Windows XP Malware Removal/Cleaning Procedure

Discussion in 'Malware Removal FAQ' started by chaslang, Sep 30, 2007.

Thread Status:
Not open for further replies.
  1. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Windows XP Malware Removal/Cleaning Procedure

    Notes:
    • Some programs (like MGtools mentioned later and maybe other tools too) may not run on restricted user accounts so you may need to temporarily change the user account to an admin type account and then complete the scans.
    • If you are a Spybot Search and Destroy user, make sure that you do not have Teatimer enabled. If you already have Teatimer enabled, see this to disable it: How to disable Spybot's TeaTimer
    Step 1: Downloading Tools

    In this section we are going to download tools we will use. We will install and configure the programs and then run scans at a later point so please only download right now.

    Make sure you download the tools to the exact locations specified below in the procedures to avoid problems later. It is not a good idea to download them to any folder within C:\Documents and Settings.) It is also a bad idea to download and save anything you need into any kind of Temp folder. Malware hides in Temp folders and standard cleaning practices will delete everything from Temp folders.

    Now download the below tools ( PLEASE only download at this point ) If your protection software blocks downloading because it calls these malware then shutdown your protection software because it is mistaken and is just getting in the way.
    • MalwareBytes - Save to your Desktop
    • RogueKiller - Save to your Desktop. See the download links under this icon [​IMG]
    • TDSSKiller - Save to your desktop. See the download links under this icon [​IMG]
    • HitmanPro - Save to your desktop. See the download links under this icon [​IMG]
    • MGtools - Recent bugs in many antivirus programs are detecting this as malware. Disable your AV while you download and run MGtools if you have this problem. Rest assured that it is clean. Your AV is incorrect. We prefer that you download this file to the root folder of the drive where you have installed Windows (Typically the root folder would be C:\ and thus you would have a C:\MGtools.exe file after downloading). If you use FireFox and still have it set to defaults, it will not let you choose where to download files to. To change FireFox, run FireFox and Click Tools, Options, and on the Main tab select Always ask me where to save files. If for some reason you still have a problem trying to save MGtools.exe properly which can happen with Vista and Win7, you can download and run it from your Desktop as long as your Desktop folder is located on the same drive that you boot Windows from.
    Step 2: Installing Tools and Running Scans - please only run one scan at a time and only run each scan one time. Also try to complete all scans before attaching any log
    • RogueKiller instructions

      Note: If you have any questions/issues not answered by the below see this link >> http://www.adlice.com/software/roguekiller/roguekiller-official-tutorial/
      • Right click RogueKiller.exe or Roguekillerx64.exe (Note: If running Vista or Win 7 use right-click and select Run as Administrator)
      • It will open up on the HOME tab. Click across the the SCAN tab and click the blue Start Scan button. Then click "Start scan" again.
      • The scan will begin, be patient it can take a little while to run.
      • When the scan is finished, you will see a window of results. Similar to this:

      [​IMG]

      Do NOT click on the REMOVE SELECTED button.
      Simply click on the OPEN REPORT button.
      Now click on EXPORT TEXT button (see screenshot below)

      [​IMG]

      Save the file as something appropriate like RK or Roguekiller log to your DESKTOP for easy retrieval, and upload to the forum with your other attachments. (See how to attach items to your post)
    • HitmanPro Instructions
    • MGtools Instructions
      • Now follow the directions in the below link for running MGtools. It also explains possible reasons for not being able to run MGtools
    Step 3: Do You Still Have Problems
    • Yes, I’m still having problems
      • DO NOT run the READ ME again!!!! And DO NOT move on to Step 4 below!!! Please just attach your logs as given below and tell us what problems you are still having.
      • PLEASE ATTACH ALL REQUESTED LOGS whether the find anything or not!!!!! We must check that proper updated versions were run.
      • If you do not already have a thread started, start a new thread otherwise post the following in your original thread. Clearly describe in detail the problems you are having and how long ago they started. Think about what you were doing at the time.
      • Now you need to attach (See: HOW TO: Attach Items To Your Post ) ( Or View: How to Attach Items to Your Posts) the below logs created while running the above scans
        • RKreport[1].txt log from RogueKiller
        • HitmanPro log
        • MGlogs.zip - normally it is C:\MGlogs.zip (but you may also find a copy on your Desktop if it ran properly ) - only attach this log from MGtools.exe Please DO NOT attach any logs seen in the MGtools folder unless requested by a helper.
      • You should attach all of your logs after you have completed all scans.
      • Be patient after posting your logs and wait for one of the helpers to get to you. It can take a while to read thru all of the logs and to create individual fixes for you.
      • Also DO NOT BUMP your thread to try and get a faster answer. This will actually significantly delay getting an answer. See this: Don't Bump! It Only Hurts You!!!
    • No, I’m not having any problems
      • If you are sure everything is okay ( give it a couple days to be sure ) and that you do not need to request any help, then jump to the next step below.
    Step 4: Toggle System Restore
    • Before you toggle System Restore, make sure that you are no longer having any malware or other problems as specified above in step 3. If necessary, run your PC for a few days to make sure that everything is working well.
    • You only need to Toggle System Restore if malware had been found during the cleaning procedures. If no malware was found, there are no infected restore points to worry about, thus you can skip to the next step.
    • Once you are sure all malware problems have been removed follow the below steps:
    Why we toggle System Restore!

    If you have been infected with any trojans, spyware, etc, they could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files that may contain viruses. Even though your tools may say they are deleting them, they are not! The reason for doing this after your system has been completely cleaned of problems, is so we can remove possible infected restore points. When you disable system restore, it removes restore points!

    We only toggle System Restore after you are clean because keeping even infected restore points around while we are fixing things may prove useful if something goes wrong during the process. An infected restore point could be better than none at all!
    Step 5: Keeping your computer safe and secure
    Step 6: Alternative Scans - If still having problems, see: Alternative Scans

    Now surf safely! :)
     
    Last edited by a moderator: Dec 13, 2020
Thread Status:
Not open for further replies.

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds