Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


This May Be Of Some Help To Some.....hope So...

  • Please log in to reply
1 reply to this topic

#1 tym


  • Members
  • 1 posts
  • Local time:04:54 PM

Posted 25 May 2007 - 07:36 PM

So you think you may have a virus or spyware now what. Ok lets take this one step at a time. This is for xp and should be pretty close for vista. I only include the steps for xp. Soon I will make a new one for vista.

Getting Started to remove Virus and Spyware In Xp.

1. Lets go to start, my computer and right click on the word "my computer". Go to properties, System restore, and disable it for now. When your all done don't forget to restart it. (Personally I don't use it but I really don't recommend it for most people.

We are disabling it so when the nasty is gone you won't run the chance of reinfecting your computer.

2. Go to start, control panel, Folder options, Click on the view tab, Check the box "show hidden files and folders" and uncheck "hide extensions for known file types. Uncheck the "Hide protected operating system files"

We are doing this to keep nasties and virus from hiding.

Ok now were about ready to scan. These are The programs I use and recommend the most. I can not stress this enough. Please stay away from norton anti-virus. I have cleaned up more computers with this program running than any other.

Programs I Recommend.
Remember run only 1!!! Anti-virus program. More than one will cause bad conflicts!!

1. Avg free edition, Avast also has a nice free one.(anti-virus programs)
2. Starupinspector. This will tell you what programs are starting with your computer. Just hit the word "Consult" at the top of the program. If its unsure it will offer you a "google link" so you can see for yourself.This program is free.
3.Avg anti-spyware free edition. I really like this one. Works well.
4.Ad-Aware free edition. Works great.

If your unsure where to get these just ask. If you use google they are super easy to find.

With spyware programs you can run more than one. Its safe. Just don't allow them to start when your computer does. I personally only use 2. Thats plenty. More than that is overkill.

If you have the means. Webroot Spy Sweeper is a good investment. You can pick it up at wall-mart for 30 Bucks. Its by far the best in my humble opinion. If you don't have the means, the free stuff works just as well.

Ok now you are set up, you have your programs. Now what.

1. Update them. Make sure you have the latest definitions.

Ok Lets run a scan!!

First run your anti virus see if you find anything.

Pick one of the 2 spyware programs. Run it. See if you find anything. Now Lets give the second one a shot. See if you find it.

I ran my Scans I still can not find the problem!!

Ok. Lets reboot your computer. Shut your computer off and restart it. Now while Its starting up hit and hold the "F8" Button. Don't worry if you mess up a time or 2. Just reboot and try it again. If you have done that right you will see a screen that offers options to start windows. Please Pick "safe mode with networking"

Windows will ask if you still wanna use safe mode hit yes. continue to work in safe mode.

1.Lets run your anti-virus program. See if you find it.
2.Next lets run your anti-spyware one at a time and see if you find it.

Why am I doing this in safe mode and why does the screen look funny!!

When you run your computer in safe mode, windows will only start with the bare essentials to run windows. You have a better chance of finding the nasty this way.

Your screen looks funny, thats normal, windows does not load video drivers in safe mode.

I scan my computer in safe mode once a month just to make sure.

Ok I have done all this now what do I do. I still have a nasty!!

Running Hijack This!!

I have decided not to offer a lesson for this tool. Its just to easy to mess up your computer. You can always ask how to properly install hijack this. Make sure the shortcut you create is renamed to "analyizethis". Some clever hackers have found away to to recognize hijack this on the computer. This keeps them from finding it.

If your desperate A website I have used for a very very long time with safety www.hijackthis.de You copy and paste your hijack this logs into the scanner. It has never failed me.


Once all the scans are done, reboot the computer, and restart system restore, if you use it.

A Few useful Web Sites.

www.housecall.trendmicro.com ....offers a free online virus scan. Really like this site.

www.pcpitstop.com. Nice free site to check for computer problems.

www.testmy.net. Run there free speed tests and see how your speeds are. If they are super slow that may be a indication of infection.

Ok smarty Pants how do I know this guide is right!!

I have cleaned out lots of computers with nasty and virus issues. This guide is posted in a forum of fellow geeks. They will be the first to speak up if its the wrong information.

Ok I ran all this stuff including hijack this and I still have issues, This guide is a waste of time.

This guide is a general all purpose guide to get rid of most issues. Spyware and virus are always changing. This guide is meant to get you started in the right direction. If you still have issues, then ask in the forums for help. Someone will be along shortly and do there best to help you out.

