View Single Post
  #2  
Old 10-09-05, 01:49
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 79,718
Thanks: 61
Thanked 7,420 Times in 3,971 Posts
Default READ & RUN ME FIRST. Malware Removal Guide

Please Read These Important Notes for the Malware Removal Guide:


NOTICES:
  1. Malware has progressed to the point where some infections can be extremely difficult to fully remove. And there can be residual left over damage to many aspects of the Windows Operating System that may also be very hard to repair. As such, the act of removing malware can sometimes cause unexpected problems due to how the malware has hooked itself into your operating system. While in most cases, we do not have problems, we cannot guarantee that there will not be any. Thus it would be a very good idea for you to begin by backing up all important personal information before undertaking the act of malware removal. You can bypass this step at your own risk, but remember that we cannot guarantee what the result will be from trying to remove malware from your PC.
  2. Also malware has progressed to the point where additional manual removal steps will almost always be required after completing the cleaning instructions given in this guide. So do not be surprised if you still have problems when you finish the instructions.
  3. Do not make the false assumption that this thread is old or out of date based on the date the thread was started ( 10-09-05 02:49 ). Look at the Last Edited date at the bottom of this message as this procedures does evolve with time.
Now if you are ready to continue with malware removal:
  • Complete ALL of the below steps including the specific malware removal cleaning instructions for your Windows Version.
  • If something does not run, write down the info to explain to us later but keep on going.
  • Do not assume that because one step does not work that they all will not.
  • If you cannot boot in Normal Boot mode or can boot but not properly run in normal mode but your PC runs in safe boot mode, you can ignore our note about Normal Startup and just complete as much as you can in safe boot mode. Some programs may not install in safe boot mode.
  • If you cannot download required programs on the infected PC, download them using another PC and copy them to the infected PC via CD or USB drive.
  • Do you want your PC fixed?? If yes then attempt to finish everything requested. Please do not cheat by skipping any steps. Attempt to run ALL steps in the READ & RUN ME. The only steps you should skip are ones that you are blocked from running by your problems.
    • You are only hurting yourself and you will waste more time in the long run if you ignore or skip steps.
  • There is no risk in posting logs. Nothing in them will give anyone the kind of info that some people may be concerned about. If you are concerned about logs that might show your real name, you can just edit those out before attaching them; however, do realize that fixes we may have to provide may not automatically work properly since they will need to refer to the original unedited information.
  • Once you start this cleaning process to remove your malware please do not do anything to your PC except what is requested in this procedure. Do not install anything on your own and do not run other scans.
Step 1: Getting StartedStep 2: Uninstalling Multiple Protection Applications
*** IMPORTANT NOTES - READ THESE ***
  • You must uninstall all but one antivirus program.
    • If you have multiple antivirus applications installed on your PC, please choose the one you prefer and uninstall all others. Do this now before continuing because you will only be asked to do it later if not done now. This does not mean online scanners. It is only referring to full antivirus applications like McAfee, Symantec, AVG, Avast, AntiVir, Kaspersky, etc.
  • You must uninstall all but one software firewall.
    • Only use one software firewall. Running multiple software firewalls is unnecessary and using more than one software firewall on the same connection could cause issues with connectivity to the Internet or other unexpected behavior including excessive use of system resources which will slow down overall PC performance.
Step 3: Configuration & Setup
  • Determine whether you have a 32-bit or 64-bit version of Windows because you will need to know this later during cleaning instructions
  • Enable viewing of hidden files, system files and file extensions
    • Some programs hide themselves by making their files invisible in normal Windows settings. Run the steps in the below link (this has steps for ALL Win OS's) to make them easier to find.
    • Not doing this would allow file extensions commonly used by trojans and spyware to be hidden, for example a file ending in .exe or dll making manually finding it, if needed, difficult to impossible.

Step 4: Disable Any Disk Emulation Software (like Daemon Tools..etc)
  • If you skip this step, we may be just telling you to start the cleaning process over again! DON'T SKIP THIS STEP.
  • This is become a critical step before continuing the cleaning process. Disk emulation software is making it difficult to separate real rootkit like malware from valid software.
Step 5: Temp File/Folder Cleaning
**** WARNING ****
Skip running CCleaner or any other disk cleaning program if you are missing icons, items from your Star Menu, from All Programs....etc.
  • Download and install CCleaner See the download links under this icon:
  • Now run Ccleaner. When it opens, the left most column will show 4 selectable icons ( Cleaner, Registry, Tools and Options).
  • Click the Cleaner icon ( it really should be selected by default so this is just to be sure it is selected ).
  • Now in the middle column you will see two tabs ( Windows and Applications ) keep the default settings on both of these tabs with the exception that if desired, you can uncheck the Cookies check boxes on both tabs to avoid loosing saved passwords from your browsers. Do not change anything else!!!
  • We only want you to run the Cleaner function by clicking the Run Cleaner button towards the bottom right. DO NOT, I repeat, DO NOT select the Registry icon in the left column and DO NOT clean the registry.
  • Also it is highly recommended ( but optional ) to login to all other User Accounts on the PC.
    • Run CCleaner on each account. This can greatly reduce scan time and log sizes from the later scanning you will do below.
    • If you don’t see Ccleaner’s link when logging into the other accounts, just go to the C:\Program Files\Ccleaner folder and double click on the ccleaner.exe file to run it. You can also create a shortcut to the file on the Desktop of your other user accounts to make it easier to run in the future
Step 6: Windows OS Specific Cleaning Instructions

