Spyware and virus removal tutorial

Spyware and Virus Cleaning Tutorial. Any any ideas what to add?

What do I need to add to the spyware and virus removal tutorial?

Http://techrepublic.com.com/5208-6230-0.html? Forumid = 102 & threadid = 207375 & START = 0 & tag = NL. e101

Translation:Endurer
1st-

If you think of some software/step that is needed for this tutorial that Im working on, please post it. thank you. the tutorial in * very rough daft * be ready for bad grammar. please note the details on how to use the software and reason for it has been removed for a simple daft version.

If you want to post the software/steps required for this tutorial. Thank you! This tutorial is also very stupid *. Prepare for bad syntax. Pay attention to the software usage details, because it has been deleted as a simple and rough version.
Endurer Note: 1. Think of: Think (think, imagine, imagine, plan, and come up with an idea)
2. Prepare...
3. Reason :... Reason (reason, etc.)

How to Remove spyware and virus:
How to clear spyware and viruses

XP only
Only applicable to XP endurer. Note: assume that your Windows XP is installed on drive C.

Because spyware and virus in bed themselves into windows system like network and so on by removing them cocould cause the Internet or computer to stop working !!! By following these steps of removing spyware/virus it possible, if not likely spyware virus cocould break your computer. Happy hunting!

Because spyware and viruses embed themselves into Windows systems, such as the network, removing them may cause the Internet or computer to stop working !!! If you do not like spyware or viruses, you may need to take the following steps to remove them. Have a good time!

Endurer Note: 1. Happy hunting ground: Heaven

Before cleaning your computer you shocould backup your data. Also, download (on a clean computer is very helpful) the following programs:

You need to back up your computer before cleaning it up. Therefore, it is better to download the following programs (on a clean computer:

Winsock XP fix, belarc advisor, ad-aware personal, Spybot-search & destroy, Windows Defender (Beta 2 ).

* Note * unless I say differently all the steps shocould be in safe mode by hitting F8 During the computer reboot.

* Note * Unless otherwise stated, all steps need to be performed in safe mode. To enter safe mode, press f8.

Up back all data you want to save !!

Back up all the data you want to save !!

Install and run belarc Advisor

Install and run belarc Advisor
Endurer Note: 1. larc:
= Library Automatic Research Communications library automated research Newsletter

The software creates a local dynamic webpages that has information about hardware, CD-key for Microsoft software and so on. if you having problems displaying the website or if Internet Explorer (IE) broken for some reason, install Firefox at firefox.com.

This software creates a local dynamic web page with information such as hardware and Microsoft software CD-key. If you see that the website is faulty or IE is broken for some reason, install Firefox on firefox.com.

Find the software keys belarc advisor doesn? T pickup!

Find the software key not detected by advisor!

Some programs you can get the CD-key by going to help => about. it is very import to get the CD-key incase during spyware/virus removal the OS/etc dies. after getting the software CD-key check to see if you have all the software CD needed to reinstall the OS and other software.

For some programs, you can get the CD-key through help-> about. It is important to collect the CD-key. During the removal of spyware/virus, the operating system may die. After obtaining the software CD-key, check to see if you have any software CD that requires reinstallation of the operating system and other software.

Del temp, temp Internet files, and cookies

Delete temp, temp Internet files, and cookies

Why?

Why?

Virus/spyware are download and installed from website using drive-by-install.

Virus/spyware is downloaded and installed from the website using the drive-by install plug-in.

(Must remove all files)

(All files must be removed as listed below)

C:/Documents and Settings/(all the user on the PC)/Local Settings/temp

C:/Documents and Settings/(all users on this computer)/Local Settings/temp

C:/Documents and Settings/(all the user on the PC)/Local Settings/Temporary Internet Files

C:/Documents and Settings/(all users on this computer)/Local Settings/Temporary Internet Files

C:/Documents and Settings/(all the users on the PC)/cookies

C:/Documents and Settings/(all users on this computer)/cookies

(* Note * removing cookies will cause your browser to lose all saved username/password ).

