Please read the information on the following page:http://www.bleepingcomputer.com/forums/How...are-tut101.html
Download and extract the Autoruns program by Sysinternals to C:\Autorunshttp://www.sysinternals.com/Utilities/Autoruns.html
2. Reboot into Safe Mode so that the malware is not started when you are doing these steps. Many malware monitor the keys that allow them to start and if they notice they have been removed, will automatically replace that startup key. For this reason booting into safe mode allows us to get past that defense in most cases.
3. Navigate to the C:\Autoruns folder you created in Step 1 and double-click on autoruns.exe.
4. When the program starts, click on the Options menu and enable the following options by clicking on them. This will place a checkmark next to each of these options.
1. Include empty locations
2. Verify Code Signatures
3. Hide Signed Microsoft Entries
5. Then press the F5 key on your keyboard to refresh the startups list using these new settings.
6. The program shows information about your startup entries in 8 different tabs. For the most part, the filename you are looking for will be found under the Logon or the Services tabs, but you should check all the other tabs to make sure they are not loading elsewhere as well. Click on each tab and look through the list for the filename that you want to remove. The filename will be found under the Image Path column. There may be more than one entry associated with the same file as it is common for malware to create multiple startup entries. It is important to note that many malware programs disguise themselves by using the same filenames as valid Microsoft files. it is therefore important to know exactly which file, and the folder they are in, that you want to remove. You can check our Startup Database for that information or ask for help in our forums.
7. Once you find the entry that is associated with the malware, you want to delete that entry so it will not start again on the next reboot. To do that right click on the entry and select delete. This startup entry will now be removed from the Registry.
8. Now that we made it so it will not start on boot up, you should delete the file using My Computer or Windows Explorer. If you can not see the file, it may be hidden. To allow you to see hidden files you can follow the steps for your operating system found in this tutorial:
How to see hidden files in Windows
9. When you are finished removing the malware entries from the Registry and deleting the files, reboot into normal mode as you will now be clean from the infection.
How to protect yourself in the future
In order to protect yourself from this happening again it is important that take proper care and precautions when using your computer. Make sure you have updated antivirus and spyware removal software running, all the latest updates to your operating system, a firewall, and only open attachments or click on popups that you know are safe. These precautions can be a tutorial unto itself, and luckily, we have one created already:
Simple and easy ways to keep your computer safe and secure on the Internet
Please read this tutorial and follow the steps listed in order to be safe on the Internet.
Now that you know how to remove a generic malware from your computer, it should help you stay relatively clean from infection. Unfortunately there are a lot of malware that makes it very difficult to remove and these steps will not help you with those particular infections. In situations like that where you need extra help, do not hesitate to ask for help in our forums. We also have a self-help section that contains detailed fixes on some of the more common infections that may be able to help. This self-help section can be found here:
Spyware & Malware Self-Help and Reading Roomhttp://www.bleepingcomputer.com/forums/Spy...g_Room-f55.html
Bleeping Computer Spyware & Malware Removal Series
BleepingComputer.com: Computer Help & Tutorials for the beginning computer user.
This article is published and created for http://www.bleepingcomputer.com
, otherwise known as Bleeping Computer, and is covered by all copyright laws. All articles on this website are copyright © 2004 by Bleeping Computer, LLC. All right reserved. Use of these articles is limited to viewing and printing for personal use only. If you would like to use this material or portions of this material for other purposes you must receive explicit permission from Bleeping Computer before reprinting or redistributing this article in any medium.