Removing Viruses and Spyware

You will need an Internet connection with a network cable, wireless will not work. If you use a wireless router, you will need to temporarily attach a network cable between the router and the computer. It is also possible to do this with dial-up connection but it will take quite longer.

Can you still access the Internet? If yes – continue to the next step. If not – you will need to fix it first.
To be able to do that, you will need to download several programs on another computer and burn them to a CD or use a flash drive to copy them to your computer. You will need:

Step one: Plug in the network cable and start the computer in “Safe Mode with Networking”.

To do that you will need to keep pressing the F8 key several seconds after you see the very first (logo) screen when starting the computer. If you have a BIOS password, start pressing the F8 key as soon as you enter it. If a “Select a boot device” screen appears, select the hard disk, press “Enter” and continue pressing F8. If the usual “Windows XP” screen appears, that means you’ve missed the moment. Wait for Windows to load, then restart it and try again. Eventually you will see the advanced startup screen of Windows (black screen with white text). Use the “Up” arrow key to go to “Safe Mode with Networking” and press “Enter”.

Log into your admin account (or your account if you have only one) and dismiss the warning that windows is running in safe mode by clicking “OK”.

Step two: Clean the Temporary Internet Files and Internet Explorer.

Go to Control Panel -> Internet Options, click “Delete Files…” on the “General” tab, then click “Settings…” just next to it, then “View Objects…” and delete all of them. Then click on “Connections” tab, then “Lan Settings…” and uncheck all three checkboxes there, then click “OK”. After that go to the “Programs” tab, click on “Manage Add-ons…” and disable all. Click “OK”, then “OK” again to close the “Internet Options” control panel.

Step three: Clean your temp folder.

Open “My Computer” and go to “Local Disk (C:) -> Documents and Settings -> [your account name]“, then on that window’s menu at the top go to “Tools -> Folder Options…” select the “View” tab and click “Show hidden files and folders” and uncheck “Hide extensions for known file types”. Then click “OK”. Now you should see a folder “Local Settings”. Open it, then right-click on the “Temp” folder and select “Delete”. Repeat this for the rest of your accounts if you have more that one. After that empty the trash.

Step four: Disable all startup items and non-windows services with msconfig.

Go to Windows’ Start button, then select “Run”, type “msconfig” and press “Enter”. This is Windows “System Configuration Utility”. Click on the last tab “Startup” then click on “Disable All”. After that click on the “Services” tab, then on the “Hide All Microsoft Services” checkbox, and then on “Disable All” again. Then Click “OK” and “Exit Without Restart” to return to the desktop. This will disable all startup items and non-windows services. You can enable the ones you need later, after cleaning all viruses and spyware.

Step five: There are quite a few free programs and tools that would help you clean viruses and spyware. My favourites (at the moment) are below. Download, install, update and run all programs in that order:

Trend Micro’s SysClean.com – download both sysclean.com and the latest virus pattern file. Then unzip them both in the same directory and double-click sysclean.com. It scans all files and may take some time to complete.

BitDefender’s on-demand scanner – look for the free v. 8.0

a-squared free

AVG Anti-Spyware

Spybot – Search & Destroy

HijackThis

This is a more advanced tool that will let you look at some of the inner workings of Windows. After starting it select “Do a system scan only”. It is safe to check all checkboxes and select “Fix checked”, as the program makes backups and you can restore any needed settings later.

LSPFix.exe

If HijackThis reports unknown “winsock providers”, use LSPFix to remove them. The default (Windows) ones are: Msafd.dll, Mswsock.dll, Mswsosp.dll, Rnr20.dll, Rsvpsp.dll and Winrnr.dll. If you have Novel Netware installed, you will have some of these: Nwws2nds.dll, Nwws2sap.dll and Nwws2slp.dll. If you see any other entries listed in LSPFix, remove them. Some antivirus programs have entries there too. You can remove these entries as you will have to either reinstall the antivirus or better switch to another, since your currently installed one has failed to protect your computer.

After you finish with HijackThis and LSPFix, restart your computer in normal mode. Uninstall your current antivirus and after restarting, either reinstall it back or switch to another one. You can also try one of the free antivirus programs. In the last two years I’ve been using AVG Free at home and never had any problems. If you are uninstalling Norton, you better run the Norton Removal Tool after restart.