Why did you write this guide??

I wrote it in hopes of helping others. I'm just your average person. I have played with computers for years. Allot of this I have learned the hard way.

Ok this guide did help how can I ever thank you.

Thats a easy one. Help others. Pass it along. Heck copy the whole thing and send it to a family member or friend. Claim its your own. It just doesn't matter to me. As long as it helps others. Its all good. :thumbsup:

Final Thoughts!!!!

Remember. THERE IS NO SUCH THING AS A DUMB QUESTION!! Never be afraid to ask. If someone gives you a bad time about the question. I can almost promise, Most geeks will not tolerate that kind of behavior. We all had to learn sometime. I have learned tons by asking. Never knowing it could be a 12 year old kid, or a 85 year old person from anyplace in the world That gave me the right information.

Ok, so someone gave you a answer and you still don't understand. ASK AGAIN!!! Sometimes the response can be a bit to geeky, I have been guilty of that myself. ASK AGAIN!! We will all do our best to help you out the best we can and explain it in simple terms. YOUR NOT STUPID!! We all have to learn. We have all asked some super easy questions.

The question you ask may be simple, its the one we love to answer the most :flowers:

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,047 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:54 PM

Posted 26 May 2007 - 06:51 AM

Welcome to BC tym

I see you have posted a long list of steps and suggestions as a guide to help others with removing malware. I'd like to make a few comments about some of the things you have suggested here.

Did you know that BC has a self-help section for removing common malware? Please see the Spyware and Malware Removal Guides and Reading Room. That's a good place for folks to start where they can get step by step removal instructions if they know what specific malware has infected their computers.

The first step you advise is to turn off system restore. Disabling System Restore as the first step when attempting to clean a system or when scanning for malware is not advisable. Turning System Restore off and then turning it back on has some risk associated with it since that feature does not always work as intended. Further, there is always a possibility of something going wrong during the malware removal process and you end up with more problems. Without a restore point to fall back on, your then stuck with a limited means of restoring your system such as a Repair Install or Reformat. Although System Restore is not 100% guaranteed to work all the time, at least it gives you another option. When the system is clean, then you can create a new Restore Point and purge the old ones to prevent accidental re-infection.

Further, using System Restore on an infected system MAY restore malware-infected files so you should leave it in place until your computer is clean and stable. Then you can create a new clean restore point and get rid of the old ones which may be reinfected your system.

Your recommended anti-virus/anti-malware programs includes some that we recommend as well. For a more complete list see BC's List of Virus & Malware Resources and Freeware Replacements For Common Commercial Apps.

We have a nice tutorial about How to Use Safe Mode which can be found here.

You were correct not to offer a "How To" on using Hijackthis which is an advanced tool that requires advanced knowledge about the Windows Operating System. Most of the log entries are required to run a computer and removing essential ones can potentially cause serious damage such as your Internet no longer working or problems with running Windows itself.

Further, removing entries in HJT before the problem is properly identified can make the malware undetectable to other detection and removal tools. Full system scanning tools like Ad-aware, Spybot S&D and SpySweeper will remove the registry entries as well as the related files which results in a more complete removal process. HJT this should only be used to clean up the entries left behind, after you have properly removed the malware.

HijackThis is an enumerator and similar in some respects to a registry editor program which displays areas of the Windows registry where the majority of malware reside. Hijackthis will scan certain areas of your system and then create a log to help diagnose the presence of undetected malware in these known hiding places. It then relies on experts to interpret the log entries and determine what needs to be fixed. Thats why we have a Preparation Guide for use before posting a HijackThis Log with instructions on what to do and how to post a log in a dedicated forum in order to receive expert assistance from a member of our HJT Team.

You did however, recommend an online hijackthis site to paste a log into for analysis. While this may have worked for you, it is not something I would recommend to others. Online HijackThis analyzers often provide misleading and/or questionable results. These analyzers DO NOT always identify all the malware or all the files properly. They sometimes list legitimate files as bad and bad files as legitimate. Although these sites are open to the public, the user needs to know what they are doing and how to research the displayed log entries before using the original HijackThis application to fix anything.

I agree with your "Final Thoughts". Asking questions is certainly an part of the learning process. Providing answers that a novice can understand is important and doing that is what BC is all about. We are here to help those with very little knowledge about computers to those with a good deal of knowledge.

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users