First - try to do a scan. If the infection is already on the system. Try not to use your existing AV, use online scanner. Please boot to safemode with networking first before running any scan because on this mode all the running 3rd party application is temporarily stopped. Virus/Spyware/Malicious code usually attached themself to some running process that it why they cannot be deleted easly. Do a restart to check.
Here are some useful links.
Windows Live Onecare Safety Scanner - http://onecare.live.com/site/en-us/default.htm - will only work in IE because it requires to run Active X control!
ESET - http://www.eset.com/onlinescan/
Trend Micro - http://housecall.trendmicro.com/
Panda - http://www.pandasecurity.com/activescan/index/
If the issue still persist,proceed to the next step:
You can do System Restore to undo changes that was been made on the computer. You can do this by clicking on start/all programs/accessories/system tools/system restore. Then select restore my computer to an ealier time, click on next then you will see a calendar. Select restore point available to use, make sure that you will use a date that you think your computer is working okey and you are not experiencing Virus/Spyware infections. Then let the system do the restore. Check once it done.
If the issue still persist,proceed to the next step:
1. Cleanboot the system - stop all the startup first the do a restart. You can do this by start/run/msconfig/startup tab/disable all/apply and okey.
2. Clean BHO on Registry (Works only for Spyware infections). You can do this by start/run/regedit/click the + sign on hkey_loca_machine (do the same thing on the rest of the drop down folders)/software/microsoft/windows/currentversion/explorer/browser helper objects. If you see inputs under browser helper object -like forder's named in form of number and letters remove them all. Then close Registry afterwards.
3. Clean your prefetch, temp, %temp%. You can do this by start/run/type each command (prefetch...)/then once the folder opens, delete all the files and folder's there.
4. Reset IE settings to default. (Works only for Spyware infections). You can do this by control panel/internet options/advance tab/reset/apply and okey
5. Check for unwanted files on system32. Be sure to show all the hidden files first. You can do this by going tool/folder options/. Then once you're on the system32 (c:/windows/system32). Arrange the files into details, (click on view/details). Then click on date modified and set it into the recent one. Look for suspeciouse files, if you are not sure then google it. Hint: you will know if it is a valid program or file if it has a manufacturer signature on it. You can see this by right clicking the file/properties.
6. If you want to see and delete suspecious process. Download and run Process Explorer to end all malware related process.Go to http://live.sysinternals.com and click procexp.exe. Run the tool to view resources and running process.
7. Download and run AutoRuns. Go to http://live.sysinternals.com and click autoruns.exe. Check system32 then delete OR rename malware related files.
8. Restart computer to verify solution
16 years ago
0 comments: