We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Malware/Spyware Removal Guide

Browntoa
Posts: 49,591 Forumite


#### links confirmed working 15/06/2010 ########
The following is compiled with the help of Pchelpman, Toxteth_OGrady , Intel and Fran and is designed to be a new "Sticky" as a comprehensive guide to the steps required to remove the above from your PC. it will be split into three posts for ease of reading and printing.
The first 4 posts in this thread are our best solution to removing the infection from your PC
The rest of the thread is personal opinions on the rights and wrongs on those instructions. Do not post requests for help in this thread but start a new thread for your particular problem.
Please follow these instructions fully before posting for help on the Forum as 99% of the time this will clean your PC of the infection.
Please back up any important documents,emails and photographs before you start.
#### IMPORTANT :- if followed correctly these instructions should help you remove the infection in your PC, if followed incorrectly you may cause damage to your system . If you do not feel confident in following these instructions we would advise you to seek the advice of a professional to fix your PC. ######
for earlier versions of Windows 95/98/98se/Me Malwarebytes and Microsoft Defender will not work but all other software will and the steps remain the same
The following is compiled with the help of Pchelpman, Toxteth_OGrady , Intel and Fran and is designed to be a new "Sticky" as a comprehensive guide to the steps required to remove the above from your PC. it will be split into three posts for ease of reading and printing.
The first 4 posts in this thread are our best solution to removing the infection from your PC
The rest of the thread is personal opinions on the rights and wrongs on those instructions. Do not post requests for help in this thread but start a new thread for your particular problem.
Please follow these instructions fully before posting for help on the Forum as 99% of the time this will clean your PC of the infection.
Please back up any important documents,emails and photographs before you start.
#### IMPORTANT :- if followed correctly these instructions should help you remove the infection in your PC, if followed incorrectly you may cause damage to your system . If you do not feel confident in following these instructions we would advise you to seek the advice of a professional to fix your PC. ######
for earlier versions of Windows 95/98/98se/Me Malwarebytes and Microsoft Defender will not work but all other software will and the steps remain the same
Ex forum ambassador
Long term forum member
Long term forum member
0
Comments
-
Download the following software, in each case as it downloads click on the “Run” button on the File download box that opens to install the software.
Before you start make sure you are at least up to date with Windows XP Service Pack 1a by going here
http://www.microsoft.com/downloads/details.aspx?FamilyID=0136e5f8-1684-4202-b2d0-c6a43430f12a&displaylang=en
1) Please download Malwarebytes Anti-Malware and save it to your desktop. (unlike the rest of the software this needs to be run now)
- Make sure you are connected to the Internet.
- Double-click on mbam-setup.exe to install the application.
- When the installation begins, follow the prompts and do not make any changes to default settings.
- When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Then click Finish.
- MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
- On the Scanner tab:
- Make sure the "Perform Quick Scan" option is selected.
- Then click on the Scan button.
- If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
- The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
- When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
- Click OK to close the message box and continue with the removal process.
- Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
- Make sure that everything is checked, and click Remove Selected.
- When removal is completed, a log report will open in Notepad.
- The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the contents of that report in your next reply and exit MBAM.
if you find that the Intaller file will not run then "right click" on it and rename the file to minstall.exe or something and try again
if you find that malwarebytes will not run then navigate to
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
or wherever you installed the program and rename it to something like cleanmypc.exe and try again
thanks for the following information from Knarf44
I have always given the advice based on info found in the Malwarebytes forum, here.
That advice states quite clearly that a quick scan would pick up 99.9% of infections and that the Full scan option is there simply to provide reassurance.
Towards the end of the thread it also addresses the point that MBAM should always be run in normal mode rather than safe mode. The latter should only be an option when the program can not be run in normal mode.
2)Ad-Aware from Lavasoft from here
http://www.lavasoft.com/products/ad_aware_free.php
Install, click Check for Updates now and get any updates, then exit
3)Crap Cleaner from
http://www.ccleaner.com/ccdownload.asp
Install only making sure to untick the box for installing the Yahoo toolbar, then exit
4)Spybot Search and Destroy
http://www.safer-networking.org/
Install, do the search for updates now and get any updates, Make sure you leave the SDhelper ( IE bad download blocker) checked to install (this is the default).
if you find it impossible due to the infection to connect to any of the above and download , or the programs refuse to install/run then use another pc and download this tool to a USB drive or a CD
http://www.superantispyware.com/portablescanner.html
and follow the instructions
then attempt the above steps again. If you still have problems then start a new thread for advice and state that you cannot download/install etcEx forum ambassador
Long term forum member0 -
Malware Removal
Please back up any important documents,emails and photographs before you start. If the PC does not boot then please start a New thread about using a Linux boot CD to retrieve your data, as long as the hard disk is funtional you CAN get your data !
Important:- Before starting make sure you print these instructions as you will not be able to connect to the internet.
The best method to remove malware is to do it after booting in Safe Mode. Please note to complete ALL these scans may take some time so make sure you allow yourself plenty of time.
Boot to safe mode now.