(* Note * removing cookies will cause your browser to lose all saved usernames/passwords)

C:/Windows/Downloaded Program Files
(Checking on) (check)

Endurer Note: 1. Check on: Check (check)

C:/Windows/temp
(Checking on) (check)

C:/Windows/offline web pages
(May be pointless to have this one) (this step may be meaningless)

Remove files/program icon from Startup Menu

Remove File/program icons from the Start Menu

C:/Documents and Settings/all users/Start Menu/programs/startup

C:/Documents and Settings/<for each user>/Start Menu/programs/startup

C:/Documents and Settings/<each user>/Start Menu/programs/startup

Disable System Restore

Disable System Restore

Why?

Why?

This will cause any possible system restore to be lost, however spyware/virus love handing around in the System Restore.

This will lead to loss of some available system recovery points, but spyware/viruses love to be passed into the system for restoration.

Endurer Note: 1. hand around: delivery; Distribution

To Open System Properties, click Start, click control panel, and then double-click system. in the system Properties dialog box, click the System Restore tab and select the turn off System Restore check box. click Yes when you receive the prompt to the turn off System Restore.

To set System Properties, click Start, click control panel, and double-click system. In the system Properties dialog box, click the System Restore tab and select the disable System Restore check box. If you are prompted to disable System Restoration, click yes.

Remove program using Add/Remove Programs

Remove programs by adding/deleting programs

Why?

Why?

Some software that comes with Ad-ware will remove it once you remove the software.

Some software with advertising software, once removed, the advertising program is also removed.
Endurer Note: 1. Come with: Starting from...

Write down the location where the programs you removed are location.

Write down the location of the software you removed.

To open add or remove programs, click Start, click control panel, and then double-click add or remove programs. also, try going to the programs Uninstall in startup, all program, and then in the program folder. if you don't know if the program good or bad try Google the name of the program. some spyware/virus programs only do half or fake removal.

To open the add and delete programs, click Start, click control panel, and double-click add and delete programs. You can also try to start-> uninstall programs in all programs, and then in the program folder. If you do not know whether the program is good or bad, search for the program name on Google. Some spyware/virus programs are only half done or pretend to be deleted.

After use the add or remove programs go to the program folder and remove any folder/file that remains.

After you add or delete a program, go to the program folder and delete the remaining folders/files.

Run msconfig

Run msconfig

Why?

Why?

Stop the software from starting up in reboot and possible reinfection

Prevents software from running and possibly re-infection during restart

Endurer Note: 1. Stop from: block (Block)

Start-> Run-> type msconfig

Start> RUN> enter msconfig

Do not reboot unless I say!

Do not restart unless I tell you!

Click the Startup tab; uncheck all startup Item you wish to stop. if you don't know if the startup Item is good or bad, try Google.com. example is vptray is for Norton, or cocould be virus sometimes.

Click the start tab: do not select all the start items you want to stop. If you do not know whether the startup Item is good or bad, try Google.com. For example, vptray is generally from Norton and may be used by viruses.

Click the Services tab and check hide all Microsoft services. Click Disable all. This will disable all non-Microsoft Service, as some virus/spyware cocould setup them as service.

Click the service tab to hide all Microsoft services. Click Disable all. This will disable all non-Microsoft services because some viruses/spyware may install themselves as services.

Click OK. When small box comes up, click exit without restart.

Click OK. When the prompt box is displayed, click exit but do not restart.

Hijackthis

If you Don? T know what this does/etc it best if you skip this step. hijackthis is very powerful registry and has varous other files editor. hijackthis cocould damage the OS, so best leave alone unless you know how to use it.

If you do not know the features of the software, skip this step. Hijackthis is a powerful registry and a variety of other file editors. Hijackthis may compromise the operating system, so it is best to ignore it unless you know how to use it.

Endurer Note: 1. Leave alone: No matter (ignore, do not interfere, let alone)

Reboot back into safe mode with network connect
(In safe mode there are min Windows software running, the reason for about steps is to less the BS later one)

Restart your computer to the safe mode with network connection (there are at least Windows software running in safe mode, because there are few blue screens)

Endurer Note: 1. BS: return; blue screen

Ad-aware personal

Install (www.lavasoftusa.com) ad-aware personal, update it, and then run.

Install (www.lavasoftusa.com) ad-aware personal, update and run.

Ad-ware personal can only Remove spyware it knows about !! Update it !!

Ad-ware personal can only remove known spyware !! Update !!

To update ad-aware personal by using the Software Updater or the ad-aware se personal definition file from www.download.com.

To update ad-aware personal, you can use the software update program or the ad-aware se personal definition file on www.download.com.

SpyBot-search & destroy

Install (www.safer-networking.org/en/download/) Spybot-search & destroy, update it, and then run it (best if run in safe mode)

Install (www.safer-networking.org/en/download/) Spybot-search & destroy, update, and run (preferably in safe mode ).

To update Spybot-search & destroy by using the Software Updater or get the Spybot-search & destroy definition file from download.com

To update Spybot-search & destroy, use the software upgrade program or obtain the Spybot-search & destroy definition file from download.com.

Windows Defender (Beta 2)

Download Windows Defender (Beta 2). Install in safe mode if you. If you can? T install Windows Defender by reboot the computer in normal mode (unplug the network cable) and install Windows Defender. after installing, reboot back into safe mode with network connect. update Windows Defender by using ??? (Help icon)-> check for updates. Read the Windows Defender (Beta 2) tutorial from Microsoft.com if need be.

Download Windows Defender (Beta 2 ). Install it in safe mode. If the installation fails, restart the computer to the normal mode (remove the network cable) and then install it. After installation, restart to the safe mode with network connection. Use the help icon> check for updates. If necessary, read the Windows Defender (Beta 2) tutorial on Microsoft. com.

Check the host table

Check host table

Why?

Why?

Some spyware/virus writes to the host table to force the browser/Internet connect to go to incorrect website/IP. the computer check the host table first to find the IP address of the website, if its not there then goes to the DNS to get the IP address of the website. example of problem is when you try to visit notorn.com, but the host table has IP address to hacker website. the browser will go to the hacker website and cocould infect you computer again. or they cocould stop you from updating you antivirus and antispyware.

Some spyware/viruses rewrite the host table to force the browser/Internet to connect to an incorrect website/IP address. The computer first checks the host table to find the IP address of the website. If no IP address is obtained from the DNS. For example, when you try to access notorn.com, but the host table has an IP address pointing to the hacker's website. The browser will go to the hacker's website and be able to infect your computer again. Or they prevent updates to anti-virus software and anti-spyware programs.

(In case anti-spyware didn? T clean most of it out)

(In this case, the anti-spyware program may not be able to clear them)

C:/Windows/system32/Drivers/etc

Open the file name "hosts" with word pad.

Open a file named hosts on the WordPad

Enter the following at the bottom:

Enter the following content below:

Shocould look like this

To look like this:

# Copyright? 1993-1999 Microsoft Corp.
#
# This is a sample hosts file used by Microsoft TCP/IP for Windows.
#
# This file contains the Mappings of IP addresses to host names. Each
# Entry shoshould be kept on an individual line. The IP address shold
# Be placed in the first column followed by the corresponding host name.
# The IP address and the host name shocould be separated by at least one
# Space.
#
# Additionally, comments (such as these) may be inserted on individual
# Lines or following the machine name denoted by a' # 'symbol.
#
# For example:
#
#102.54.94.97 rhino.acme.com # source server
#38.25.63.10 x.acme.com # X client host

127.0.0.1 localhost [/spoiler]

Scan for virus/more spyware by using online anti-virus attack !!

Scan viruses/more spyware using an online anti-virus scanner.

Trendmicrio housecall online anti-virus plugin will help remove what it find.

Trend Micro housecall online Anti-Virus Detection helps clear what it discovers.

Norton online users Norton will not remove the files for you. You need find the location and delete the files by hand. Click the Symantec Security Check
Http://security.symantec.com/sscv6/default...id=ie&venid=sym

If spyware/virus is founded rerun the scan until you find none.

Run rootkit uninstall

Run rootkit scanner rootkitrevealer

Rootkitrevealer http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx

Why?

Why?

Rootkit is software that attempt to hide their presence from scanners and system management utilities. rootkits can be executes in user mode or kernel mode.

Rootkit is a software that attempts to hide their presence from scan programs and system management software. Rootkits can be executed in user mode or kernel mode.

Playing hook with the network connect

Use hooks to connect to networks

Endurer Note: 1. Play with: play with

If you lose network connect during any of these step try running Winsock XP fix. this shoshould replace all the stocks for the network, hoping will fix it. the spyware/virus may have edit the software for the network connect and by removing the spyware/virus destroy the software.

