Viruses

Due to popular demand, I’ve created a spiffy little document I like to call…

Viruses and Spyware For Dummies

(or, Laura’s super-mega-long tutorial on how to make your Windows XP or Vista computer happy, healthy, and wise)

Updated 3/16/2009

The Small Print Comes First

Disclaimer 1:  If in the process of this tutorial, your computer is rendered inoperable or otherwise damaged, whether through hardware failure, software incompatibility, or general foolishness, I will under no circumstances be held responsible.  Always have a complete backup of your files on another computer, external hard drive, CDs, or some other form of media.  Be aware that the symptoms of malware infection can be very similar to the symptoms of hard drive failure (slowness, programs crashing, error messages and blue screens of death).  Performing the following steps on a failing hard drive will almost certainly hurry its demise, removing what chance you had for backing up your data.

Disclaimer 2: I know there are several other excellent tools for malware removal.  However, explaining their use would take much more time than I’m willing to dedicate to this.  This tutorial is intended to be a simple, step-by-step walkthrough that requires no individual feedback or special attention, eliminating tools such as HijackThis and BartPE (both of which I use regularly in my own work).  It may not remove everything, but will leave the computer in much better shape than when it started.  For personalized computer help, you’ll have to look elsewhere.

Disclaimer 3: This tutorial assumes that you have a direct connection to the internet with no special network configuration (such as proxy settings).  If you go to a university with a proxy server, contact your friendly tech support people and ask them nicely for help in configuring.  They respond very well when bribed with homemade cookies.

Disclaimer 4: This tutorial is for personal use only.  If you are using a computer that belongs to your place of employment, do NOT follow these instructions.  Call your IT Help Desk and ask them for help today, rather than risk making them cry when you call them a week from now and say, “I had a virus and I tried to fix it and now my computer won’t turn on at all!”

Step 1: Check for existing antivirus

VERY IMPORTANT: Do you currently have any kind of antivirus installed on your computer?  Check your Start Menu for any programs on this list: http://en.wikipedia.org/wiki/List_of_antivirus_software.  If you do not have any of those programs installed, skip ahead to step 2.  If you do have any of those programs installed, it is essential that you do one of two things before proceeding to the next step:

1.    You can completely uninstall it if you don’t want to use it anymore, for example if you have an expired subscription to Norton and you don’t want to pay money for protection you can get for free.  To uninstall, go to the Start Menu, Control Panel, Add or Remove Programs.  Select the program you wish to uninstall and click Remove.  Reboot your computer when finished…
2.    …or you can skip any steps that mention Avast Antivirus in the following tutorial, instead running your own antivirus in its place during each step.  Otherwise, you may seriously damage your computer’s operating system, as running two anti-virus programs at a time can cause conflicts.  Avast is an excellent free antivirus program.  If you have any other preferences, paid or free, that’s fine.  Just make sure it’s up to date, running properly, and if it’s a paid product, make sure you have a current subscription.

Step 2: Download and install Anti-Malware Toolkit from http://www.lunarsoft.net/downloads

This will allow you to easily download the latest versions of all the programs we’re going to use without having to visit all the sites manually.  If your internet connection is not working for any reason, you may need to download it on another computer, follow steps 2 and 3, then use a USB drive to move the downloaded files to the computer in need of repair.

Step 3: Download necessary anti-malware tools

On the Main tab of Anti-Malware Toolkit, check the following boxes to download the latest version of each program:

Applications:

  • CCleaner
  • SUPERAntiSpyware
  • Malwarebytes Anti-Malware
  • Spybot S&D

Recommended:

  • Firefox
  • Avast

Also download the Malicious Software Removal Tool from Microsoft to the same folder: http://www.microsoft.com/security/malwareremove/default.mspx

Step 4: Install and update necessary anti-malware tools

After all files are downloaded, open the folder you downloaded everything to (probably your Desktop in a Download folder).  Install all programs (except the Malicious Software Removal Tool), accepting default options except listed as follows:

Avast Antivirus (file name: setupeng.exe)

  1. When asked if you “wish to schedule a boot-time antivirus scan”, click Yes.
  2. Select “Restart later” and click Finish.
  3. Open Avast (shortcut on the desktop).  When it prompts you for a license key, click on “Program registration”.
  4. This will open a webpage where you can obtain a free registration key.  Click on “I’m a new user and I need a registration key for avast! Home Edition” and fill out the registration form.  It will email a registration key to your email account – copy and paste the alphanumeric license key from the email into the Avast Registration window and click OK.
  5. When the program opens, you’ll want to update it (the icon looks like a lightning bolt).
  6. When the update is finished, click Close, then click No when asked if you want to restart.  Close Avast.

CCleaner (file name ccsetup***_slim.exe)

Firefox (file name Firefox Setup ***.exe)

Malwarebytes Anti-Malware (file name mbam-setup.exe)

  1. When install finishes, an updater will launch.  Wait for it to finish then exit the program.

Spybot S&D (file name spybotsd***.exe)

  1. Under “Select Components”, change the dropdown box to Compact installation.
  2. When install finishes, an updater will launch.  Wait for it to finish then exit the program.

SuperAntispyware (file name superantispyware.exe)

  1. Tell it to check for latest updates.
  2. Uncheck “Automatically check for program and definition updates”
  3. When program opens, click Preferences, and uncheck “Start SUPERAntiSpyware when Windows starts” (free version does not offer realtime protection).

Step 5: Reboot the computer in Safe Mode

Turn off your computer.  Turn it back on, and immediately start pressing the F8 key on your keyboard approximately once a second until a black & white “Windows Advanced Options Menu” appears.  Use your arrow keys to select “Safe Mode” and press Enter.  If prompted to choose operating system, press Enter again.

(Note: if a menu appears asking you to select a boot device, instead of the Windows options menu, select Hard Drive, press Enter, and immediately start pressing F8 again until the Windows options menu appears).

Avast will now scan all the files on your computer for viruses.  This scan may take anywhere between half an hour and several hours.  Go get lunch, a massage…anything to kill the time.  Come back when it’s done and proceed with Step 6.

Step 6: Log into the computer

Even if your computer normally logs in automatically, it may now ask you to select your user account and type your password.  Do so if prompted, and click Yes when the popup appears saying “Windows is running in safe mode”.  Your desktop will shortly appear, though it may look much bigger and disorganized than usual.  Don’t reorganize it – when we exit Safe Mode later it’ll look normal again.

Step 7: Run CCleaner

CCleaner will clean up unnecessary temporary files on your computer (this makes scans run faster!), as well as help fix some basic registry inconsistencies:

  1. Open CCleaner from your Start Menu -> All Programs.
  2. Click Run Cleaner.
  3. When that finishes, click Registry -> Scan for Issues.
  4. When registry scan reaches 100%, click Fix Selected Issues.  Click No when asked if you wish to back up the changes you’re making.  Click Fix All Selected Issues, OK, then Close to complete.

Step 8: Run anti-malware programs

Now the fun part starts.  We’re going to run a bunch of anti-malware programs at once, which shouldn’t present any problems for your computer unless it’s old.  Really old.  Like, made-before-Y2K old.  Otherwise, it should be able to cope with everything running at once, albeit slowly.

Note: If any of the application windows end up full-screen and cover up the Start Menu (I know SuperAntiSpyware has a tendency to do this), use the minimize button or Alt-Tab to switch to different programs.

Launch the Malicious Software Removal Tool that you downloaded (probably to your Desktop in a Downloads folder, file name windows-kb890830-v*.exe). Tell it to begin a full scan.

Launch the following programs from the Start Menu -> All Programs and start scans as directed:

Malwarebytes’ Anti-Malware

  1. Under Scanner, select “Perform full scan” and press Enter.  Select the C drive (and any other local drives/partitions, if necessary), and click Start Scan

Spybot Search & Destroy

  1. Click Immunize, then in right pane click the Immunize button.
  2. Click Search & Destroy (don’t need to wait for Immunize to finish), then click Check for Problems

SuperAntispyware Free Edition

  1. When it first opens, it may only show up as a little yellow bug icon in your system tray (by the clock).  Double-click on the bug to make it open full-screen.
  2. Click Scan your Computer.  Select Perform Complete Scan and click Next.
  3. Note that the scan is currently running (see top for Scanning Progress), but the Next button is still available.  Do not click Next again until it no longer indicates that it’s running a scan.

Step 9: Remove detected malware

Now that you have all the scans running, go make yourself a cup of coffee.  Or several.  This process may take between half an hour and several hours depending on how many files you have, how fast your computer is, and how much spyware you have on your computer.

When the scans finish running, follow the instructions on each program to fix and remove all detected malware.  If any of the programs complain that they can’t remove all the malware, don’t panic yet – we’re going to run the scans again in a moment.

Step 10: Reboot in Safe Mode and run all the scans again!

After you’re finished removing everything as directed by the programs, follow steps 5-8 all over again, first rebooting your computer in safe mode then running scans.

Once you get the other scans started, it’s time to open Avast and start it scanning too:

  1. Close the “Simple user interface” window that appears when you open Avast
  2. Click on the Local Disks icon (looks like a hard drive)
  3. A little drawer will pop out.  Drag the slider all the way to the right so it says Thorough Scan.  Also, check the box that says Scan Archive Files.
  4. Now click on the Start button (looks like Play).

