Windows 2000 & 2003 Malware Removal/Cleaning Procedure
This procedure expects that you have the latest service pack revisions for Windows 2000 or 2003 already installed. If you do not, you could have difficulties with certain tools not working. You will have to report this later. We do not advise getting any updates for your Windows OS while still infected.
Step 1: Downloading Tools
In this section we are going to download tools we will use. We will install and configure the programs and then run scans at a later point so please only download right now.
Make sure you download the tools to the exact locations specified below in the procedures to avoid problems later. It is not a good idea to download them to any folder within C:\Documents and Settings.) It is also a bad idea to download and save anything you need into any kind of Temp folder. Malware hides in Temp folders and standard cleaning practices will delete everything from Temp folders.
If you have difficulty knowing how to download and save files to locations on your PC, check out the below Video Tutorial by TimW
Now download the below tools ( PLEASE only download at this point ) If your protection software blocks downloading because it calls these malware then shutdown your protection software because it is mistaken and is just getting in the way.
- Some programs (like MGtools mentioned later and maybe other tools too) may not run on restricted user accounts so you may need to temporarily change the user account to an admin type account and then complete the scans.
- If you are a Spybot Search and Destroy user, make sure that you do not have Teatimer enabled. If you already have Teatimer enabled, see this to disable it: How to disable Spybot's TeaTimer
Step 2: Installing Tools and Running Scans
- RogueKiller - Save to your Desktop. See the download links under this icon
- Malwarebytes Anti-Malware - See the download links under this icon
- Important: Rename the downloaded mbam-setup.exe file to mb.exe to help work around certain malware that will block it from being run.
- HitmanPro - Save to your desktop. See the download links under this icon
- MGtools - Recent bugs in many antivirus programs are detecting this as malware. Disable your AV while you download and run MGtools if you have this problem. Rest assured that it is clean. Your AV is incorrect. We prefer that you download this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading). If you use FireFox and still have it set to defaults, it will not let you choose where to download files to. To change FireFox, run FireFox and Click Tools, Options, and on the Main tab select Always ask me where to save files. If for some reason you still have a problem trying to save MGtools.exe properly which can happen with Vista and Win7, you can download and run it from your Desktop as long as your Desktop folder is located on the same drive that you boot Windows from.
- please only run one scan at a time and only run each scan one time. Also try to complete all scans before attaching any logs!
Step 3: Do You Still Have Problems
- RogueKiller Instructions
- Double click RogueKiller.exe to run (Note: If running Vista or Win 7 use right-click and select Run as Administrator)
- When it opens, press the Scan button
- When it is finished, there will be a log on your desktop called RKreport.txt
- Attach RKreport.txt to your next message ( after you complete all scans or get as far as you can go). (See: HOW TO: Attach Items To Your Post )
- Malwarebytes Anti-Malware Instructions
- Please carefully follow the instructions in the below link to most effectively run it and obtain a log:
- HitmanPro Instructions
- MGtools Instructions
- Now follow the directions in the below link for running MGtools. It also explains possible reasons for not being able to run MGtools
Step 4: Keeping your computer safe and secureStep 5: Alternative Scans - If still having problems, see: Alternative Scans
Now surf safely!
- Yes, I’m still having problems
- DO NOT run the READ ME again!!!! Please attach your logs as given below.
- PLEASE ATTACH ALL REQUESTED LOGS whether the find anything or not!!!!! We must check that proper updated versions were run.
- If you do not already have a thread started, start a new thread otherwise post the following in your original thread. Clearly describe in detail the problems you are having and how long ago they started. Think about what you were doing at the time.
- Now you need to attach (See: HOW TO: Attach Items To Your Post ) ( Or View: How to Attach Items to Your Posts) the below logs created while running the above scans
- RKreport.txt log from RogueKiller.
- Malwarebytes Anti-Malware log
- MGlogs.zip - normally it is C:\MGlogs.zip - only attach this log from MGtools.exe DO NOT attach any logs seen in the MGtools folder.
- Be patient after posting your logs and wait for one of the helpers to get to you. It can take a while to read thru all of the logs and to create individual fixes for you.
- Also DO NOT BUMP your thread to try and get a faster answer. This will actually significantly delay getting an answer. See this: Don't Bump! It Only Hurts You!!!
- No, I’m not having any problems
- Then jump to the next step below.