After that get Firefox or Opera or get both if you want to try them. Both of these web browsers are a lot safer than Internet Explorer as almost all web based exploits work only in Explorer.

26 Comments

  • #26 by Greg April 9, 2014 at: 3:10 am

    HELP – your solutions look great for someone who can still access Windows but I no longer can. I suspect my Lenovo T60 Notebook has a virus or such in the BIOS. One day it was working fine, next boot it started Windows OK, then suddenly a blue screen appeared with a warning that something was damaging the computer and Windows had to shut down. Next restart the BIOS screen appeared then nothing but scrambled pixels. Now on boot I don’t even get the BIOS screen or a bluescreen warning anymore! I have tried pressing the Blue ThinkVantage Key, the F1 key and every other key I can find but the BIOS screen no longer appears, I just get scrambled pixels and nothing seems to help. How do I kill the virus and recover the BIOS if I can’t get Windows to start up to run all these wonderful virus killers? Is there some way to load in a virus killer on bootup instead of having to get to Windows first?

  • #25 by Arbaz March 11, 2014 at: 1:23 pm

    after attack of white screen virus, some files in my computer are unable to launch especially pictures, please specify a way to recover these file?

  • #24 by Jaden Brehd January 8, 2014 at: 7:09 pm

    i never tried the sysclean of trendmicro. Malwarebytes and AVG does the job for me in terms of removing viruses and spywares. As for deleting temp internet files i use ccleaner. But this guide really is information-rich. Will try using the above programs for experimentation.

  • #23 by Brian Daed January 2, 2014 at: 4:46 pm

    Can anyone tell me why I have a sudden longing for my old sliderule and royal typewriter?

  • #22 by Laptop Hub December 3, 2013 at: 8:30 am

    i agree with two anti-viruses but it makes your laptop run slow. and the tips above are very informative. though i haven’t experienced having spyware or viruses i always make sure that i scan the my laptop before i sleep.

  • #21 by Moses Smith September 15, 2013 at: 11:04 pm

    Removing Viruses, Spyware and mainly Ransomware is not a simple deal. they lock the computer and never allow to unlock untill you pay some scam amount the virus pop up demands. I think it’s clear that with given instructions, we can remove viruses by pay nothing but unlocking computer with easy step by steps given above.

  • #20 by Computer Repair in Phoenix September 28, 2012 at: 10:13 pm

    In reponse to Louis Lopez: even if you update all of your software, you can still get infected by malware, trojans, and rootkits by clicking on and going to websites that install malware scripts onto your computer. Windows XP users are especially susceptible because the operating system is old and not updated anymore, and IE 8 is the latest browser version available for it.

    XP users need to use Firefox (or Chrome, which I do not like and is thought to have more security holes than IE) to keep their browsing experience as safe as possible. XP users should also consider upgrading to Windows 7 ASAP. If the computer is older than 4 or 5 years and has less than 1 or 2 Gigabytes of memory a new computer should be considered instead.

    The best protection against getting infected is common sense. I have been infected twice in all the years I have been using computers and both of those times I KNEW I was doing something risky. Do not click on strange links from emails, even if they are from friends or relatives – they could be infected and the virus could be sending out social engineering emails on their own. Learn about social engineering (http://en.wikipedia.org/wiki/Social_engineering_%28security%29) and how it can affect you.

    What about Facebook? It is generally safe but friend’s profiles can get infected and post links with text like “You can’t beat my high score” or “Check out how I lost 20 lbs on my latest diet” – things that are not personal to you or your friend. Do not click on stuff like that.

    I hope this helps someone from getting infected :) Hope you have a safe browsing experience!

    Dave

  • #19 by Wilbert September 7, 2012 at: 2:34 am

    Particularly decent piece Removing Viruses and Spyware LaptopTips!! Always keep writing

  • #18 by Mike December 15, 2010 at: 3:31 am

    Great post! I think people should be backing important documents up regularly. This would save a lot of time and effort. And there is this tool called Norton Power Eraser http://security.symantec.com/nbrt/npe.asp?lcid=1033. I’ve used it several times to remove deeply embedded and difficult to remove malware.

  • #17 by spy321 September 30, 2010 at: 2:41 am

    Nowadays one antivirus or antispyware is not enough. You can’t have two antiviruses but for antispyware i use malwarebytes antimalware and superantispyware. Both are free and does their job very good.