readermaniax
Ambassador of Buzz
*img.photobucket.com/albums/v666/sUBs/Alert.gifMalware (Spyware, Adware, Trojans, Viruses) are every increasing in their frequency, and ability to disguise themselves. This forum is a resource for the removal of these unwanted pests. Following is a guide that will help you to remove many of the most common problems, and allow us to help you most efficiently. It may look daunting, but it shouldn't take long to complete.
The reality is that Hijack This logs are getting more complicated, require more time to analyze, and the infections are more difficult to remove -- often requiring a multi-step process. Anything that you can do to help us before posting a log is greatly appreciated. Please acknowledge that you've followed these required steps (or our first reply will likely direct you here).
PREPARATION
*img.photobucket.com/albums/v666/sUBs/FireWall.gifIf your having trouble connecting to the Internet try running the WinSockFix utility to repair your connection:
-->*www.greyknight17.com/spy/WinsockFix.zip
-->*www.bu.edu/pcsc/internetaccess/winsock2fix.html
*img.photobucket.com/albums/v666/sUBs/cleaner.png CleanUp! - download: *www.greyknight17.com/spy/Cleanup.exe
CleanUp!, is a quick and easy way to delete temporary files from your system. Simply deleting these temp files may clear some infections, and will make running the following scans faster.
Run Cleanup! using the following configuration:
1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
* Delete Newsgroup cache
* Delete Newsgroup Subscriptions
* Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!
System Restore
DO NOT disable System Restore . It is a feature of Windows that allows you to restore your computer to a previous known working state in the event of a problem. This is done without loss of personal files or data such as word processing documents, spreadsheets, music, images, etc. This feature is enabled by default and runs in the background making backups after certain events happen on your computer. System Restore protects your computer by creating backups of vital system configurations and files. These backups are known as restore points. These restore points are created before certain events take place in order to give you a recourse in case something bad happens during that event.
Why do antivirus companies advise disabling System Restore before a disinfection?
When restore points are created they are stored in a directory that is accessible only to the System account and not to a user. This keeps the restore points safe from misuse and tampering. Unfortunately this also means that any virus scan software you may have installed can not scan the files located there as well. This causes a problem if a file that is infected with a virus gets backed up into a restore point because now the anti-virus software can not clean it. Now if you ever restore from a restore point, that file that is infected will be introduced back into your system.
With this in mind, if you find that you are infected with a virus, hijacker, or spyware and want to make sure you do not get reinfected if you restore a restore point, you should turn System Restore off and then back on again to clear all the restore points. This will guarantee that their are no infected files that could be restored.
Bert Kinney MS-MVP-( *bertk.mvps.org/html/healthy.html ) has these wise words :
Why not just flush System Restore before scanning?
If something goes wrong in the virus/malware removal process you will have no way to reverse your actions. Sometimes the removal process can be more damaging to the system than the infection. Two examples would be if the system became unbootable, or if the ability to connect to the internet to retrieve additional cleaning utilities is lost. So it is a good practice to leave System Restore intact until the cleaning process is over.
*www.larshederer.homepage.t-online.de/erunt/erunt.gif *www.larshederer.homepage.t-online.de/erunt/ntregopt.gif
ERUNT Download: *www.aumha.org/downloads/erunt-setup.exe
The Emergency Recovery Utility NT - - Backup the Windows NT/2000/2003/XP registry to a folder of your choice
In the unlikely event that System Restore cannot even be used for a "restore" should a corrupted registry prevent Windows from booting, ERUNT can be utilised to restore the registry in Windows 9x/Me/NT/2000/2003/XP and MS-DOS (all-in-one restore program) or the Windows Recovery Console.
The "Export registry" function in Regedit is USELESS (!) for making a complete backup of the registry. Neither does it export the whole registry (for example, no information from the "SECURITY" hive is saved), nor can the exported file be used later to replace the current registry with the old one.
Instructions:
Install & launch ERUNT
Create a copy of your Registry & exit the program.
* please print out ERUNT's readme file in case you need to perform these emergency measures.
The reality is that Hijack This logs are getting more complicated, require more time to analyze, and the infections are more difficult to remove -- often requiring a multi-step process. Anything that you can do to help us before posting a log is greatly appreciated. Please acknowledge that you've followed these required steps (or our first reply will likely direct you here).
PREPARATION
*img.photobucket.com/albums/v666/sUBs/FireWall.gifIf your having trouble connecting to the Internet try running the WinSockFix utility to repair your connection:
-->*www.greyknight17.com/spy/WinsockFix.zip
-->*www.bu.edu/pcsc/internetaccess/winsock2fix.html
*img.photobucket.com/albums/v666/sUBs/cleaner.png CleanUp! - download: *www.greyknight17.com/spy/Cleanup.exe
CleanUp!, is a quick and easy way to delete temporary files from your system. Simply deleting these temp files may clear some infections, and will make running the following scans faster.
Run Cleanup! using the following configuration:
1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
* Delete Newsgroup cache
* Delete Newsgroup Subscriptions
* Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!
System Restore
DO NOT disable System Restore . It is a feature of Windows that allows you to restore your computer to a previous known working state in the event of a problem. This is done without loss of personal files or data such as word processing documents, spreadsheets, music, images, etc. This feature is enabled by default and runs in the background making backups after certain events happen on your computer. System Restore protects your computer by creating backups of vital system configurations and files. These backups are known as restore points. These restore points are created before certain events take place in order to give you a recourse in case something bad happens during that event.
Why do antivirus companies advise disabling System Restore before a disinfection?
When restore points are created they are stored in a directory that is accessible only to the System account and not to a user. This keeps the restore points safe from misuse and tampering. Unfortunately this also means that any virus scan software you may have installed can not scan the files located there as well. This causes a problem if a file that is infected with a virus gets backed up into a restore point because now the anti-virus software can not clean it. Now if you ever restore from a restore point, that file that is infected will be introduced back into your system.
With this in mind, if you find that you are infected with a virus, hijacker, or spyware and want to make sure you do not get reinfected if you restore a restore point, you should turn System Restore off and then back on again to clear all the restore points. This will guarantee that their are no infected files that could be restored.
Bert Kinney MS-MVP-( *bertk.mvps.org/html/healthy.html ) has these wise words :
Code:
It may be necessary to Disable System Restore (Only after scanning and cleanup of the system is complete) to completely remove all virus and spyware infections.
If scanning detects an infection within the System Restore files, don’t panic!
The system will not be re-infected unless the system is restored to an infected restore point.
Once sure the system is free of infection and is functioning properly, flush System Restore.Why not just flush System Restore before scanning?
If something goes wrong in the virus/malware removal process you will have no way to reverse your actions. Sometimes the removal process can be more damaging to the system than the infection. Two examples would be if the system became unbootable, or if the ability to connect to the internet to retrieve additional cleaning utilities is lost. So it is a good practice to leave System Restore intact until the cleaning process is over.
*www.larshederer.homepage.t-online.de/erunt/erunt.gif *www.larshederer.homepage.t-online.de/erunt/ntregopt.gif
ERUNT Download: *www.aumha.org/downloads/erunt-setup.exe
The Emergency Recovery Utility NT - - Backup the Windows NT/2000/2003/XP registry to a folder of your choice
In the unlikely event that System Restore cannot even be used for a "restore" should a corrupted registry prevent Windows from booting, ERUNT can be utilised to restore the registry in Windows 9x/Me/NT/2000/2003/XP and MS-DOS (all-in-one restore program) or the Windows Recovery Console.
The "Export registry" function in Regedit is USELESS (!) for making a complete backup of the registry. Neither does it export the whole registry (for example, no information from the "SECURITY" hive is saved), nor can the exported file be used later to replace the current registry with the old one.
Instructions:
Install & launch ERUNT
Create a copy of your Registry & exit the program.
* please print out ERUNT's readme file in case you need to perform these emergency measures.
