I've been using this site for a long time, and I'm looking forward to contributing.
I've been an IT Pro for 13 years, and previously owned a computer repair shop. I've cleaned several hundred infected computers.
My methodology for removing viruses and malware tends to vary a bit from the route usually followed by Bleepingcomputers, but if that doesn't work, I come here.
My first stab at a virus/malware infection (if I have physical access to the computer) is to boot the computer using a WinPE or BartPE boot disk (it's like a bootable mini Windows XP-Vista-7) and use Autoruns by Sysinternals (now owned by Microsoft) and running an "everything" scan which will find every driver, component, object - well, pretty much everything - that loads in Windows. Make sure to toggle between every user (which includes the local machine "user" and the NT System Security "user") and go through every field. Including drivers.
This takes about 5 - 15 minutes, and you can often disable the malware/virus, enabling you to remove it from safe mode while running MalwareBytes Anti-Malware.
If I don't have physical access (working on it remotely) I boot into safe mode and use autoruns. Then install, update and run malwarebytes.
If I have a problem getting to the internet, I replace the hosts file.
Have a problem installing or uninstalling anything in safe mode, I use a tool called SafeMSI - it's essentially a script to enable and start the windows installer service in safe mode should that be required.
You can do this manually as well.
If I have physical access to the computer, I remove the drive, put it in a USB cradle, and run a full MalwareBytes scan. My anti-virus resident protection essentially also scanning every file on the hard drive.
eSATA or USB 3.0 makes life easier here. You could mount the drive internally, just make sure you image your virus scanning computer first.
Go do something else. Sitting there and watching that scan work is like watching paint dry.
Go to BleepingComputers.com ;-)
Edited by BarryKennedy, 11 March 2011 - 08:56 AM.