Select and run all steps in the malware removal cleaning link below based on your Windows Operating System. You must click the blue underlined links to get to the cleaning procedures for your version of Windows!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter

Last edited by chaslang; 01-12-14 at 23:19.. Reason: show download links tip on CCleaner
The Following 260 Users Say Thank You to chaslang For This Useful Post:
1BUD1 (01-19-13), 1i1paco (04-07-11), 2Dangerous (08-06-13), ajones7874 (07-13-12), Alex laxamana Domingo (03-18-11), alexgow1 (03-24-11), AlexKlein (05-16-12), Alpharetta (05-11-13), AlwaysOffLine (10-26-12), AndoverStrunt (01-29-12), andybard954 (01-07-14), andybe (03-30-11), andyg1st (11-06-12), ANNIEPOTTS (07-08-12), annosmond (07-09-12), AnvilForge (10-31-12), AureolusV (12-16-12), avee (10-10-11), Awesomebob (03-24-11), axlmastr (07-07-13), b1gcr4ig (02-06-11), babbaroni (06-06-11), Badgeroonie (09-24-13), Barnes (02-15-11), bdelapp (04-06-11), beaniecaper (01-08-12), bernieriedel (03-21-13), bettnott (12-19-12), BigC666 (04-15-14), Bijou (05-20-11), bikram_singhy (09-02-13), blue70 (06-15-13), Bluestreak (02-16-12), bmarsh (05-11-13), Bodhi43 (09-07-12), BoredOutOfMyMind (06-24-11), Boundaryman (01-22-13), Breeza (10-14-12), brittanybri (07-29-13), bugsy1275 (07-27-12), buildgrowcreate (01-18-12), B_RAD_T07 (09-17-12), CallingOntheGeekSquadPlz (11-03-13), camez (03-23-14), captainglassback (04-22-13), captainkremin (02-15-11), CATANK (02-27-12), cberk74 (07-26-13), cbnepa (08-19-13), cegusa (11-15-12), cf1 (02-23-12), cfessler (10-22-11), chanee1 (02-12-13), chasemonster (04-02-11), Chrisgal999 (09-18-13), cindyw9 (09-28-11), clash city rocker (08-21-11), Clyde Mc (11-12-11), Cnelly (01-30-11), compnewbie (01-20-11), CoolStuff (06-23-13), coopvet2000 (04-26-11), Corrin (12-19-11), cretzuq (04-12-13), cvsnow (09-01-11), cwchute (01-12-13), cwjones (05-20-13), cybergirlnot (02-09-11), cybrduck (07-15-11), darron (07-13-12), Dave Danger (05-06-11), davidharold9r (12-16-12), DazedandBewildered (01-23-14), deven (09-23-11), dgaleano (01-17-11), DigiOops2 (07-23-13), diskonek (06-24-12), djames216 (08-16-11), Dogtamer (11-23-13), DonSim (06-04-13), Eezak (03-21-12), Eilenach (05-14-12), emmaemma (04-02-12), erosarriving (04-06-11), ExtremeHelper (08-29-13), fatteapot (02-07-11), Foxfax (11-19-13), FunkyTomo (09-20-12), galacey (07-06-12), gamegodessss (02-26-12), GamerPrincess (08-27-13), GCWesq (05-20-11), GEEKWANNAB (01-09-11), ging (11-03-12), Going Nuts (06-06-12), Greyhound (07-11-13), Grumbles (04-16-11), happicamper (05-13-11), hatredformalware (11-17-11), HAV0C228 (01-22-13), hongkongfuei (04-16-11), i need hlp (06-13-13), iagojames (05-23-11), Ian Hutchinson (10-17-11), Ickle (02-09-13), icotonev (06-18-12), IdlyDosaRulz (08-03-13), igrushka7 (02-18-14), iivanita (04-03-12), ImaSplicer (03-23-13), Infectafated (04-15-13), InkEater (09-08-12), jackeebaby (11-01-13), jayeklund (01-17-12), jdil1969 (09-28-12), jdr109 (10-22-11), jimmsta (05-18-13), jimmys (11-15-11), jkakins36 (02-13-13), jm42 (04-17-12), jobytug (01-27-13), joethegroovy (06-18-12), jrd47 (11-23-12), justifythegame (08-11-11), justkim (01-29-12), kabo0m (10-16-12), kathypena009 (06-08-12), kbo (04-05-13), kdzgon (08-28-11), Kenkita (08-22-13), Kileybrokeit (12-07-13), Kintelligence (08-01-13), Kjodiz (11-07-12), lakensnana (06-26-12), larnt (05-22-11), Lavender (07-18-11), LA_Cyn (12-10-11), leroi48 (06-10-12), Lilyannis143 (07-22-12), lincro40 (01-27-11), linuxpowers (11-14-11), livekarl (09-18-11), livelikeatraveler (01-23-14), Lokin (11-24-12), longbowjg (10-26-12), louis cardinal (02-14-11), madamson (01-19-12), mamabear0604 (10-14-13), mang5087 (10-07-12), manilka835 (11-25-12), Mark175 (02-11-14), mark999 (05-11-11), markem (07-03-12), Matetsi (08-18-13), maybeso (08-23-12), MCxGT (04-07-13), mechadren (06-21-13), MediGeek (08-05-13), melbourne1959 (06-04-12), Mike0921 (04-14-14), Mimsy (07-30-13), mistermox (03-27-11), Mitchle (02-06-13), Mithun Sanghavi (10-11-13), mixmistress508 (03-12-14), mohamed mansour (04-16-11), Motada (07-17-13), mountainmama (02-11-11), mparicrph (01-28-13), mpetro1 (09-11-13), msckitti (03-18-12), muymalestado (01-17-11), mynameisluca (02-08-11), mysisterisdumb (08-28-13), nathansmith (06-03-11), Nickman87 (05-06-12), nktinnj (03-12-11), nolf10 (04-04-13), OkieTornado (11-13-12), okos (06-21-13), ooox0@aol.com (03-20-14), Otana (05-01-11), outbackmum (05-16-12), OzWizard (01-02-11), p45cal (01-18-11), parkie70 (06-04-12), paulmassoth (10-26-13), peaked (07-31-11), pealsoptommi (02-01-14), pearbelle (10-15-12), Petza (09-30-12), phobius (03-13-12), phoenixrising72 (02-20-14), PiCode (05-16-13), Plobbleses (06-05-11), PNut32 (03-20-12), Puffbunny (10-24-12), Ramachandrea (04-03-11), ram_aryan (06-17-11), rattayork (06-24-13), Razrlinkz (01-02-12), Rebecca99 (11-17-11), RebeLeeous (01-12-13), rexer (04-21-12), rezzor (12-09-12), rhcorbett (09-20-11), Rich_Lovina (04-19-12), rison146 (07-18-12), Romans10 (01-12-14), rompoto (07-27-13), RonnieJaysmith (02-14-12), ronster11 (11-08-12), safetydave (09-03-12), SalsaMan (10-13-11), saucer (02-09-11), sberkkoch (02-26-14), Seeker052 (02-20-11), sharlypop (08-17-12), shelbot (04-13-14), sidecar (01-25-13), SingingSam (10-11-12), Skysarge (08-10-13), slipknot72102 (01-05-12), snipermike (04-14-12), Soosed (02-01-13), SpeedyKid (08-09-11), Spendrake (11-20-12), SScytrome (03-08-11), stefan_sa (05-08-11), stefhall (11-13-12), string_d_2002 (12-05-12), SusieK (01-30-13), syncmaster57 (11-01-13), TerahertzCpu (01-22-13), The Old Man (09-15-12), thekops (04-05-11), tlh686 (10-19-11), toclark2 (11-04-12), toolmom (08-02-11), toomuchpurple (11-03-11), TouchstoneUK (12-07-11), tripseven (05-21-13), unjdm (05-16-11), veganseeds (04-02-11), Virtumondehatesme (11-27-11), vvvccc (04-22-12), v_w (03-02-13), waterboy2 (01-23-12), whathappen (01-26-11), Will DOS (04-07-13), wittuh (10-19-11), wkdwarrior98 (10-08-12), wmich74 (03-28-14), WonderWeasel82 (04-19-12), Wrenchman (06-18-11), Wylddredhead (05-04-11), XxROGUExX (04-06-14), Xyllus (04-09-11), yazzie0 (09-15-12), zanger (03-12-12)