Malware and Spyware Cleaning Guide, Please read before starting a new topic |
![]() ![]() |
Malware and Spyware Cleaning Guide, Please read before starting a new topic |
Aug 10 2004, 02:44 PM
Post
#1
|
|
![]() Site Administrator Posts: 18,714 From: 127.0.0.1 OS: Windows 7 64-bit RTM |
Last Updated: August 16, 2009 - Click Here for Printable Version of This Topic
Is this your first time here? If so, welcome to Geeks to Go! To access some of the download links provided below, and to post a topic in the forums you first need to register. You may want to print or bookmark this topic to reference later as rebooting may be required. Please remember, people helping you here are all volunteers. Be patient, somebody will help you as soon as they become available. We have REAL jobs, families, have other interests, or may live half way around the world. Plus, there may be people in front of you waiting for help. Following the steps below will lighten our work load, and allow us to help more people. Please acknowledge that you've followed the steps in this cleaning guide (or our first reply will likely direct you here). Finally, please follow your thread to a conclusion. Just because a popup is gone, or a desktop is restored, it does not mean your system is free of malware. It may still be sending spam silently in the background, or even collecting personal information. If you fail to follow your topic to conclusion, your system may not be completely clean, and it will be vulnerable to future infections. When finished, we will post instructions and advice on preventing future infections. We offer self-help, malware removal guides for many common infections. Including these: How to remove Antivirus 2009 How to remove Outerinfo How to remove Trojan.Zlob-X.a - IEDefender How-to remove Virtumonde, Trojan.vundo Preparation: Why? This will remove unneeded temporary files from your system, make automated scans that follow run faster, and save you time. Many infections also load from a temporary file location.
Why? This ensures there's a valid system restore point, in case it's needed. We use a simple program called SysRestorePoint that automates the steps of creating a restore point.
Why? This ensures we have a valid registry backup. ERUNT (Emergency Recovery Utility NT) allows you to store a complete backup of your registry and restore if needed. Removing modern malware infections often requires making changes to the registry, and a corrupt registry can prevent a system from booting. Compatible with Windows NT, 2000, 2003, XP, Vista, 32 & 64-bit versions.
Step One: Scan for Spyware/Adware Why? Malwarebytes' Anti-Malware is very good at removing the zlob trojan, virtumonde, and most other current infections. This single tool has replaced multiple tools that have been required in the past.
Note: Some infections will prevent MBAM from running. If MBAM won't run, try renaming the file mbam-setup.exe to a random name, and then try again. Extra Note: Do not run a full scan with MBAM. It is not required or needed, and in fact makes our job tougher. Step Two: Viruses/Trojans Why? Even the best antispyware programs are only able to remove about 70% of infections. Also, the line between spyware and viruses/trojans is getting blurred. Everyone should have an antivirus application installed on their system. If you don't have an antivirus installed, or if the subscription for yours has expired, see our recommendations for free antivirus applications. If you install an antivirus application, please run a full system scan immediately. Important note: Geeks to Go highly recommends uninstalling any existing antivirus software BEFORE installing another antivirus application. Antivirus programs often conflict and can cause system slowdowns, crashes, or even leave you unprotected. Only ONE should be installed on a system at any time. Step Three: Reboot - Test The steps above will completely clear malware from the majority of systems. Test your system to see how it's working. If you're still having problems, continue to the next step. Otherwise, read "Preventing Malware and Safe Computing" to prevent future Spyware/Hijack attacks. Step Four: Rootkit Detection Why? Rootkits can generally be removed effectively, but they need to be removed before other malware can be cleaned, and they sometimes interfere with some of the tools we use. If you start a new topic, please include the RootRepeal log as an initial check for the presence of rootkits:
Note: The scan should not take very long. DO NOT run any other programs while the scan is running Step Five: Post an OTL Log Why? OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis. The person helping you may have you run other scans or tools after reviewing your logs. Important note: HijackThis has been replaced by OTL in this guide. Since being acquired by TrendMicro, HijackThis has not been regularly updated. Many infections are now able to hide partly, or completely from a HijackThis scan. OTL is authored by one of our staff members (OldTimer). It includes all the scan locations of HijackThis and more. It's not only a more comprehensive scan tool, but also offers more powerful removal features. Download OTL to your Desktop
Note: Don't forget to post your MBAM and RootRepeal log, in addition to the OTL log. Malware and Spyware Removal Forum Rules:
If you would like to learn more about removing malware and spyware, join our GeekU malware removal training program (free). If you're already an expert, and would like to help, please PM the admin. Please acknowledge that you've followed these required steps (or our first reply will likely direct you here). Please be patient, let us know the results, and remember to thank the helper assisting you. Printable View Thanks! -- Geeks to Go Malware Removal Staff This post has been edited by Rorschach112: Today, 06:48 AM
Reason for edit: added OTL custom scan
|
|
|
![]() ![]() |
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
![]() |
8 / 1,865 | 28th July 2009 - 09:54 PM tommy_ started - last by JSntgRvr |
|||||
![]() |
1 / 1,039 | 28th July 2009 - 03:21 PM lfunfsinn started - last by lfunfsinn |
|||||
![]() |
5 / 1,275 | 5th September 2009 - 04:50 PM klacroix413 started - last by Transience |
|||||
![]() |
30 / 429 | 18th November 2009 - 03:22 PM babybearfan started - last by Tweene |
|||||
|
Time is now: 20th November 2009 - 03:45 PM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising