Thread: READ & RUN ME FIRST. Malware Removal Guide
View Single Post
  #2  
Old 10-09-05, 02:49
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Malware Expert
  
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 64,187
Thanks: 36
Thanked 3,819 Times in 1,498 Posts
Default READ & RUN ME FIRST. Malware Removal Guide
Read These Important Notes:
  • Complete ALL of the below steps including the specific cleaning instructions for your Windows Version.
  • If something does not run, write down the info to explain to us later but keep on going.
  • Do not assume that because one step does not work that they all will not.
  • If you cannot boot in Normal Boot mode or can boot but not properly run in normal mode but your PC runs in safe boot mode, you can ignore our note about Normal Startup and just complete as much as you can in safe boot mode. Some programs may not install in safe boot mode.
  • If you cannot download required programs on the infected PC, download them using another PC and copy them to the infected PC via CD or USB drive.
  • Do you want your PC fixed?? If yes then attempt to finish everything requested. Please do not cheat by skipping any steps. Attempt to run ALL steps in the READ & RUN ME. The only steps you should skip are ones that you are blocked from running by your problems.
    • You are only hurting yourself and you will waste more time in the long run if you ignore or skip steps.
  • Once you start this cleaning process to remove your malware please do not do anything to your PC except what is requested in this procedure. Do not install anything on your own and do not run other scans.
Step 1: Getting Started
  • Please begin by reading our Forum Rules and Guidelines
  • If you are here because your PC is booting or running slowly, remember that this is a malware removal guide and not a cure all for slow PC's guide.
    • A slow PC is not always caused by malware. It could just be due to what you run! Or it could be an inadequate amount of memory. We recommend a MINIMUM of 1 GB for Windows XP and 2 GB for Vista or Windows 7.
    • If you have less than the above amount of memory and we do not find any malware, we will be telling you to install more memory or uninstall applications that use memory full time..
Step 2: Uninstalling Multiple Protection Applications
*** IMPORTANT NOTES - READ THESE ***
  • You must uninstall all but one antivirus program.
    • If you have multiple antivirus applications installed on your PC, please choose the one you prefer and uninstall all others. Do this now before continuing because you will only be asked to do it later if not done now. This does not mean online scanners. It is only referring to full antivirus applications like McAfee, Symantec, AVG, Avast, AntiVir, Kaspersky, etc.
  • You must uninstall all but one software firewall.
    • Only use one software firewall. Running multiple software firewalls is unnecessary and using more than one software firewall on the same connection could cause issues with connectivity to the Internet or other unexpected behavior including excessive use of system resources which will slow down overall PC performance.
Step 3: House Cleaning
  • Specifically look in Add/Remove Programs for the below programs and uninstall them if found:
    • Viewpoint Manager (Remove Only)
    • Viewpoint Media Player
    • Viewpoint Toolbar
    • Viewpoint Toolbar (Remove Only)
  • Skip this Sun Java update procedure if using Windows 98 or ME. Uninstall ALL old Sun Java versions because they have vulnerabilities and then get updated.
  • Empty ALL Quarantine type folders for antivirus and antispyware applications.
    • This step of house cleaning may save a load of time later (reduced scanning time) and can significantly reduce the size of logs being posted later. Here is just one example for doing this with Norton/Symantec:
  • Empty your Recycle Bin
  • Empty Norton Nprotect folder (if present) - If you are a Symantec/Norton user make sure you empty their Norton Nprotect folder guarding the Recycle Bin.
  • Download and install CCleaner
    • Now run Ccleaner with the default options (that means don’t change anything) to clean out temporary files.
    • Only use the default settings on the Windows Tab and select Run Cleaner. Do not run any other options from other tabs.
    • Also it is highly recommended to login to all other User Accounts on the PC.
      • Run CCleaner on each account. This can greatly reduce scan time and log sizes from the later scanning you will do below.
      • If you don’t see Ccleaner’s link when logging into the other accounts, just go to the C:\Program Files\Ccleaner folder and double click on the ccleaner.exe file to run it. You can also create a shortcut to the file on the Desktop of your other user accounts to make it easier to run in the future
Step 4: Configuration & Setup
  • Determine whether you have a 32-bit or 64-bit version of Windows because you will need to know this later during cleaning instructions
  • Enable viewing of hidden files, system files and file extensions
    • Some programs hide themselves by making their files invisible in normal Windows settings. Run the steps in the below link (this has steps for ALL Win OS's) to make them easier to find.
    • Not doing this would allow file extensions commonly used by trojans and spyware to be hidden, for example a file ending in .exe or dll making manually finding it, if needed, difficult to impossible.
  • MSconfig must be set for Normal Startup mode
    • If you don't do this you will be delayed in getting help for your problems!!!! You MUST make sure that MSconfig is not being used to control Startups.
    • Note: That some Window's OSs (like Win 2K, 2003) do not have MSconfig! Run the procedure in the below link for your Windows version:
    • Read this to better understand why not to use MSconfig: Dealing with Startup Process
Step 5: Uninstall Known Malware and Unwanted Software
  • Work thru the below link to uninstall any bad programs that should not be installed on your PC. This may in some instances even resolve your problems. It takes a small amount of time (based on your experience level) to do this comparison, but it is well worth the effort.
Step 6: Select and run the all steps in the cleaning link below based on your Windows Operating System
You must click the blue underlined links to get to the cleaning procedures for your version of Windows!
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."
Last edited by chaslang; 01-24-10 at 15:43.. Reason: Check for 32/64 bit OS
The Following 539 Users Say Thank You to chaslang For This Useful Post:
1trkmind (08-31-08), 241142 (05-22-09), 48lowes (08-04-09), aabillthecat (10-22-08), abc3b (01-14-10), abz1nthe (05-08-09), accursed (05-04-09), ackermann (09-19-09), agitate (09-03-08), ahkin48 (07-27-09), aka laptop (12-18-08), Alaskero (12-10-08), aleem (06-16-09), aleryan (07-04-08), alexnikle (04-10-09), Alien Hacker (11-01-08), Alin (08-23-08), Allis_Chalmers (01-12-09), alphagalaxy (05-16-09), alwayz.alone (08-08-09), andy2259 (08-21-08), Andy44 (11-16-09), andybdjuk (08-27-08), Anvil (06-14-09), Aphelion5 (10-02-09), aravind (03-01-09), ardalan (01-05-10), arney (02-10-09), arnie4 (11-01-08), ash5353 (11-27-08), Ashkisher (07-11-08), audifan99 (12-09-08), auntybb (08-31-08), azrigokil (02-16-09), B. Curry (04-26-09), babyyoda (09-19-09), backscrapper (09-20-09), bailo81 (04-02-09), Balena (08-26-09), ballth5 (09-08-08), banderas1 (08-13-08), basilio (08-10-08), bbu (04-15-09), beckylousiana (08-12-08), bettnott (02-01-09), Bettsy (07-23-08), bettyagnes (08-23-08), bgustafson01 (09-11-08), Billdouglas (10-28-08), Bindu (08-28-09), bjgarrick (11-09-08), blakscribe (04-15-09), Blinx (01-08-10), blk_orion (10-21-08), Blue_Image (04-17-09), bonestein (01-25-09), boom929 (12-27-08), boomer129 (03-07-09), borgnine (09-03-08), bozner (01-18-09), Bri (12-29-08), briskyman (01-03-09), bsupriyo82 (07-20-09), Bucks (02-10-09), budzz (09-18-09), Buffy1999 (01-11-09), burrell (12-23-09), burzwud (07-10-09), butterfly090965 (03-04-09), Buzz53 (03-13-09), c-ro (02-28-09), Calsu (02-05-10), Camjam (05-08-09), Canadianice (09-11-08), Captain Drift (09-24-08), carra (09-06-09), cassidycaid (02-27-09), CavsFan16 (04-01-09), Celes123 (05-26-09), cesanne (04-04-09), cfwebb (01-23-09), Chala (02-04-10), CharlesG (08-12-08), ChibiMischief (10-22-09), Chief1942 (12-21-08), chimpneil (06-16-09), chuckm51 (11-29-08), circa1990 (05-20-09), Clapham