Removing browser hijacks, Virus's and Spyware

Introduction

There are a number of different type of programs that could be causing the mayhem on your system. I'll provide steps for removing each type in the order I would follow. At the end will be some steps you can take to prevent this from happening again.

Note: If you are using Spyware Eliminator or any other software from Aluria software stop using the software, you are not being protected. Read the warning at the end of this post.

Removal

1. Uninstall

Open the Add/Remove Programs control panel and read through the list of installed software for anything you don't recognise. If there's anything you don't recognise it's probably best to uninstall it. If you want to find out what it is try http://www.google.com and search for the name. While you're here you may as well uninstall anything you no longer need.

2. MSConfig

Click on Start and then Run. Type msconfig and press Enter. Click on the Startup tab. Here you have a list of all the programs that run when you start Windows. Untick anything you don't recognise. Be aware that some of these things may be required by some other software/hardware you have installed. For a very comprehensive, searchable list of possible startup items check out Sysinfo
When you have made your changes click Ok and restart. When Windows loads a window will pop up reminding you that you have used MSConfig to make changes to your system. Tick the don't remind me box and click Ok. If something has stopped working run MSConfig again and enable it again.

msconfig
3. System Restore

If you are running Windows ME or XP it's possible that some of the programs you'll be working hard to remove will be hiding in an old System Restore point. Probably the easiest way to remove your old restore points is to turn System Restore off. Open the System control panel and click on the System Restore tab. Tick the box "Turn off System Restore on all devices". Click Ok and reboot your computer. All previous restore points have now been removed. Leave System Restore off for the time being. We'll turn it back on later.

4. Viruses

One of the better options for virus removal is to take the infected drive and install it into another computer with up to date antivirus software. I'm not including details on how to do this as I consider it outside the scope of this 'how to'. If you are not comfortable doing this skip down to the next paragraph. Provided you don't start opening files from the infected drive this will prevent the virus from activating. Some viruses may not be completely removed, or not be removed at all if they are active.

With or without the second computer it's best to scan for viruses with Windows booted into Safe Mode. To enter Safe Mode reboot your computer. After the BIOS has finished checking your RAM, drives and so forth it will hand over to your operating system. For Windows 98 this is the point where you need to hit F8, just before the Windows 98 splash screen is displayed. If you timed it right a menu will show up with a number of different startup options. Select Safe Mode. Windows 2000 and XP both have a prompt to say you can press F8 now to access the menu.

Under Safe Mode Windows will only load the bare minimum it needs to run. This can help prevent viruses from working and make them easier to remove. Because of this your resolution will be set to 640x480 and the number of colours dropped to 16. Do not worry, this is only temporary. It will return to normal when you reboot.

#Note: Safe mode was suggested knowing that this is best for Norton Anti Virus but not all virus scanners work under safe mode. As at 21/7/2004 Trend Micro's PC-Cillin does not work if you have booted into safe mode and are running Windows 2000 or XP. Trend Micro appear to be aware of this problem. Their current fix is to visit TrendMicro and download the Damage Cleanup Engine. There is no mention of this problem on that page and searching for "safe mode" in their Knowledge Base turned up no more relevant info. There are instructions on how to use the Damage Cleanup Engine on that page.

Once in Safe Mode open up your favourite antivirus software. What! you don't have a virus scanner! There are some free scanners out there. One popular free scanner is AVG Anti Virus Free Edition. You can download it from AVG's site here Grisoft Updates for AVG Anti Virus Free Edition are available here Click If, for whatever reason you don't have a virus scanner and don't want to install one some antivirus companies provide a free online scan. Trend Micro Housecall and Symantec Security Response are two such companies.

Before you even think about running a scan update your virus definitions. Depending on your setup you may have to do this before you boot into safe mode. There's no point trying to scan for the latest virus if your definitions are several months out of date. Some antivirus software gives you the option to scan all files rather than just executable files, eg. .exe and .com files. Enable this option. While most viruses are hiding in executables there are some that infect non-executable files. Also, if you have the option, scan inside zip/archive files.
#Note: For those of you who use Eset's NOD32 AV software, there is an awesome guide to configuring it properly here

Ok, now you can run the virus scan. All clean? Great, move on to the next step.

Found a virus? Better clean it up first. Depending on the virus your antivirus software may or may not be able to remove it. Follow any removal instructions given by your antivirus software. When you try to remove the virus there are three possible outcomes:
1. Your antivirus software removes the virus and all is good.
2. The virus won't go quietly and infected file may have to be deleted or replaced with a clean copy.
3. Your antivirus software can't remove the virus.
In the event of number 3 you may be able to remove it manually or with a removal tool designed to target that specific virus. Removal instructions and removal tools can be found at Symantec. AV Center Search for the virus and see what's available.

