G³ Solutions
Technology Defined
kgiii.info
G³ Home
Microsoft® Windows®
> > All Platforms < <
General
Additional System Info
Access MS Newsgroups
Device Transfer Speeds
Disable Delete Prompt
Forgotten ISP Password
Function Keys
Keyboard Shortcuts
Malware Cleaning
Microsoft's TechNet Archive
MSCONFIG - Startup
Pesky Startup Apps
Print Screen - Screenshots
Registry Editing Warning
Replacing Disks/Hardware
Reserved Names
Safe Mode
Showing Hidden Files
USB 2.0
Windows Windows Windows?
WinKey Shortcuts
Tips / Tweaks
Changing Owner & Organization Delete - Skip the Recycle Bin
Security
Firewalls – Basics
Identifying a Virus
Prevent Phishing
Safe Mode - Explained
Advanced
Clean LastKey Regedit
Backup! Image/Clone
98
ME
2000
XP
Security
Links
G³ Blog
G³ Forum
Web Site Hosting
Microsoft® Windows® > All Platforms
 General

Malware Cleaners and Repair

Malware is a generic name for any sort of file you don't really want and can't seem to get rid of like viruses, trojans, spyware, or certain kinds of adware. They are usually installed on your system without your knowledge or permission though some vendors of malware will claim that you gave them permission when you installed it and will often have some vague information about the adware or collection of personal information in the agreement process of the installation. Who reads that stuff anyhow? More often then not these types of programs can't be removed from the Add/Remove control panel applet and require special methods of uninstalling them.


Malware Repair

Important:
The installation of some malware can overwrite certain files that your computer needs to access the internet. It's in your best interest to either learn how to repair such in Windows XP with the SP2 update or download the free application, LSP-Fix, described farther on.

 XP SP2:
If the operating System is Microsoft Windows XP and has been updated with Service Pack 2, then you can do the following steps to repair your pc's internet connectivity:
  1. Press the Start button.
  2. Click on Run and then type "cmd" without the quotes and press Enter.
  3. At the command prompt window type "netsh winsock reset" (without the quotes of course) and again press Enter.
  4. Wait for the confirmation message and reboot the computer.

LSP-Fix:
LSP-Fix can be used to repair your network connection should the removal of malware prevent you from accessing the internet. It's a good tool to keep on hand or to put onto a disk for safe keeping, if it's ever needed again in the future. If you're an IT worker, and still stuck in the trenches, then it's a "must have" tool.

Before you do any malware cleaning, it's in your best interest to download this free application here:

LSP-Fix - a free program to repair damaged Winsock 2 stacks.


Malware Cleanup Tools

Following are some tools, in specific categories, that I've found generally get the best results. Keep in mind that no one application contains all the definitions for each and every troublesome program out there so once in a while you may need to get a second opinion. All of the files here are freeware or are offering extended trials. Please be aware that this process is not quick nor is it very easy the first time you do it but it is very effective and will usually give you positive results.

Ant-Virus Software:
Even if you have current AV installed go ahead and disable it for a short time. Download any one of the following, install it, update it to the latest definitions (scroll to the bottom of this page for some additional information).

- AVG
- avast! antivirus
- CA eTrust™ EZ Antivirus

Anti-Spyware Software:
Download and install all three of these applications. Keep in mind that the 'Microsoft Windows AntiSpyware (Beta)' is only for use with operating systems that are newer than Windows 2000 and that it's very effective but still in beta format and might have a few small bugs in it though it does a very decent job. After you have downloaded them update all of them to the latest definitions (scroll to the bottom of this page for some additional information).

- Ad-Aware
- Spybot - Search & Destroy
- Microsoft's Windows Defender - see System requirements.

Anti-Trojan Software:
After you've downloaded the following and installed it you will, once again, want to update to the newest definition files for the application you've chosen (scroll to the bottom of this page for some additional information).

- a squared


Using The Tools

Once you have downloaded, installed, and updated these applications the next step is to clean your computer with them.

In Safe Mode:
Reboot your computer and as it's starting up press the F8 button over and over again. Specifically you want to do it between the POST and the actual loading of the operating system but given that those directions are a bit difficult for some people to understand the suggestion that we usually give is to reboot and press the F8 button over and over again until you see a special startup menu. Some keyboards will require that you press the F-Lock key to enable the Function Keys instead of the special keys during the boot process. When you reach the startup menu screen you will want to select the "Safe Mode" (WITHOUT networking option). Remember, you want to select just plain old "Safe Mode" — and NOT "Safe Mode with Networking" — Why? Safe mode doesn't load anything the operating system doesn't need to run so if you have your network connected during this process you will be exposed to the internet and will not have any protection enabled. Practice safe hex and be sure to use safe mode without the networking at all times unless there's extreme circumstances that require you to have a network enabled computer.

Now that you're safely inside of the operating system and in safe mode you'll want to scan with one application at a time. Scan first for viruses. If any are found set the application to delete them and then reboot to safe mode once again. The next scan in safe mode should be for trojans and the final safe mode scan should be for spyware. Scan with them even if the first scans found something or nothing. Always scan for all three catagories and always reboot to safe mode between each scan. The exception to this rule is that you can effectively scan for spyware all in one session (without the need to reboot), first with one application and then with another and finally with the third.

In Windows:
After you've finished all the scans in safe mode, reboot once again. This reboot should be a normal one, and take you to regular mode. Then with Windows open, do your scans all over again. There should be no need to reboot between these scans. If your computer comes up clean then you should be all set. If it doesn't then you'll need to use more advanced cleaning methods not described on this page.

After your computer has been cleaned out and issued a clean bill-of-health you can disable System Restore and reboot your computer to clear out the files that it had in them. Once it's been disabled you can turn it back on and create a new restore point. Some people will tell you that you have to disable System Restore before cleaning. This is an error. Files can not be active in a restore point so can't harm the operating system in any way. The only way that they could do any damage is if you'd restored the computer to an earlier time and, to be honest, disabling the restore feature is like pulling one of the safety nets out from under you, should something go wrong during your cleaning. But if you folow these instructions, chances are slim that you'll encounter any problems, and your machine will be squeaky clean.

OS: All Platforms > General
Date: 05/24/05
Update: 12/10/05

Back to top
About G³ - Copyright - Privacy - Contact G³