Ranger (02-24-09), claude_buda (08-02-09), clayidus (11-18-08), clio (02-05-09), ClocK_FiTS (12-13-09), cokeman (10-31-08), coldbay (07-15-08), commit832 (02-04-10), concre+e (01-02-09), Coops (05-24-09), copyman_5 (09-02-08), Corporal Punishment (10-19-08), Creativeballance (08-23-08), CrossTie69 (07-03-09), Dachimas (12-26-09), dagnus (01-18-10), daisysix (09-20-09), daito (07-29-08), Dakotasbabe (08-09-08), damfadd11 (11-07-08), dario27 (07-09-09), Darkdemon6578 (08-15-08), Darkoshacy (07-04-09), Dave Cox (08-14-08), david-houston (11-03-08), Dayvo (12-17-08), Dback (02-04-10), dbaggers (10-16-08), DeadAlone (12-22-09), deng201 (08-28-09), Denise0829 (11-21-09), derty (11-24-08), Diani (01-07-10), djbillyd (11-15-09), djbusyv (01-21-10), djoni1980 (09-04-09), DMRelious (08-30-09), DOA (07-20-08), docpaulo (10-31-08), donguido (10-28-09), Doofus65 (09-02-09), dosco (09-28-08), Dracandros (02-07-09), drcarl (01-28-10), Dreamscaper (12-22-08), Dregsworks (10-19-08), duro2amore (05-02-09), dvlfrnd (08-08-09), eagles350 (01-26-09), eaulegere (01-15-10), ECR (11-07-08), eddieeffg (09-07-09), EdtheAminal (03-29-09), Eezak (11-20-09), eGirl (01-21-10), eharring (08-24-09), EIR Loe.307 (12-27-08), ekalbs4 (10-11-08), Erika Danielle (09-05-09), erratic (07-29-08), escman (10-09-08), evander (08-09-08), evilfantasy (01-14-09), evolutionpill (07-12-09), exoflare (11-29-08), Explosiv0 (01-12-10), F!r3w0lf (12-04-08), Faith007 (10-31-09), Faizan (12-24-09), Fbitobe (01-29-10), felix001 (11-26-08), Fervent (07-25-09), FighterJetMom (11-29-08), fiona3637 (11-10-09), Fish Bonz (05-06-09), flmthrwngrngs (08-22-08), flygurl403 (02-10-09), flyinghooves (12-05-09), ForYouToEnvy (10-18-08), foxyjam (12-20-09), fredgold52 (01-20-10), freelancegeek (09-27-09), freeman79 (Yesterday), friendofpoodles (11-03-08), froggdiva26 (09-28-08), funglu (02-27-09), furrelkt (06-15-09), g6qwerty (12-21-08), gabby3457 (03-26-09), GazRicey (10-19-08), gdblackthorn (02-17-09), geex_newbie (01-11-09), gemini1969 (11-05-09), GeneK02460 (01-02-09), GeoFan (10-10-09), Geopeera (02-15-09), george042369 (09-24-08), ggggranville (11-03-08), GigiNueva (01-31-09), giobiondani (04-12-09), gjljr727 (10-04-09), gmlone38 (01-18-09), GoldenGuy (06-19-09), goliano (01-03-09), goodtexan (08-23-09), gordie (03-22-09), gr4ndpa (10-10-09), GrannyWannaBe (08-01-09), greef (09-13-09), Greywood1862 (06-22-09), gvladimi (08-11-09), harold (12-12-08), haroon132 (08-24-08), HatCat (07-01-08), HellesAngel (01-06-09), hello235 (09-18-09), HelloNewman (05-19-09), hidalgo_55 (01-28-10), Hihats (04-23-09), Himo (10-29-08), hiorti (01-26-09), Hlgibson (02-06-10), hrlow2 (08-09-09), Hungry Guy (01-02-09), idkj (01-29-09), Ifiremyself (08-02-08), igrushka7 (07-19-09), iminsarasota (02-26-09), indigit4l (03-16-09), Indrek23 (07-04-08), indyattic (01-04-09), infected2k (08-23-08), infectshun (09-20-08), infernalinferno (07-27-08), inventor1949 (09-02-09), irbyz (04-21-09), italianstallyon (09-22-08), Jab64000 (12-23-08), jainm (08-11-08), jakec9 (03-08-09), JakeD (12-26-08), JamesDean (12-06-09), jawright83 (10-20-08), jayorbon (12-05-08), jdesk9 (10-08-08), jefficit (03-09-09), Jejoka (09-09-08), JennBo (12-05-08), jesushairdo109 (05-09-09), Jhealynyad (11-01-08), jhutsonhart (12-30-08), Jjude (01-05-09), jklinsky (09-11-08), jlapolla (05-15-09), jml265ster (11-26-09), joey off the street (02-14-09), JoeyJoeJoeShabadu (02-22-09), johnnyoz (11-02-08), joliett (01-15-09), Jossa (02-03-09), jralphdavis (12-29-08), Jsays1 (10-21-08), jstraut (12-26-08), jthompso (07-10-08), JudithK (09-28-08), JunkieHanfens (09-10-08), JustKate (12-09-09), Ka. (05-28-09), kamkar1 (06-10-09), kbrettm1977 (03-11-09), kevgeez (08-26-09), khameleon34 (12-20-08), kibrah (08-18-08), KingCrimson769 (12-02-08), Klementz (09-23-08), kmody85 (01-06-10), korok (06-18-09), kpmullig (01-30-09), kskovach (08-19-08), kwaka (04-20-09), LameLoser (05-28-09), lane99 (10-07-08), LA_Cyn (10-29-09), lckc (01-18-10), leonie8427 (12-28-08), linac33 (10-08-08), Lionhead (07-07-08), lit_tle_mom (02-20-09), ljarque (11-19-08), LogosEther (04-07-09), Lollyde (07-24-08), lolmetender (01-09-09), london365 (05-14-09), LordAtari (12-11-08), loz3002 (11-12-09), lpelesit (10-03-09), lpontius1 (01-28-09), luluotto (12-22-08), lumberjack349 (12-04-08), lyniroquai (01-11-10), m0rpheux (01-21-10), maddiane (07-22-08), MadDogg80 (01-02-10), Maggie_61 (01-18-09), magisterdgg (03-31-09), magna86 (01-15-09), Major Attitude (07-30-08), Makoro (10-05-09), makue10 (12-28-08), Mallies (07-05-08), marcia2525 (01-25-10), martik (02-01-10), martimax (01-06-09), Marvin Ian (01-04-09), masterswed79 (12-25-08), matthewdelamere (07-24-08), maximus relaximus (12-18-08), mchoi325 (07-11-09), MeitHed (08-02-09), meldrs (07-22-08), Merlinlvmc (11-07-09), merrec2003 (08-24-08), meson1980 (01-03-09), mhoward10135 (12-30-09), Michael Ekstrom (12-12-08), Michael Murphy (11-28-08), mickyrush (10-17-09), MightyBeaker (07-16-08), Mike H. (12-02-09), mikev (01-16-10), Mimsy (08-06-09), mineraledge (07-01-08), missmoneypenny (08-17-09), mistergofio (05-23-09), MisuzuKamio (12-01-08), Mkael McCalla (09-04-08), Mokushiki (07-09-08), mommysews (01-11-09), motobat (06-11-09), mpetro1 (03-05-09), mrugnett (12-09-08), Ms12a3 (11-05-08), murderhigh187 (12-06-08), murphatoid (02-20-09), mxcj (02-20-09), myrikal (03-18-09), Nacho (12-23-09), nadsab (03-29-09), nanabell1225 (08-29-09), nanao (02-02-10), naresh11381 (02-05-09), naturalagent (01-01-09), NaughtySecret (11-26-08), Neilhyde (06-08-09), netboy (12-01-09), NICK ADSL UK (09-01-08), NickD (08-19-09), ninram (Yesterday), Nomiballou (10-23-08), Noprotein (07-15-09), Nuts4Mutts (08-09-08), nutshell (11-30-09), October (03-03-09), ohuwilltoo (07-13-08), OkieMomma (11-17-08), OldAnton (08-17-08), ol_leprechaun (11-16-08), OminousThunder (12-02-08), onbingo (11-09-09), OrCrush (02-21-09), otarpilot (12-28-08), pajarito541 (12-05-09), paprp (01-21-09), Parttimepcdad (12-28-08), PaulS (11-22-08), pbhagat (08-26-08), PCBeatMe (06-20-09), pclover (09-19-09), pe537 (10-21-08), petejc (11-02-09), Phanatic (02-27-09), pierreshannon22 (01-15-09), PlookoTad (04-28-09), postcard (12-03-08), prj668958 (01-19-09), psy333che (07-26-09), punkandrock (06-15-09), r0nald11 (10-06-08), radiorep (07-27-09), radiot (09-09-09), rafro007 (09-24-08), ragexzero (12-05-08), ralph3124 (08-19-08), Ramachandrea (08-28-08), Raphee (01-25-10), ravenous1 (12-13-08), rchandra (12-08-08), rdaddy88 (12-10-08), RedPaul (07-21-08), reef (01-06-09), Reester (08-10-09), rexer (10-25-08), Rich_Lovina (08-27-09), RJS (12-14-09), RLynn (01-26-10), robc1776 (07-05-09), roco (11-13-09), rohanbruce (05-04-09), rosa_1024 (09-10-09), rouge user (08-28-09), Route137 (02-12-09), roxanneb (04-02-09), rpole (08-28-09), Run5k (01-01-09), rvieux (01-01-09), ryanc202 (02-14-09), RydWolf (12-31-08), SafariHat (11-13-08), safyrmwn (09-16-08), sageofbrooklyn (02-01-09), SalemDesign (10-02-09), sandb (08-06-09), sandyxo (02-01-09), savarna23 (11-01-09), scogo99 (12-10-08), scotty7 (07-13-09), sdouble (11-18-08), seaside (08-18-08), seekingelf (05-29-09), Sefton (12-25-08), Seintime (12-15-08), seymourf (07-10-09), SgtGunner (03-24-09), shagz7 (10-31-08), sheldonyoyo (05-08-09), shikedo (07-25-08), shilpa (07-25-09), Shoyz (01-19-09), Shunsui (05-06-09), sicari (03-16-09), sid79 (09-20-09), Sinuhe (12-28-09), skanuga (09-09-08), SkinzyB (08-24-08), smithpb (03-11-09), Smooth (03-14-09), sms1226 (03-17-09), snickerdoodle (11-14-09), SnowCat MacDobhran (11-01-09), snurbnacnud (07-20-09), socknut (01-08-09), SomeCrazyStuff (09-09-08), Sonnet_XVIII (06-10-09), SopeV1.0 (01-08-09), soz1 (11-17-08), sparklite (03-17-09), spidermanusa (01-02-09), SpikeSpeedwell (10-07-08), sprinto (08-19-08), stas007 (12-29-08), Steel Breeze (11-17-08), stefanipierce18 (12-30-08), Stefanus (09-29-09), stew (12-12-09), Strix (02-15-09), SupaKute (08-01-08), sushibop (12-20-09), T-Bone (12-14-09), t0m5k1 (09-10-09), tadpole (06-29-09), Talbet (10-23-08), tatsall (08-09-08), taxpayer (01-02-09), tech271 (11-15-08), tegary (07-02-09), texoz (12-29-09), Thady (08-22-08), thai_american_42 (05-24-09), Thalictra (02-28-09), thefly (06-24-09), them (01-18-09), thenovelist (08-12-08), thepeanut (04-10-09), TheRealDon (01-04-09), Theseus (10-23-08), thewomble (03-27-09), the_artz19 (12-12-08), thomasak (09-26-09), ThomasK (08-19-08), thorir (06-18-09), TideH2O2 (01-14-09), tift84 (07-30-08), tlrodda (08-29-08), tony19 (09-13-08), tony4025 (12-23-09), Toolian (12-16-09), Tourangh (09-20-08), ToyotaMafia (03-17-09), TrevRyan (09-04-08), Tricia (02-08-09), Tripletoe (11-20-08), Trntstr4 (12-18-08), tuco4life (08-17-09), Tucquan (02-16-09), turgidone (10-15-08), UF Gator (08-08-09), ugunit89 (12-22-08), Uli (10-06-09), Umbrella (01-13-09), urbanphoenix (08-14-09), ureritemate (10-25-08), Urokira (12-18-09), usmarinehere (02-23-09), Valde15 (04-26-09), vale (06-01-09), Valkrye (07-05-09), vanheijzen (01-01-10), varie (12-30-08), vatmnhat (10-08-09), VaultBoy (11-11-08), vcurtis (07-29-08), vectrex (04-13-09), veneola (10-27-09), Venom8 (09-20-09), Vette (01-18-09), Virtumondehatesme (07-23-08), vlashka (12-19-08), Vortex (05-31-09), vwbus71 (01-28-09), WaightZer (06-26-09), WalksAlone74 (09-03-08), Walter L. Preston (12-12-08), wannabetechie (08-19-08), watccoe (07-18-08), wendy m (06-17-09), whiteoaks47 (08-24-09), wilko3 (06-29-08), Wrenchman (01-19-09), Xionic (04-02-09), Xitherius (09-22-08), xlivegamingx (11-15-09), xviii2121 (10-28-08), xyster (07-28-08), Zackinator (02-02-09), zakiya (09-13-09), zDawg32 (08-19-09), zDeadly (04-15-09), zela (12-16-09), zero0 (10-09-09), zhulie (01-18-09), zio707 (11-01-09)