For info on how to boot to safe mode click on the link below:
http://service1.symantec.com/SUPPORT...01052409420406
Shut down ALL unrequired applications including browsers
1) Run Ccleaner with the default options to clean out temporary files. Only use the Default Scan on the Windows Tab and select Run Cleaner
2) Run Spybot Search & Destroy and allow it to fix all that it finds
3) Run Ad-Aware SE and select Perform full system scan box and allow it to fix all that it finds
You will now need to get back into normal Windows mode by reversing the steps you took to get into safe mode
When Windows has booted up connect to the Internet and see if the problem is still happening, if so you may need to boot back into safe mode again and do a 2nd run of steps 2) to 6).
Should the problem persist despite all this then run all the free online scans at both these sites:
http://www.pandasecurity.com/uk/home...ns/activescan/
using the "Scan your PC now" button not the other button to buy the program
…and here…..
http://housecall.trendmicro.com.
When running the Panda Activescan make sure you click the Free Online Virus Scan in the upper right hand corner of the page under the Free use Activescan header. You do NOT want the default spyXposer scan.
You should run ALL the free scans offered by Housecall.
Make sure they both perform full system scans.
If either/both scans find something they cannot fix - perhaps because the infected files are "in use" - please make a note of the file(s) concerned and post the details in a new thread in the techie forum stating the name of the Malware and which version of Windows you are using.
If all is clear then please read the following and make sure that you have installed a Firewall and some AntiVirus software be reading the following thread
http://forums.moneysavingexpert.com/showthread.html?t=3356
and also it is important that you update your Version of Windows to the latest build as this will help stop a recurrence of the problem. You may need to go back and check for updates a 2nd time to make sure that you are fully up to date.
http://update.microsoft.com/microsof....aspx?ln=en-us
Please note that this will only work with a VALID Version of Windows XP or VistaEx forum ambassador
Long term forum member0 -
If problems still exist then download HijackThis
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php
Note: You should only use HijackThis if you have advanced computer knowledge or if you are under the direction of someone who does. Improper usage of this program can cause problems with how your computer operates.
To use HijackThis, download the file and extract it to a directory on your hard drive called c:\HijackThis. Then navigate to that directory and double-click on the hijackthis.exe file. When the program is started click on the Scan button and then the Save Log button to create a log of your information.
You can then either paste the contents of the saved file to here for online analysis (please be aware that there is NO personal data in the log files and it is safe to do so )
www.hijackthis.de/en
or post your log file in the Techie Forum for advice , please include the log from your Ewido scan as well
##### Please note, all the posts after this do not make up part of the Spyware/Malware removal guide.
They are all the opinions of the person making the post and are commenting on the rights and wrongs of the initial 4 posts #####Ex forum ambassador
Long term forum member0 -
"Some people recommend that System Restore be turned off and all Restore Points deleted before attempting spyware removal. DO NOT DO THIS. If something goes wrong (anything is possible) you will have no way to reverse your actions. You'll want to delete your old Restore Points, but the time to do that is later, not now."
http://www.microsoft.com/windows/IE/community/columns/bugbusting.mspxIf you think nobody cares about you, try missing a couple of payments.0 -
Browntoa wrote:this post is not for comments...it should be closedBrowntoa wrote:the guy above does not know what he is talikng aboutIf you think nobody cares about you, try missing a couple of payments.0
-
Ganyam wrote:"Some people recommend that System Restore be turned off and all Restore Points deleted before attempting spyware removal. DO NOT DO THIS. If something goes wrong (anything is possible) you will have no way to reverse your actions. You'll want to delete your old Restore Points, but the time to do that is later, not now."
http://www.microsoft.com/windows/IE/community/columns/bugbusting.mspx
The Above information is incorrect when using Spyware removal software
as spyware will hide waiting to re-infect within the restore points
so disable restore run a scan then re-enable restore.0 -
Due to differences of opinion I have decided to re-open this thread and merge it with the thread discussing malware, in keeping with the other stickies on this board which have been left open for discussion and comment.
I know some people wanted this thread closed but I don't see how we can close it when other people have different opinions which should be available to everyone to make a choice about how to do their removal.
I hope no-one minds this and please keep the discussions friendly! It's a very interesting thread and thanks to the people who put their time into it for the benefit of others. :TTorgwen.....................
0 -
I'm with intel...
I've yet to "kill" or cripple a PC by removing Spyware with the restore points off...and I've done a few !!!
PcHelpman is the real expert on this as he helps out on a Spyware forum elsewhere and he was the one who came up with most of the wording of that part (among many others)
Ex forum ambassador
Long term forum member0 -
Even my mates on Experts Exchange reccomend restore off everytime.0
-
i wouldnt switch it off everytime, i would only switch it off of the problem came back after removing it with it on.
Not all spyware etc will hide in the restore points so no need to turn it off every time IMO
also is all 6 of the programs really required?
i only use cc cleaner, spybot and adaware and i keep my pc clean. (but then again im carefull in what i do online)0
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 349.8K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 453K Spending & Discounts
- 242.8K Work, Benefits & Business
- 619.6K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards