A question about : Malware/Spyware Removal Guide
#### links confirmed working 15/06/2010 ########
The following is compiled with the help of Pchelpman, Toxteth_OGrady , Intel and Fran and is designed to be a new Sticky as a comprehensive guide to the steps required to remove the above from your PC. it will be split into three posts for ease of reading and printing.
The first 4 posts in this thread are our best solution to removing the infection from your PC
The rest of the thread is personal opinions on the rights and wrongs on those instructions. Do not post requests for help in this thread but start a new thread for your particular problem.
Please follow these instructions fully before posting for help on the Forum as 99% of the time this will clean your PC of the infection.
Please back up any important documents,emails and photographs before you start.
#### IMPORTANT :- if followed correctly these instructions should help you remove the infection in your PC, if followed incorrectly you may cause damage to your system . If you do not feel confident in following these instructions we would advise you to seek the advice of a professional to fix your PC. ######
for earlier versions of Windows 95/98/98se/Me Malwarebytes and Microsoft Defender will not work but all other software will and the steps remain the same
Best answers:
- Download the following software, in each case as it downloads click on the "Run" button on the File download box that opens to install the software.
Before you start make sure you are at least up to date with Windows XP Service Pack 1a by going here
https://www.microsoft.com/downloads/d...displaylang=en
1) Please download Malwarebytes Anti-Malware and save it to your desktop. (unlike the rest of the software this needs to be run now) - Make sure you are connected to the Internet.
- Double-click on mbam-setup.exe to install the application.
- When the installation begins, follow the prompts and do not make any changes to default settings.
- When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Then click Finish.
- MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
- On the Scanner tab:
- Make sure the "Perform Quick Scan" option is selected.
- Then click on the Scan button.
- If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
- The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
- When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
- Click OK to close the message box and continue with the removal process.
- Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
- Make sure that everything is checked, and click Remove Selected.
- When removal is completed, a log report will open in Notepad.
- The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the contents of that report in your next reply and exit MBAM.
- Malware Removal
Please back up any important documents,emails and photographs before you start. If the PC does not boot then please start a New thread about using a Linux boot CD to retrieve your data, as long as the hard disk is funtional you CAN get your data !
Important:- Before starting make sure you print these instructions as you will not be able to connect to the internet.
The best method to remove malware is to do it after booting in Safe Mode. Please note to complete ALL these scans may take some time so make sure you allow yourself plenty of time.
Boot to safe mode now.
For info on how to boot to safe mode click on the link below:
https://service1.symantec.com/SUPPORT...01052409420406
Shut down ALL unrequired applications including browsers
1) Run Ccleaner with the default options to clean out temporary files. Only use the Default Scan on the Windows Tab and select Run Cleaner
2) Run Spybot Search & Destroy and allow it to fix all that it finds
3) Run Ad-Aware SE and select Perform full system scan box and allow it to fix all that it finds
You will now need to get back into normal Windows mode by reversing the steps you took to get into safe mode
When Windows has booted up connect to the Internet and see if the problem is still happening, if so you may need to boot back into safe mode again and do a 2nd run of steps 2) to 6).
Should the problem persist despite all this then run all the free online scans at both these sites:
https://www.pandasecurity.com/uk/home...ns/activescan/
using the "Scan your PC now" button not the other button to buy the program
…and here…..
https://housecall.trendmicro.com.
When running the Panda Activescan make sure you click the Free Online Virus Scan in the upper right hand corner of the page under the Free use Activescan header. You do NOT want the default spyXposer scan.
You should run ALL the free scans offered by Housecall.
Make sure they both perform full system scans.
If either/both scans find something they cannot fix - perhaps because the infected files are "in use" - please make a note of the file(s) concerned and post the details in a new thread in the techie forum stating the name of the Malware and which version of Windows you are using.
If all is clear then please read the following and make sure that you have installed a Firewall and some AntiVirus software be reading the following thread
https://forums.moneysavingexpert.com/showthread.html?t=3356
and also it is important that you update your Version of Windows to the latest build as this will help stop a recurrence of the problem. You may need to go back and check for updates a 2nd time to make sure that you are fully up to date.
https://update.microsoft.com/microsof....aspx?ln=en-us
Please note that this will only work with a VALID Version of Windows XP or Vista - If problems still exist then download HijackThis
https://www.trendsecure.com/portal/en...hijackthis.php
Note: You should only use HijackThis if you have advanced computer knowledge or if you are under the direction of someone who does. Improper usage of this program can cause problems with how your computer operates.
To use HijackThis, download the file and extract it to a directory on your hard drive called c:\HijackThis. Then navigate to that directory and double-click on the hijackthis.exe file. When the program is started click on the Scan button and then the Save Log button to create a log of your information.
You can then either paste the contents of the saved file to here for online analysis (please be aware that there is NO personal data in the log files and it is safe to do so )
www.hijackthis.de/en
or post your log file in the Techie Forum for advice , please include the log from your Ewido scan as well
##### Please note, all the posts after this do not make up part of the Spyware/Malware removal guide.
They are all the opinions of the person making the post and are commenting on the rights and wrongs of the initial 4 posts ##### - "Some people recommend that System Restore be turned off and all Restore Points deleted before attempting spyware removal. DO NOT DO THIS. If something goes wrong (anything is possible) you will have no way to reverse your actions. You'll want to delete your old Restore Points, but the time to do that is later, not now."
https://www.microsoft.com/windows/IE/...ugbusting.mspx - Due to differences of opinion I have decided to re-open this thread and merge it with the thread discussing malware, in keeping with the other stickies on this board which have been left open for discussion and comment.
I know some people wanted this thread closed but I don't see how we can close it when other people have different opinions which should be available to everyone to make a choice about how to do their removal.
I hope no-one minds this and please keep the discussions friendly! It's a very interesting thread and thanks to the people who put their time into it for the benefit of others. - I'm with intel...
I've yet to "kill" or cripple a PC by removing Spyware with the restore points off...and I've done a few !!!
PcHelpman is the real expert on this as he helps out on a Spyware forum elsewhere and he was the one who came up with most of the wording of that part (among many others ) - Even my mates on Experts Exchange reccomend restore off everytime.
- i wouldnt switch it off everytime, i would only switch it off of the problem came back after removing it with it on.
Not all spyware etc will hide in the restore points so no need to turn it off every time IMO
also is all 6 of the programs really required?
i only use cc cleaner, spybot and adaware and i keep my pc clean. (but then again im carefull in what i do online) - we are talking about already infected Pc's here, not day to day cleaning.
System restore points need to be removed, for example I was removing a SpyAxe infection from a PC I had cleaned before about 8 weeks ago and had set clean restore points when I finished. Going back to the clean restore point did not remove the infection, I needed to delete them and go through the cleaning process to fix the problem.
Update to Windows Service pack 1a is vital as an initial step as it closes a lot of exploits, the last step to Service pack 2 is to ensure that all current exploits are closed and to help prevent future problems
ewido is far more effective at removing spyware + viruses in one hit but to pick up anything that is missed then you run the others , it may be overkill slightly in your view but for the sake of being thorough you can avoid having to repeat the whole thing again later.
Ccleaner deletes all the temp internet files where these things tend to install/lurk so it is prudent to remove all these first.
the 2 online scanners are there to make sure that the infection has gone if you are still having problems and are not part of the cleaning process - yes i am talking about all ready infected also, but as i say not all infections need so much work to remove them, alot of infections wont need system restore off.
if your pc is infected it dosent mean you have to instantly switch off system restore as not all infections will hide into there. i have removed infections on peoples computers without having to switch off system restore many of times and they have not come back.
if the problem dosent clear up then obviously switch off system restore and do it.
but as i say IMO just because you get infected i would instantly switch it off
(its 5pm on a saturday so i need to shower n shave before i hit the town so il leave this discussion for now, i do think its a great idea what you have compiled though and it will help a lot of people im not disputing that. well done its what helps to make this site great) - but the point I am making is that you do not know when the problem occured or what infections are there, you hit evrything up front and then kill evrything in 99% of cases
I've NEVER had a PC with restore off that has become inoperable after cleaning
you are just going to end up spending more time in the long run returning to the same problem (most of the current crop of Spyware are particularly nasty bits of work and Spybot/Ad aware/MS anti-spyware actually fail to detect at least one of them) so you are covering all bases on what is normally an unknown problem on a badly protected PC
the like of you and me are careful and deligent about what we do online , not everyone is and many have none of the basic online security systems in place - Seeing as my name's been mentioned I thought I'd explain my personal view.
I would NEVER advocate purging/deleting previous Retore Points ("RPs") automatically before carrying out a fix. Not unless it is clear that not doing so is causing a problem.
My views is (as others have mentioned) "An infected RP is better than no RP at all."
After a PC is clean and working again THEN I recommend cleaning out all old RPs and immediately creating a new one as something to fall back on if anything else goes wrong.
Now ... IF I can't fix a PC then the suggestion is that maybe there IS something hiding in the RPs. In that case I WOULD delete them all as they are clearly stopping the clean up.
Couple of anecdotal cases.
In some instances (admittedly only a few) I have asked users if they can invoke a RP only to be told "no" because all RPs had been deleted.
In one case the user messed up my HJT fix instructions. I would have liked to go back to the former infected state and start over but all RPs had gone. That one ended up in a reformat.
Intel ... I'm also a member of EE (and have been for a long time). I didn't know they advocated deleting all RPs before even attempting a fix. Can you point me in the right direction of where they say this on the website and I'll take it up with them. Thanks.
Well. There you have it. My view. Take it or leave it, I guess!! - Sorry to be technically ignorant but what does it mean to have restore points on or off what are they or where? :rolleyes:
- Hi rubytuesday
This should help you...
https://searchwin2000.techtarget.com/...827077,00.html - TOG
- I am now having lots of problems with my computer due to someone using it for purposes that have resulted in the end of our relationship! Anyway I now have loads of critical errors and spyware. Would it be best to purchase something to sort this out? If so what?
Thanks
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
if you find that the Intaller file will not run then "right click" on it and rename the file to minstall.exe or something and try again
if you find that malwarebytes will not run then navigate to
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
or wherever you installed the program and rename it to something like cleanmypc.exe and try again
thanks for the following information from Knarf44
I have always given the advice based on info found in the Malwarebytes forum, here.
That advice states quite clearly that a quick scan would pick up 99.9% of infections and that the Full scan option is there simply to provide reassurance.
Towards the end of the thread it also addresses the point that MBAM should always be run in normal mode rather than safe mode. The latter should only be an option when the program can not be run in normal mode.
2)Ad-Aware from Lavasoft from here
https://www.lavasoft.com/products/ad_aware_free.php
Install, click Check for Updates now and get any updates, then exit
3)Crap Cleaner from
https://www.ccleaner.com/ccdownload.asp
Install only making sure to untick the box for installing the Yahoo toolbar, then exit
4)Spybot Search and Destroy
https://www.safer-networking.org/
Install, do the search for updates now and get any updates, Make sure you leave the SDhelper ( IE bad download blocker) checked to install (this is the default).
if you find it impossible due to the infection to connect to any of the above and download , or the programs refuse to install/run then use another pc and download this tool to a USB drive or a CD
https://www.superantispyware.com/portablescanner.html
and follow the instructions
then attempt the above steps again. If you still have problems then start a new thread for advice and state that you cannot download/install etc
- 472 reads