Virus/Malware/Spyware Preliminary Removal Instructions

DO NOT SKIP ANY OF THE INSTRUCTIONS

STEP1:Malware Removal: Temporarily Disable Real Time Monitoring Programs.

See these instructions on how to disable some of the more common real time monitoring programmes.

STEP2:If you`re NOT running any antivirus or firewall software, you should install some ASAP.Download and install the free AVG or Avast antivirus programmes and either the free Zonealarm, Kerio or Comodo firewall programmes

STEP3:Run this online virus scanner.You will need to use Internet Explorer for this scanner. Other Online Scanners

1. BitDefender ScanOnline


2. Microsoft Malicious Software Removal Tool


3. ewido online scan


4. Command on Demand


5. Panda ActiveScan


6. eTrust AntiVirus Web Scanner


7. Trend Micro HouseCall(ActiveX)


8. McAfee FreeScan

If you have any problems with the online scanner, skip it and continue with the rest of the instructions below.

STEP4:Make sure you have the LATEST version of HJT (currently v2.0.0.2) from HERE.The above link will download the HijackThis installer. Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. It will also automatically OPEN HJT, close it.

STEP5:THIS IS VERY IMPORTANT.Open the C:\Program Files\TrendMicro\HijackThis folder in program files. Rename the Hijackthis.exe file to Crusty.exe. This is because some malware can hide from HijackThis.exe. Right click the HijackThis.exe file and choose rename. Click in the title box and press the delete key to clear what`s there, type Crusty.exe and press the enter key. Right click the Crusty.exe file and choose send to desktop(create shortcut).

Do not run a HJT scan, until step15

STEP6:Download and install AVG Antispyware(formerly Ewido). Double-click the icon on your desktop to run it.On the top of the main screen click Shield. Click the word active to change it to inactive.On the top of the main screen click 'Update'. Then click on 'Start update'. The update will start and a progress bar will show the updates being installed.If you are having problems with the updater, you can get the manual update at http://downloads.ewido.net/avgas-sig...ll-current.exe
When you have finished updating, exit AVG Antispyware.
For a complete pictorial guide to the use of AVG Antispyware look HERE.

STEP7:Download and install the latest version of Spybot-S&D from HERE. Make sure you have the latest definition files(updates). Click the immunize button in the lefthand pane, then click the green immunize cross in the righthand pane. Close SS&D. Make sure that during installation the Teatimer protection is disabled.

STEP8:Download and install the latest version of Ad-Aware SE Personal from HERE. Make sure you have the latest definition files. Close Ad-aware se.

Other Antispyware Scanners

1. AVG Anti-Spyware


2. Windows Defender


3. Spybot Search & Destroy


4. SUPERAntiSpyware

STEP9:Download the Ccleaner programme from HERE.Close all browsers. Run the programme and make sure all the boxes are ticked under the Windows(except for the Old prefetch Data option, this should be unticked) and Applications tabs and click the run cleaner button. Do this several times

STEP10:Download and run these three tools.Tool1 Tool2 Tool3

Follow the instructions for using each tool on the download site for each tool.(tool2: here)

STEP11:Download the Panda Antirootkit programme.
Unzip it and run the PAVARK.exe file.
Tick the box that says In depth scan and follow the on screen instructions.
DO NOT remove any UNKNOWN ROOTKITS at this stage. Instead, let me know the results.
Let me know the results in your reply.
PLease Note: Panda Antirootkit is not compatible with Windows Vista.
If you are running Vista, please download the AVG Antirootkit programme.
Disconnect from the net and install the programme.
Run the programme and tick Indepth scan.

STEP12:Download Combofix.exe to your desktop.(Delete all versions of Combofix you may already have.) Double click combofix.exe & follow the prompts. A window will open with a warning. Type "1" (and Enter) to start the fix. When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log. Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Combofix will automatically save the log file to C:\combofix.txt Do not post the Combofix log, until you have completed the rest of the instructions below.Please note: If you have any problems with Combofix, please do the following instead.Please download Deckard's System Scanner (DSS) and save it to your Desktop.DISCONNECT FROM THE INTERNET...REMOVE THE PLUG FROM THE BACK OF THE COMPUTER.Close all other windows before proceeding.
This means TURN OFF ALL other security programmes.Norton Anti-virus, AVG Anti-spyware or any other security programmes you`re running.Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please attach the main.txt and extra.txt in your next reply.Re-enable your security programmes and reconnect to the net.

STEP13:You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT).See how here.http://www.bleepingcomputer.com/forums/tutorial61.html.
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here. http://www.bleepingcomputer.com/forums/tutorial62.html
Run a full system scan with your antivirus programme and delete whatever it finds, including anything in the virus vault.

STEP14:Run SS&D and fix whatever it finds.Run Ad-Aware personal se. Click start, uncheck scan for negligible risk entries.Select perform full system scan and click next, fix whatever it finds.See this pictorial guide on how to use AVG Antispyware.
Make sure all windows are closed. Run AVG Antispyware.VERY IMPORTANT:Make sure AVG is set to quarantine it`s results.Make sure you read this step properly. Please note: If your AVG Antispyware log says all items have "No Action Taken" or "Ignored" That`s because you haven`t followed the instructions properly for using AVG Antispyware and will have to read them again and do a fresh AVG Antispyware scan.There is absolutely no point in attaching an AVG Antispyware log that says items have "NO ACTION TAKEN" or "IGNORED"Once finished, click the save scan report button, followed by the Save report as button and save it to your desktop.
Reboot into normal mode and rehide your protected OS files.

STEP15:Run HijackThis.Click on Scan. After the program is done with the scan, click on the "Save log". It should be the same button as the previous "Scan" button you clicked on.
Save the log to wherever you want. You can now attach your HJT log without having to rename it as a .txt file.Attach the HJT logfile as an attachment to me

Please note: HJT and any other logs must not be posted as .doc files. This is due to the risk of viruses etc.Once you`ve finished these instructions, you should have 3 log files. HJT, Combofix and AVG Antispyware logs.

Category: Antivirus, Tutorial