If you lose the network connection during these steps, try running Winsock XP fix. This will replace all network storage, skip repair. Spyware/virus may have software that has edited the network connection, and destroy the software by removing the spyware/virus.

You may need to reinstall your OS or drives

You may need to reinstall the operating system or driver

You may need to reinstall the OS on top of its self, or may need to wipe everything and reinstall a clean copy of the OS. you need the Windows CD-key for both option. for the driver you need to test them in order find out if they working or not, have fun in this step.

You may need to reinstall the operating system, or you may need to clear all the items and reinstall a clean copy of the operating system. In both cases, you need windows CD-key. For drivers, you need to test to see if they work, and wish this step a pleasant job.

Reinstall anti-virus and scan your computer

Reinstall the anti-virus program and scan the computer

Please note that the spyware/virus may have disable or kill your anti-virus !! You may need to remove the anti-virus and reinstall, then update and Rescan for virus/spyware. Go to antivirus website to find the tool to full remove the antivirus.

Please note that the spyware/virus may have been disabled or your anti-virus program has been killed !! You may need to uninstall the anti-virus software and reinstall it. Then upgrade and scan the virus/spyware again. Go to the anti-virus software website and find the tool to completely uninstall the anti-virus program.

Scan the hard drive for errors (Scandisk)

An error occurred while scanning the hard drive program (Scandisk)

Scan disk will take sometime; best go do something else for few hours after the scan started. It cocould taker longer if its larger hard drive.

Scanning a disk takes some time; it is best to do other things within a few hours after scanning starts. A larger hard disk may take longer.

Update Windows

Update Windows

Updates, updates, updates, and more updates.

Update, update, update, and then update

Defrag the hard drive

Sort hard drive fragments

(Run Scandisk first !! This step will take sometime)

(SCAN disk first !! This step takes some time)

Before starting defrag you shoshould be in safe mode or if you? Re in Normal Mode stop all unnecessary programs that are running. Disk Defragmenter needs a min of 15% of free space on the hard drive in order to defrag.

You need to enter security mode before you start the fragment, or if you are in normal mode, stop all running unnecessary programs. The disk fragment program requires at least 15% free space on the hard disk for fragment.

Misc

Enable System Restore

Enable System Restore

Enable service in msconfig

Use msconfig to enable the Service

Enable startup in msconfig

Use msconfig to enable startup items

Clean dust from the computer

Dust Removal

<Adding more later>

Please say if needs added steps and what/where need be.
If you need to add a step, specify the required/where.

Posted:01/03/2007 @ 09:36

Cbcats

Job role: Student

Location: Barnes, wi

Member since: 01/23/2006

Replacement for msconfig
Msconfig substitutes

Hi cbcats;
I hope you get lots of help with streamlining this very good approach! I do this sort of thing semi-already sionally every day of the week; you have it pat down straight!

I hope you will try to rationalize this great discussion! I do similar things in less professional ways every day. You have already straightened out.

Endurer Note: 1. Sort of: somewhat (slightly, to some extent)

The only technical suggestion I have:

My only technical suggestions:

Do not suggest to possibly inexperienced people to use msconfig. What a clumsy tool; IMHO needs way too much know-how on the users side. Why not (for this purpose only !) Use cCleaner? You find the latest version always here:

We do not recommend that you use msconfig if you are not skilled. This clumsy tool. To be blunt, there are too many requirements for users. Why not use cCleaner for this purpose? You can always find the latest version here:

Endurer Note: 1. IMHO: in my humble opinion with all my respect; view of fools

Http://www.filehippo.com/download_ccleaner/

This little thing has helped me a lot! They even have their own web site with all the info about it (and then some ):

This little stuff helped me a lot! They even have their own website, all about it (this is something :)

Http://www.ccleaner.com

Keep up the good work.

Continue this good work.

Oh, BTW, if you want help in smoothing grammar and language, I am volunteering.

Oh, by the way, if you need help in smooth grammar and language, I am a volunteer.

Regards
Eikelein

Posted:01/06/2007 @ 10:27 (edited 01/06/2007 @ 10:29)

Ejheinze @...

Job role: IT consultant

Location: Hartford, wi

Member since: 01/05/2007