This step will take about as long as it did the first time, so don’t hold your breath.  As each program’s scan finishes, remove anything detected. At this point, one of three things will happen:

  • Some scans detect more files, but report successfully removing them.  In that case, go to step 11.
  • All scans come up clean.  In that case, skip to Step 12.
  • Some of the scans still can’t remove files.  In that case, you’ll need to obtain assistance from your favorite geek – your virus infection is beyond the help of this tutorial.

Step 11: Reboot in Normal Mode and run all the scans yet again!

Reboot your computer one more time, this time allowing it to boot normally instead of entering Safe Mode.  You’ve got one last shot at getting a clean scan before we declare your computer in need of more assistance that this tutorial can provide…  Open and run all the anti-malware programs again as detailed in Step 8.  If any of them detect more files, you’re out of luck – go cry for a little and then bribe your favorite geek with cookies to fix it.  But if the scans come up clean this time, HURRAH!  Proceed to step 12.

Step 12: Run Check Disk (CHKDSK)

This step will do a quick check of your operating system and attempt to repair any damage it encounters.

  1. While in normal Windows mode, open My Computer.
  2. Right-click on your “Local Disk (C:)” drive and click on Properties.
  3. Go to the Tools tab, and under “Error-checking” click “Check now”.
  4. Make sure the first box, “Automatically fix file system errors”, is checked and click Start.
  5. It’ll complain that Windows can’t check the disk while in use – click “Yes” or “Schedule Disk Check” then reboot your computer.  This will take around half an hour to run…

Step 13: Help protect against future infection

First order of business now that you’re all cleaned up is to use Spybot to immunize you against malicious webpages and popups in the future.

  1. Open Spybot.
  2. Click on Immunize in the left pane.
  3. Now, click on the Immunize button in the right pane.  This will take a couple minutes.  You can close Spybot when it finishes.

Next, we’re going to run Windows Update to install all the latest patches for security and stability.

  1. Open Internet Explorer.
  2. Click on Tools, Windows Update.
  3. Install anything it asks you to, run anything it asks you to, download and install anything it asks you to.
  4. When it finishes (this could take minutes or ages, depending on when you last ran updates), reboot your computer and run Windows Update again just to make sure you got everything.

Finally, we’re going to defragment your hard drive.  This is basically the computer equivalent of rearranging a bunch of disorganized pieces of paper into a file cabinet by topic – it makes it significantly easier to find pieces of paper next time you need it!

  1. Open My Computer.
  2. Right-click on your “Local Disk (C:)” drive and click on Properties.
  3. Go to the Tools tab, and under “Defragmentation” click “Defragment now”.
  4. Click Defragment.  This will take anywhere between half an hour and several hours to run.  Don’t use your computer while it’s defragmenting.

Step 14: Pat yourself on the back!

All done!  Congratulations, I’m proud of you! Now that you’ve deleted all the viruses and spyware, I expect your computer’s running a bit better.  How do you keep this from happening again?  Don’t open emails or download files if you don’t know who they’re from.  Update and run the anti-malware scans every few weeks – don’t need to do it obsessively, but at minimum I’d recommend at least once a month.  And run Windows Update at least once a month too.

FAQ:

Q: “My computer won’t boot at all!  Or, my internet doesn’t work – I think a virus broke it!  How do I follow these instructions?”

A: Try booting into Safe Mode (instructions in Step 5).  If it boots there, then follow the instructions as best you can.  A few of the applications may not install in Safe Mode, so just leave those off the list and do the rest.  If your computer can’t even boot into Safe Mode, or if your internet still doesn’t work, then this is not the tutorial for you.  Try asking your geeky significant other for help.  Or your cousin.  Or your next-door-neighbor’s son.  Or your friendly tech support people that love to be bribed with homemade cookies.

Q: “I’ve followed all these steps, but I can’t remove everything, or malware is repopulating every time I reboot my computer.  What do I do?”

A: You have three options that I’d recommend, depending on your level of computer comfort.  One, you can reinstall Windows completely (make sure your data is backed up!).  Two, you can use the Windows Ultimate Boot CD (http://www.ubcd4win.com) and a Windows XP CD to create a bootable malware-removing CD, but I will not be providing instructions on how to do so here.  Three, you can find your favorite tech support person and bribe them with lots of cookies – this option provides your best chance of success…



Site Meter

Leave a Comment

Required

Required, hidden

Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Trackback this post  |  Subscribe to the comments via RSS Feed