don't use it. But you can check for problems and fix stuff that is hidden from startup, msconfig, add/remove programs, et cetera. *If you use Hijack This, you may want to use CCleaner to re-check your registry after you are done.

9: Go to Start-Run and type in "msconfig". If you are using 2000, then you need to download it from here (the link also has instructions where to save it). In msconfig, go to the startup tab. These are all the programs running in the background when you start windows. You can actually uncheck them all and windows will automatically restart the critical ones.

Programs like adobe, word, and anything media like to run in the background. They take up resources and bog your system. Some adaware hides in here. I keep stuff like my antivirus program and Firewall on, but any other program I turn off.

10: Now that you are clean, it is a good time to defrag your drive. I like the free O&O Defrag. It works with XP.

11: Restart your machine. When you first log on it will warn you that you changed system information…or something like that. Just click the box that says, “Don't show this message again” and click ok. The warning comes up anytime you turn anything off with msconfig.

Be sure to turn back on System Restore if you have Windows XP.

You are done and your computer should run smooth.

It is important to clean your computer in Safe Mode because most programs won't delete a file in use. Since Malware is probably running in the background, your programs will either ignore it or not be able to remove it.

It is also important to view hidden folders so that programs like CCleaner can see what needs to be cleaned.

If you have something particularly bad that keeps comming back or won't be deleted, there could be a tool designed specifically to remove it. There are tools like Kazaabegone, whenuremover, cwshredder, and Kill2me. You may need to hunt for specific directions or tools on the internet.

I hope this helps someone.

NOTE: I have not had a virus or spyware problem since I learned to not use IE, to only surf on a limited account (both my administrator and my limited accounts are password protected), and to clean my temp folders regularly.