Infection Removal Guide

  • If you have an infection you’d like to remove…
    • Please follow the Setup and then Removal posts.
      If that doesn’t fix it, look at Advanced Removal.
  1. Intro/T.O.C.
  2. Setup
  3. Removal
  4. Advanced Removal
SetupBefore you start removing infections, there’s a few precautions you should take.
These steps will help cripple most infections, making them easier to remove.

  1. Restore file associations.
    Sometimes infections will remove your ability to directly run programs. This is often done so that while you can use shortcuts to still launch your browser and other programs, you can’t run installers or tools to remove the infection. Luckily this is a quick fix.www.dougknox.com/xp/fileassoc/xp_exe_fix.zip
    Download that file and open/run it. You should see something called xp_exe_fix.reg inside. Double-click that, and you should get a confirmation/warning. Click the Yes or Merge button (whatever your system says) to fix the EXE association information. You may need to restart afterwards before programs will run.
  2. Disable Browser Addons
    During the removal, you should run your browser with addons disabled so they don’t get in the way of removing the infection.

    • Internet Explorer
      In your start menu’s programs list, go to Accessories, then System Tools, and then Internet Explorer (No Addons).
    • Firefox
      Hold down the Shift key while starting firefox to go into it’s Safe Mode (which has addons disabled).
    • Chrome
      Open chrome normally, then press CTRL+SHIFT+N to open an incognito window, which has addons disabled. Close the original window and use the incognito one.
  3. Disable System Restore
    Viruses and other infections can hide in restore points, so we need to clear them.

    • XP
      In your start menu, go to the control panel, and there should be a bunch of icons, one of them being system. If not, click switch to classic view on the left. Open system, and click the system restore tab at the top. In that section, click the checkbox to turn off system restore on all drives, if it not already checked. Save the settings. That will delete any older system restore points, which could easily contain viruses, to prevent them from coming back in the future if you use a restore point.
    • Vista
      Open the start menu, right-click Computer, and click properties. In the new window, go near the top-left and clickSystem protection. In a new window, you’ll see a list of your drives. Uncheck them. Tell windows that you want to turn system restore off by clicking the button when it asks you.
    • Windows 7
      Open the start menu, right-click Computer, and click properties. In the new window, go near the top-left and clickSystem . In a new window, you’ll see a list of your drives. Below that, click the configure button. In the next new window, choose Turn off system protection, then click the [/b]OK[/b] button.
  4. Delete the HOSTS file.
    The HOSTS file can be used to redirect good addresses (like google.com) to bad ones (like thiswebsiteisavirus.com), so we should delete it to be safe.In your start/globe menu, go to the Run command. If you’re on vista/7, you’d click in it the little white box near the bottom. Copy the below text and paste it in the box, then press [/b]enter[/b].

    %systemroot%\System32\drivers\etc\

    In the folder that pops up, there should be a file named hosts with no extension. Delete it.

Removal
  1. Malicious Software Removal Tool
    Malicious Software Removal Tool (32-bit)
    Malicious Software Removal Tool (64-bit)
    This is the first program that you should download and run. It’s a tool that checks your computer for infection by specific viruses known to affect windows, it is not a replacement for a normal anti-virus, but it is useful in removing something that has already infected you.
  2. rKill
    This tool will further attempt to kill any malicious program that’s running, so we can actually get on with the removal. It comes in four “flavors”, if one doesn’t work try the others.
    http://download.bleepingcomputer.com/grinler/rkill.exe
    http://download.bleepingcomputer.com/grinler/rkill.com
    http://download.bleepingcomputer.com/grinler/rkill.scr
    http://download.bleepingcomputer.com/grinler/rkill.pif
  3. Anti-Malware
    Next thing to do is a scan with an anti-malware. Download and install Malwarebytes, let it update, and then run a full scan with it. Fix/remove whatever it finds.
    www.malwarebytes.org
  4. Anti-Virus (Run-Once)
    It’s time to do an antivirus scan, this is a run-once tool meant to remove any existing standard virus infections. Download and run this tool, and allow it to scan your computer.
    www.microsoft.com/security/scanner/
  5. Anti-Virus (Boot-Time)
    It’s time for another antivirus scan, but this will be done a bit differently. Download and install Avast, then open the control window (main window). Go to the menu, and choose Schedule Boot-Time Scan. In the new window select scan all local discs and then confirm the schedule. After that, restart and Avast should boot before anything else, and it should scan and remove whatever it can find.
    www.avast.com
Advanced RemovalIf the normal removal steps didn’t work or you can’t follow them…
We can help you get past those blocks personally.
We will need certain pieces of info from you.

Post a thread with the following info.

  • Windows version.
    In the start/orb menu there should be a My Computer or Computer option. Right-click it and click Properties. The new window that comes up should have information about which version of Windows you’re using. If you’re not sure which info it is, just take a screenshot for us.
  • Nature of infection.
    What’s the exact problem? Are you getting slowdown? Random ads popping up? Google search is redirecting to ads? Can’t open the task manager? Can’t access certain files? Persistent ad trying to scare you out of your money?
    Tell us exactly what’s going on, and remember that a picture tells a thousand words, and we like screenshots!
  • Why you can’t remove.
    Unable to download one or more of the programs? Can’t find a setting the guide told you to find? Can’t run any of the programs for some reason? Did the programs run but not find anything? Does the infection keep coming back after you remove it?
    The more you tell us about the situation, the easier it’ll be to find the source of the infection and get rid of it.
  • HijackThis log.
    Download and run the executable version of HijackThis from free.antivirus.com/hijackthis. Choose Do a system scan and save a log file. It will open the log file when it’s done scanning. Visit dpaste.com and copy-paste the log into the big white box and submit/paste it. Then give us the link of the new page.
  • Msconfig startup list.
    In your start/globe menu, go to the Run command. If you’re on vista/7, you’d click in it the little white box near the bottom. Type msconfig, then press enter. In the new window, click the Startup tab, then take screenshots to show us everything that’s checked.

For any questions, queries please do not hesitate to leave a comment in the queries page at the bottom of the page or contact us at compfaqz@gmail.com

Join us on facebook

http://www.facebook.com/pages/Compfaqz/178832208817415

One response to “Infection Removal Guide

  1. Pingback: Anti Virus Review The Ultimate Guide to the Greatest Protection Computer software

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s