Malware/Spyware Removal Guide

Browntoa

we are talking about already infected Pc's here, not day to day cleaning.

System restore points need to be removed, for example I was removing a SpyAxe infection from a PC I had cleaned before about 8 weeks ago and had set clean restore points when I finished. Going back to the clean restore point did not remove the infection, I needed to delete them and go through the cleaning process to fix the problem.

Update to Windows Service pack 1a is vital as an initial step as it closes a lot of exploits, the last step to Service pack 2 is to ensure that all current exploits are closed and to help prevent future problems

ewido is far more effective at removing spyware + viruses in one hit but to pick up anything that is missed then you run the others , it may be overkill slightly in your view but for the sake of being thorough you can avoid having to repeat the whole thing again later.

Ccleaner deletes all the temp internet files where these things tend to install/lurk so it is prudent to remove all these first.

the 2 online scanners are there to make sure that the infection has gone if you are still having problems and are not part of the cleaning process

m00nie

yes i am talking about all ready infected also, but as i say not all infections need so much work to remove them, alot of infections wont need system restore off.

if your pc is infected it dosent mean you have to instantly switch off system restore as not all infections will hide into there. i have removed infections on peoples computers without having to switch off system restore many of times and they have not come back.

if the problem dosent clear up then obviously switch off system restore and do it.

but as i say IMO just because you get infected i would instantly switch it off


(its 5pm on a saturday so i need to shower n shave before i hit the town so il leave this discussion for now, i do think its a great idea what you have compiled though and it will help a lot of people im not disputing that. well done its what helps to make this site great)

Browntoa

but the point I am making is that you do not know when the problem occured or what infections are there, you hit evrything up front and then kill evrything in 99% of cases

I've NEVER had a PC with restore off that has become inoperable after cleaning

you are just going to end up spending more time in the long run returning to the same problem (most of the current crop of Spyware are particularly nasty bits of work and Spybot/Ad aware/MS anti-spyware actually fail to detect at least one of them) so you are covering all bases on what is normally an unknown problem on a badly protected PC

the like of you and me are careful and deligent about what we do online , not everyone is and many have none of the basic online security systems in place

pchelpman

Seeing as my name's been mentioned I thought I'd explain my personal view.

I would NEVER advocate purging/deleting previous Retore Points ("RPs") automatically before carrying out a fix. Not unless it is clear that not doing so is causing a problem.

My views is (as others have mentioned) "An infected RP is better than no RP at all."

After a PC is clean and working again THEN I recommend cleaning out all old RPs and immediately creating a new one as something to fall back on if anything else goes wrong.

Now ... IF I can't fix a PC then the suggestion is that maybe there IS something hiding in the RPs. In that case I WOULD delete them all as they are clearly stopping the clean up.

Couple of anecdotal cases.

In some instances (admittedly only a few) I have asked users if they can invoke a RP only to be told "no" because all RPs had been deleted.

In one case the user messed up my HJT fix instructions. I would have liked to go back to the former infected state and start over but all RPs had gone. That one ended up in a reformat.

Intel ... I'm also a member of EE (and have been for a long time). I didn't know they advocated deleting all RPs before even attempting a fix. Can you point me in the right direction of where they say this on the website and I'll take it up with them. Thanks.

Well. There you have it. My view. Take it or leave it, I guess!!

rubytuesday

Sorry to be technically ignorant but what does it mean to have restore points on or off what are they or where? :rolleyes:

pchelpman

Hi rubytuesday

This should help you...

http://searchwin2000.techtarget.com/sDefinition/0,,sid1_gci827077,00.html

Browntoa

pchelpman wrote:

Seeing as my name's been mentioned I thought I'd explain my personal view.

I would NEVER advocate purging/deleting previous Retore Points ("RPs") automatically before carrying out a fix. Not unless it is clear that not doing so is causing a problem.

My views is (as others have mentioned) "An infected RP is better than no RP at all."

After a PC is clean and working again THEN I recommend cleaning out all old RPs and immediately creating a new one as something to fall back on if anything else goes wrong.

Now ... IF I can't fix a PC then the suggestion is that maybe there IS something hiding in the RPs. In that case I WOULD delete them all as they are clearly stopping the clean up.

Couple of anecdotal cases.

In some instances (admittedly only a few) I have asked users if they can invoke a RP only to be told "no" because all RPs had been deleted.

In one case the user messed up my HJT fix instructions. I would have liked to go back to the former infected state and start over but all RPs had gone. That one ended up in a reformat.

Intel ... I'm also a member of EE (and have been for a long time). I didn't know they advocated deleting all RPs before even attempting a fix. Can you point me in the right direction of where they say this on the website and I'll take it up with them. Thanks.

Well. There you have it. My view. Take it or leave it, I guess!!

apologies mate...I could have sworn that was one of your updated bits..

whoops

I suppose I am confident in my abilities, I can see what you mean about an incorrectly "fixed" hijackthis log though if you are guiding someone through a clean and they screw it up...

Toxteth_OGrady

:grouphug:

:rotfl:

:cool:

TOG

rubytuesday

I am now having lots of problems with my computer due to someone using it for purposes that have resulted in the end of our relationship! Anyway I now have loads of critical errors and spyware. Would it be best to purchase something to sort this out? If so what?
Thanks :mad:

pchelpman

rubytuesday ... First off go here and carrry out all the steps. See if that fixes it for you....

http://forums.moneysavingexpert.com/showthread.html?t=133269

If not then start a "new topic" in the Techie Forum, explain what you are seeing on your PC and what problems you are having. Also give us details of your PC (make, model, which operating system and so on). You will be given advice on what to do to fix it.

Browntoa wrote:

I suppose I am confident in my abilities, I can see what you mean about an incorrectly "fixed" hijackthis log though if you are guiding someone through a clean and they screw it up...

yeah ... it can be a real pain if you spend hours formulating a fix then they mess it up. Yes, I know they are on their own if they do that but, if they have a bad RP, at least they can go back and we can try again.