Once you have removed any viruses run a second scan to make sure nothing comes up again.
«Prev 1 2 3 4 5 Next»

Most Recent Comments

19-06-2006, 13:19:36

Homer
:wavey: Not so bad, if i can add another advice, the best solution for increase your network is to use a firewall router (like linksys for example) or a PC with a linux firewall (likes smoothwall) which blocks, by default, INCOMING connections from internet AND a software firewall on all PCs of your network (zone alarm, kerio or bitdefender) which blocks incoming and OUTGOING connections by default.
And the best antivirus is Kaspersky.
I survey my active connections with a little soft called Active ports.

Homer
(Sry for my english)

19-06-2006, 16:29:34

Phnom_Penh
SFC.exe, the built in windows system file checker is a useful little tool which does what it says on the tin. (I.E. it checks all the windows files for any nasties) ;) Has come in handy in the past

Three switches you're only really need are...

/SCANNOW Scans all protected system files immediately.
/SCANONCE Scans all protected system files once at the next boot.
/SCANBOOT Scans all protected system files at every boot.

21-06-2006, 07:13:49

PV5150
Hey Homer, I did actually mention firewalls on the last page of the guide. :)

21-06-2006, 14:40:57

Homer
Hello,

yes you mention the interest of firewalls and your guide is very interesting for users... just want to said the most important is to install and set up a hardware firewall and a software firewall on each computers on LAN, both of them. And if a PC is too unstable/infected, the best way to solve pbs is to format HDD and reinstall WXP and install antivirus, firewalls, anti-spyware in first, don't hesitate to do it when needed.

Think about to disabled the windows services which are non useful (in most cases) and dangerous for security, like :

- help and support
- NetMeeting Remote Desktop Sharing
- Portable Media Serial Number Service (a strange one ^^)
- QoS RSVP (u just win about 20% bandwith with this one)
- Remote Access Auto Connection Manager
- Remote Desktop Help Session Manager
- Remote Registry (very dangerous)
- Server (but if u have a personnal web site or ftp... on your LAN u need it, of course)
- SSDP Discovery Service
- TCP/IP NetBIOS Helper
- Telephony
- Telnet
- Terminal Services
- WebClient
- Windows Time

and more... ;)

In result i have only 30 processes active, the best way to check what kind of processes is up.:beerchug:

PS : This is dedicate to Jiffz who i knows have some router pb ;)

01-07-2006, 03:43:28

Homer
Did i was out of topic with my windows services, interesting or not useful?
(sorry for my english)

01-07-2006, 05:57:54

Phnom_Penh
[QUOTE=Homer]Did i was out of topic with my windows services, interesting or not useful?
(sorry for my english)[/QUOTE]
Yeh, it's usefull, but there's no point in having both hardware and software firewalls.

21-07-2008, 08:37:53

zlanhgn
软水机采用离子交换(Ion-exchange)的技术,不但解决了水中硬度离子(钙、镁离子)在水管和安装在水管上的涉水设备金属表软水机面结构的问题,使设备...目前市场上其它家用软水机同蒸汽锅炉房所使用的工业软水机软水盐配送电话010-87422319 买软水盐送软水机活动正在进行中 来电咨询详情 中盐兰水精软水盐配送中心为您提供软水盐送货上门服务,长久以来家中安装软水机的用户享受到了软水机为大家提供的优良软水 水质..直饮机销售商建议不要长期饮纯净水蒸馏 65岁老人质疑清晨喝盐水不好的结论 您知道健康水的标准吗?...选购直饮机请选择专业的直饮机销售商 版权所有 邯郸市康路水净化设备有限直饮机责任公司.本公司共有13条同类"家用净水器"供应信息 详细信息 产品简介 1.采用世界第一品牌世韩膜。...供应东莞家用纯水机、常平家用净水器、厚街家用纯水机 850.0/台 供应厨房用净水家用净水器 1800.0/套系列家用净水器(过滤器,自来水过滤器,饮用水过滤器),采用不锈钢外壳,美观大方,易于清洁卫生,水源为市政自来...济南聚力是一家专业从事纯水机、净水器、反渗透纯水机、家用纯水机、商用纯水机、家用净水器、RO纯水机[/url] 家用净水器、反...

04-05-2009, 11:45:23

MarkW7
Good tut, thanks

04-05-2009, 11:56:34

themcman1
What's with bumping all the old threads?

04-05-2009, 13:57:45

MarkW7
I need 15 posts. Lmao
Reply
x

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.