Spyware/Virus Removal Techniques

Hello all,

I saw a few post regarding malicious adware on Windows and thought I would just make a new thread on how to clean Windows pretty decently. I might as well help the online community since this is what I get paid to do at my job...

Here is the order you want to do these items in:

1. Reboot in safemode
2. Stop programs from running at startup via msconfig and regedit
3. Install Ad-Aware/Spybot/CCleaner
4. Update Ad-Aware/Spybot
5. Stop addons from running in Internet Exploder 6/7
6. Run Ad-Aware/Spybot/CCleaner
7. Defrag the hard drive (See post #7)




Step 1:
First start your computer in Safe Mode (spam F8 after your computer POSTs).





Step 2:
Go to Start<Run and type msconfig


A window will pop up like this:




Go to the "Startup" tab and deselect everything unless you know what it is AND WANT IT TO RUN. Like so:


When your done, click "Apply" then "Ok". When it pops up and ask you if you want to restart, select "Exit without restart".



Go to Start<Run and type regedit. Window will pop up like this:




You want to work your way through the hierarchy by going through (note: "<" denotes a folder below the folder to the left of the "<"):
HKEY_CURRENT_USER<Software<Microsoft<Windows<CurrentVersion<Run



You will see something like the following:




Remove any keys in the list by selecting them and deleting them.
Do the same for:
HKEY_CURRENT_USER<Software<Microsoft<Windows<CurrentVersion<RunOnce
HKEY_LOCAL_MACHINE<Software<Microsoft<Windows<CurrentVersion<Run
HKEY_LOCAL_MACHINE<Software<Microsoft<Windows<CurrentVersion<RunOnce



Close the RegEdit window and restart Windows normally.


Step 3-4:
Download Adaware, Spybot and CCleaner:
Adaware
Spybot
CCleaner

Install all three and update Adaware and Spybot.



Step 5:
Open Internet Exploder 6/7 and go to the "Tools" menu and select "Manage Add-ons". It will open a window like this:




You want to disable anything that is a "toolbar" in this window:
Make sure that you go through the list of the dropdown menu.




See next post for Adaware.

Step 6:

Run adaware, it will look like this:




Click the "Start" button, then it will look like this:
Make sure you select "Perform full system scan"!!




Click the "Next" button, the program will start scanning:
<sarcasm> The point of this screen is to see how many points you can get by getting as much spyware/adware on your computer!! </sarcasm>




When it finishes, it makes a familiar sound (lol) and you will see this screen:




Click the "Next" button to see how many things you on your computer:
Select everything except the MRU list (unless you want it deleted, it stores info like recently opened documents etc...)




Click "Next" again and select "Yes" to delete them. Close the window and proceed to the Spybot section...

Run Spybot, it will look like this:



Click "Check for Problems" and it will start scanning your computer:



When it finishes, select the entries you want to remove and click "Fix Selected Problems":



Note: with certain adware, Spybot may ask to run on the next startup. If it does, select "Yes" and then restart. This removes any programs that were currently running that could not be removed.

Close Spybot and run CCleaner:

At this screen, scroll through all of the entries and make sure that they are ALL checked. Don't forget the second tab in this window!!


When you have finished selecting them all, click "Analyze":
It will scan your system and compile a list of files it thinks should be removed from the system.


After it is done Analyzing your system, click "Run Cleaner" and it will remove all of the files.

Click the "Issues" button on the left hand side of the window:



Click the "Scan for Issues" button:
Note: this does not scan magazine issues... </sarcasm>


After it is done scanning, click the "Fix Selected Issues" button.
It will pop a window like the following:
Just click "Fix All Selected Issues" button.


NOTE: I recommend doing the "Scan for issues" and "Fix Selected Issues" until there are no more things to fix.

See next post of mine for defragging.

Good job and thanks for posting this so people who are not familiar with this stuff can learn how to.

Nice post, Thideras! This could be a sticky!

After doing the above, I add another couple of steps which are more on the 'housekeeping' side of computer maintenance.

First, after deleting any spyware/adware using the above programs, sometimes there are a lot of stubs left by the spyware/adware cluttering up the registry. So, I run Registry Mechanic to get rid of any of this remaining detritus in the registry. There are other registry cleaners out there, but RM works best for me.

After I'm done deleting all the unwanted programs and finding and deleting any duplicate or unwanted data files, I'll then right-click on the disk(s) I'm cleaning up and press the "Disk Cleanup" button to further unclutter things.

Finally, I'll defrag the disk. Sometimes, I'll even set the page file to zero before the defrag and reset it to what it was after the defrag is done. There are several threads already out there with detailed instructions for thorough defragging, so I won't duplicate that here.

mbigna said:

Nice post, Thideras! This could be a sticky!

After doing the above, I add another couple of steps which are more on the 'housekeeping' side of computer maintenance.

First, after deleting any spyware/adware using the above programs, sometimes there are a lot of stubs left by the spyware/adware cluttering up the registry. So, I run Registry Mechanic to get rid of any of this remaining detritus in the registry. There are other registry cleaners out there, but RM works best for me.

After I'm done deleting all the unwanted programs and finding and deleting any duplicate or unwanted data files, I'll then right-click on the disk(s) I'm cleaning up and press the "Disk Cleanup" button to further unclutter things.

Finally, I'll defrag the disk. Sometimes, I'll even set the page file to zero before the defrag and reset it to what it was after the defrag is done. There are several threads already out there with detailed instructions for thorough defragging, so I won't duplicate that here.

Click to expand...

Thanks for the info, I'll update tomorrow!

Sorry about the seperation of posts, it only lets you post 10 images per post...lol...continuing

Step 7:

Now that we have cleared the hard drive of any malware, we can now organize it so it runs faster!
Go to Start<All Programs<Accessories<System Tools and select "Disk Defragmenter"
A window will pop-up like this:




Click the "Analyze" button. This will initiate a scan to check how fragmented your drive is, if it is fragmented, it will pop-up a window like this:




Click the "Defragment" button. This will start defraging your drive, be warned, this may take awhile depending on how fragmented your files are and how fast your hard drive is. The window will look like this when it is defraging:




When it finishes, it will show a window like this:
<insert picture here> (waiting for scan to finish...lol)



That is the last step!! Your system should now be free of malware/spyware!!! CONGRATS!!

I really hope this helps alot of people out there who are having problems with spyware/adware. Feel free to post a reply or send me a PM if you have any questions on anything!

Thideras

Bumpage because I've seen quite a few new Spyware posts.

FYI it is best to disable system restore before doing all this. Sometimes spyware gets in there too.

nikhsub1 said:

FYI it is best to disable system restore before doing all this. Sometimes spyware gets in there too.

Click to expand...

Correct, thanks for adding something I forgot. System Restore is not your friend, it has the tendency to back up the problem that you are trying to get rid of! Kind of defeats the purpose, but I still give Microsoft kudos for trying...lol

Bump because of more spyware threads.

this [thread has been very helpful. just wanted to say thanks.

If you get a rootkit on your system dont even bother trying to clean

I thought at first this was going to be a useless post (a lot of stuff I already knew) but it's very well done and informative. GG

mcsirc said:

this [thread has been very helpful. just wanted to say thanks.

Click to expand...

Thank you very much!

completeclicks said:

I thought at first this was going to be a useless post (a lot of stuff I already knew) but it's very well done and informative. GG

Click to expand...

Thank you very much!

thlnk3r said:

If you get a rootkit on your system dont even bother trying to clean

Click to expand...

Yes, if you get something that is a real pain to uninstall and these steps do not solve it you need to back up your files and reformat. Even if you do remove it, you run the risk of it having messed with system files and causing more problems later.

Yeah rootkits are nasty but this tutorial is vey good and should remove most spyware infections.

When working in the registry. I tend to bookmark certain sections so it is easy to get to them and not have to go through all the trees. Working deep in the heretical pane, can be .. a pain and slow. Once you have all the key points set, no more collapsing and expanding.

While you are in the spot you want to mark.
Favorites | Add to favorites
Name it to something easy to indentify later on.


Next time you need to get there. It is so much faster and more efficent.

Enablingwolf said:

When working in the registry. I tend to bookmark certain sections so it is easy to get to them and not have to go through all the trees. Working deep in the heretical pane, can be .. a pain and slow. Once you have all the key points set, no more collapsing and expanding.

While you are in the spot you want to mark.
Favorites | Add to favorites
Name it to something easy to indentify later on.


Next time you need to get there. It is so much faster and more efficent.

Click to expand...

Thank you for the addition, I was unaware of this. ^.^

Bumpage because I've seen more virus/spyware questions.

XPhome users cannot run msconfig though...