Removing Viruses and Spyware
You will need an Internet connection with a network cable, wireless will not work. If you use a wireless router, you will need to temporarily attach a network cable between the router and the computer. It is also possible to do this with dial-up connection but it will take quite longer.
Can you still access the Internet? If yes – continue to the next step. If not – you will need to fix it first.
To be able to do that, you will need to download several programs on another computer and burn them to a CD or use a flash drive to copy them to your computer. You will need:
- Trend Micro’s SysClean.com and the latest virus pattern file http://www.trendmicro.com/download/viruspattern.asp.
- Ad-Aware SE Personal and the latest definitions file (defs.zip) http://www.lavasoftusa.com/
- Firefox or Opera or get both if you want to try them.
- These instructions in plain text file (right-click -> Save As…). Follow those instructions to restore your Internet access, then return here to finish cleaning your computer from viruses and spyware.
Step one: Plug in the network cable and start the computer in “Safe Mode with Networking”.
To do that you will need to keep pressing the F8 key several seconds after you see the very first (logo) screen when starting the computer. If you have a BIOS password, start pressing the F8 key as soon as you enter it. If a “Select a boot device” screen appears, select the hard disk, press “Enter” and continue pressing F8. If the usual “Windows XP” screen appears, that means you’ve missed the moment. Wait for Windows to load, then restart it and try again. Eventually you will see the advanced startup screen of Windows (black screen with white text). Use the “Up” arrow key to go to “Safe Mode with Networking” and press “Enter”.
Log into your admin account (or your account if you have only one) and dismiss the warning that windows is running in safe mode by clicking “OK”.
Step two: Clean the Temporary Internet Files and Internet Explorer.
Go to Control Panel -> Internet Options, click “Delete Files…” on the “General” tab, then click “Settings…” just next to it, then “View Objects…” and delete all of them. Then click on “Connections” tab, then “Lan Settings…” and uncheck all three checkboxes there, then click “OK”. After that go to the “Programs” tab, click on “Manage Add-ons…” and disable all. Click “OK”, then “OK” again to close the “Internet Options” control panel.
Step three: Clean your temp folder.
Open “My Computer” and go to “Local Disk (C:) -> Documents and Settings -> [your account name]”, then on that window’s menu at the top go to “Tools -> Folder Options…” select the “View” tab and click “Show hidden files and folders” and uncheck “Hide extensions for known file types”. Then click “OK”. Now you should see a folder “Local Settings”. Open it, then right-click on the “Temp” folder and select “Delete”. Repeat this for the rest of your accounts if you have more that one. After that empty the trash.
Step four: Disable all startup items and non-windows services with msconfig.
Go to Windows’ Start button, then select “Run”, type “msconfig” and press “Enter”. This is Windows “System Configuration Utility”. Click on the last tab “Startup” then click on “Disable All”. After that click on the “Services” tab, then on the “Hide All Microsoft Services” checkbox, and then on “Disable All” again. Then Click “OK” and “Exit Without Restart” to return to the desktop. This will disable all startup items and non-windows services. You can enable the ones you need later, after cleaning all viruses and spyware.
Step five: There are quite a few free programs and tools that would help you clean viruses and spyware. My favourites (at the moment) are below. Download, install, update and run all programs in that order:
Trend Micro’s SysClean.com – download both sysclean.com and the latest virus pattern file. Then unzip them both in the same directory and double-click sysclean.com. It scans all files and may take some time to complete.
BitDefender’s on-demand scanner – look for the free v. 8.0
This is a more advanced tool that will let you look at some of the inner workings of Windows. After starting it select “Do a system scan only”. It is safe to check all checkboxes and select “Fix checked”, as the program makes backups and you can restore any needed settings later.
If HijackThis reports unknown “winsock providers”, use LSPFix to remove them. The default (Windows) ones are: Msafd.dll, Mswsock.dll, Mswsosp.dll, Rnr20.dll, Rsvpsp.dll and Winrnr.dll. If you have Novel Netware installed, you will have some of these: Nwws2nds.dll, Nwws2sap.dll and Nwws2slp.dll. If you see any other entries listed in LSPFix, remove them. Some antivirus programs have entries there too. You can remove these entries as you will have to either reinstall the antivirus or better switch to another, since your currently installed one has failed to protect your computer.
After you finish with HijackThis and LSPFix, restart your computer in normal mode. Uninstall your current antivirus and after restarting, either reinstall it back or switch to another one. You can also try one of the free antivirus programs. In the last two years I’ve been using AVG Free at home and never had any problems. If you are uninstalling Norton, you better run the Norton Removal Tool after restart.