Dealing with Virus and Spyware

(aka Chris' advice on how to clean your system)

Last modified: 19 June 2008

Audience and goal of this document
This document is intended for those who wish to know how to deal with virii and spyware on PC's. It was written with my "mother in law" in mind - that is, I am intentionally trying to keep it from getting too technical while still providing good, solid advice. As such, feel free to share this page with anyone who you think might have a virus or spyware on their computer.

Prevention is the best cure
Obviously, the best way to deal with Virii and Spyware is to not get infected in the first place. This is done by:

• Keep your firewall turned on - There really is no reason whatsoever to disable the Windows firewall (unless you're running another firewall program such as ZoneAlarm or one built-in to AVG or Symantec).
• Keep Windows up to date - Automatic updates are good (and should never be turned off), but not all updates are done automatically. It is a good habit to manually do the updates, using the CUSTOM button (and selecting them all) at least once a month.
• Safe Computing practices - don't visit "bad websites", don't install "bad programs", don't open email attachments unless you know what it is, etc. Note that the "visiting bad websites" includes not clicking on links in email messages...
• Installing and keeping updated good Anti-virus and Anti-Spyware programs. Examples of "good" programs are Symantec AV (Corporate Edition only), AVG from Grisoft, Spybot Search & Destory, and MalwareBytes Antimalware. There are others, but those are my personal favorites. Note that I personally do NOT like McAfee nor the "home" versions of Symantec/Norton.
• Make sure you run only ONE Anti-virus/Anti-Spyware program at a time. Running more than one will often cause problems as they "don't play nicely" together.
• Using a good HOSTS file (see below) - this redirects network requests of alot "bad" places to 127.0.0.1 (there's no place like home) .

 

Enough preaching; how do I get rid of this virus?
Don't beat yourself up for this, it happens. Only the most isolationist of computer users avoid getting a virus (yes, even Mac folks get hacked). So what lies below is my advice on how best to clean up from most infections. Note I said "most" - there is no guarantee here.

1. Use Add/Remove Programs to get rid of "bad" programs.
2. If your anti-virus or anti-spyware programs are old versions, uninstall them. Don't just install the new version over the old one (installs over previous versions are not always "clean").
3. Update your anti-virus and anti-spayware programs.
4. Turn OFF System Restore (alot of virii reside there). Instructions on how to do this are at http://support.microsoft.com/kb/310405 (use method 2).
5. Reboot into SAFE MODE. To get to Safe Mode, you must hit the F8 key as your computer is restarting - AFTER all of the Bios messages but BEFORE you see the "windows screen". Note that if you are infected, running a scan in normal mode is pretty much a waste of time.
6. Run a full system scan using both SpyBot S&D and your anti-virus program. Be sure to have any infections found Deleted, Fixed, or Erased.
7. Repeat steps 5 & 6 until the scans come up completely clean.
8. You don't have to do this, but it's probably a really good idea. Download, install, and run the Malwarebytes Anti-Malware program. This program does not run in safe mode, but it will get the occational virus/spyware that other programs will miss (no AV program is totall complete). Note that this program will not run in safe mode...
9. A virus named "Vundo" can be especially hard to clean. If it was one of the virii found, download and run the VundoFix program. If that fails, try the VirtumundoBeGone.exe program. In Safe Mode, of course.
10. Another nasty/hard to clean virus is called "SmitFraud" was one of the virii found, download and run the SmitfraudFix.exe program from http://siri.urz.free.fr/Fix/SmitfraudFix_En.php.
11. Reboot and in "normal" Windows install Malwarebytes' Anti-Malware. Run the program (I believe this program will not run in Safe Mode).
12. If your system is now clean, you can turn System Restore back back on (same website as in step 3).

If this does not solve your problem, then you can always try subscribing to the same web-forum I use - Geeks to Go. They have an EXTENSIVE tutorial of how to remove malware, as well as experts that will walk you through (be patient, it is a slow process).

 

Stuff to Download
Below is a list of the programs I mentioned, with links so you can download them directly.

• Hosts File - This is a .zip file that you will need to extract. The included ReadMe.txt file will instruct you on where to copy the HOSTS file.
• Spybot Search & Destory - One of the best anti-spyware programs on the market - and it's free. Do NOT be fooled by other programs with similar names.
• Malwarebytes' Anti-Malware - this is a very good program to run after you have run Norton or AVG and Spybot as it will sometimes find infections the others miss. If you want to pay the registration fee, it is probably just as good as Norton or AVG for normal use as well.
• IE-Spyad - a little program which modifies the system registry to include a bunch of "bad" websites into IE's "banned list". Note that if you use FireFox, this may not be too useful (but then again, it won't hurt anything).
• VundoFix.exe and VirtumundoBeGone.exe - 2 programs which deal specifically with the Vundo virus (a particularly hard virus to get rid of).

 

Note about "bad programs":
One of the tricks to safe computing practices is figuring out what is "ok" vs what is "bad". There is no hard and fast rule for this but in general, the things that fall into the "bad" category are:

• Most programs that claim to be anti-spyware. After all, what better way to get you to infect your system than to make you think it is doing something good for you? Registry cleaner programs fall into this category as well (in fact, there is such thing as a good "registry cleaner" program).
• Screensavers - these are notorious for being spyware
• Games you download from the 'net. Did you really believe you could get a good game for free?
• Saving the worst for last - File Sharing programs. Ok, most of these aren't bad themselves, but they open you up to a world of programs that are bad.