Articles > Software
Printer Friendly Version
Views: 5443

Spyware / Virus Removal

Last Updated: 2/5/11

- Tools

Spybot - [Link1] [Link2]
HiJackThis - [Link1] [Link2]
CWS Shredder - [Link1] [Link2] [Link3]
LSP Fix - [Link1] [Link2]
Winsock fix - [Link1] [Link2]
MWAV Removal Tool - [Link1] [Link2]
MWAV Cleaner - [Link1]
Temp File Cleaner - [Link1]

Printer Friendly Version | Download Instructions



- Instructions

Step 1 ) Obtain Tools listed above.

Step 2 ) Boot Into Safe Mode -
To remove most viruses and spyware you must boot into safe mode. Once in safe mode your internet may not work. So, to help you out I have created a downloadable version and a printable version of this page (See Above). Download or print this page before booting to safe mode. To boot into "Safe Mode" simply push the F8 Key (located on the top, middle portion of your keyboard) during the boot up process of your PC until you see a menu. You must push F8 and just the right time. If you see a logo that says "Windows" it is too late. You must restart the computer and try again.

Step 3 ) Delete Temp Files (Optional) -
Deleting temp files will remove viruses and spyware hiding in your temp files as well as free up hard drive space. This step is OPTIONAL, because your temp files may contain the only viruses / spywares on your system. By removing them now you lose the chance of identifying them later. If you do delete your temp files you may save valuable time by having less files that need to be scanned for viruses / spywares. To delete temp files run the batch file for your version of Windows (located in the batchClean.zip file). "cleanXP.bat" is for Windows XP and "clean9X.bat" is for Windows 95/98/ME.

Step 4 ) Run MWAV removal tool -
Run mwav.exe (you should have downloaded it earlier, see Tools ). When the program loads make sure the following check boxes are checked: "Memory", "Registry", "Services", and "Drive". Uncheck all other boxes. Select the radio buttons that say: "Drive" and "Program Files" . In the drop down box select "C:\" (or which ever hard drive Windows is on). Then push the button under "Action" that says "Scan". Note: This tool no longer removes threats. It now only detects them. After a full scan go and delete the files it detects that are viruses and spyware. Don't delete reboot tools. If you have trouble deleting files and you're already in safe mode read here: Spyware Techniques . You can also push Ctrl + A to copy the list of all the viruses found and paste the list into the MWAV cleaner. It should delete all the viruses for you. If you still have trouble complete all the other steps and then repeat this step.




Step 5 ) Run Spybot -
Install and run Spybot. Install spybot from the file you downloaded earlier. After installation run the program. When a legal notice comes up check the box and push ok. When the Intro box comes up just click Next a whole bunch. Once inside the program check for updates. (If you internet isn't working skip this step and come back when it is) After downloading updates click on "Immunization" on the menu on the left . If you don't get a message saying "All Known Bad Products Blocked" then click on "Immunize". Then click on "Mode" on the menu on the top of the screen. Select "Advanced". A new list of menus will appear on the bottom left of the screen. Select "Tools". You should now see a list of tools in the middle of the screen with a check box next to each tool. Check the box next to the following tools: "ActiveX", "BHOs", "Browser Pages", "Hosts File", "Process list", "System Internals", "System Startup", "Uninstall Info", "Winsock LSPs". Uncheck all the others tools. Then select the tool "Hosts File" from the menu on the left. Now click on "Add Spybot-S&D hosts file". Then click on "Spybot-S&D" near the top left of the screen. Finally, click on the big button that says "Check for Problems". When the scan is done push the button that says "Fix Selected Problems". Be sure to check any problems that are not checked. When it is done fixing the problems click on "Tools" again near the bottom left of the screen. The select "System Startup". Uncheck entries that are unneeded or look dangerous. Basically uncheck everything you don't what it is. You can always recheck them later.

Step 6 )Run CWShredder -
This program will search for and remove all known CWS variants (Cool Web Search). CWS variants are known to be some of the hardest spywares to remove. That is why this tool is so very handy. Running this tool is easy. Just open the program and push "Fix". It will do the rest.

Step 7 ) Run HiJackThis -
(Warning: Do not remove everything this program finds!!!)
Run hijackthis.exe. Once open, maximize the window and select "Scan" near the bottom left. After it is done. check all of the boxes next to each entry that starts with a R0, R1, R2, R3, O1, O5, O6, O10, O13, O18, O19 or O20. Then closely analyze each entry that starts with O2, O3, O15, O16 and F0-F3. Check the box next to each entry that looks suspicious. Any entry that says "(file missing) " at then end you can normally safely check. For the rest check any box that mentions a web site that you are not familiar with or has a name that sounds dangerous. Any entry that has no way of identifying it is normally bad also. Be sure to check any entries that say "Broken Internet Access". Ignore the O4 entries. It's best to use a program that disables (see spybot) the O4 entries instead of deleting them, that way you can re-enable them should negative side effects occur. Then push "Fix Checked". Note: You can also post your hijackthis log here and it will tell you which entries are bad.

Step 8 ) Run LSP Fix -
Run lspfix.exe ( should be contained inside of "lspfix.zip" ). Simply open the program and then push finish.This will remove entry's to files that are not longer present and then show you a summary. If any numbers it shows you in the finished summary are not 0 then it fixed something for you. DO NOT push "I know what i am doing" unless you really do! This is for removing files that are still present on the system, but are causing problems.

Step 9 ) Run Winsock Fix -
If you internet is still not working run "WinsockXPFix.exe". Just open it and push "Fix".

Step 10 ) STOP using Internet Explorer and START using FireFox. Firefox is a free simple web browser that doesn't have all of the security holes that Internet Explorer has. Using Firefox instead of Internet Explorer will prevent your computer from being infected by spyware again.
firefox

If you still can't get rid of the virus / spyware read here: Recent Malware Encounters



Keywords: spyware malware virus removal malwareinstructions