Overview
Malicious software is getting more sophisticated. It generally takes several passes from diverse
tools to do the trick. Here are some of the tools I use to remove the majority of infections.
There may be times when it is more cost effective to reload the operating system. A good backup and
recovery system is very helpful, sometimes critical, for success.
"There are two common methods that an anti-virus software application uses to detect viruses.
The first, and by far the most common method of virus detection is using a list of virus signature definitions.
This works by examining the content of the computer's memory (its RAM, and boot sectors) and the files stored on fixed or removable
drives (hard drives, floppy drives), and comparing those files against a database of known virus "signatures".
The disadvantage of this detection method is that users are only protected from viruses that pre-date their last virus definition update.
The second method is to use a heuristic algorithm to find viruses based on common behaviors. This method has
the ability to detect novel viruses that anti-virus security firms have yet to create a signature for.
"From
Wikipedia
Therefore, it is important to update the virus signature database for each product to get the maximum recovery.
There also are tools to remove specific viruses. If the tools described above will not remove the virus, look
for a virus specific tool. There are websites with lists of these virus specific tools. I call them Tool Libraries.
Removal Instructions
1) Maybe your lucky: Try to restore the System to an earlier state using
System Restore.
This is a feature of all Microsoft Operating Systems since Windows Me released on September 14, 2000.
Go to:
Start-->All Programs-->Accessories-->System Tools-->System Restore
Restore to a point a day or so prior to when you noticed the infection. Repeat the Restore several times for earlier dates
if the first attempt does not remove the infection. Go to the next steps if this does not heal the system.
2) Still infected?: Start your system in
"Safe Mode".
Avoid starting in "Safe Mode with Networking" as some malware can take advantage of the connection to re-infect.
Be prepared to use another computer and a flash drive to transfer programs and data to and from the infected computer.
3) Turn off System Restore.
Some malware can take advantage of System Restore's features to re-infect. Remember to turn it back on when the
system is cleaned.
3) Backup your critical data: My Documents, Outlook PST files, Machine specific drivers,
Quickbooks, TurboTax, TaxCut and other financial data. A Full Backup is best but it also saves the viruses and takes
more time and space. At the minimum copy the stuff off the system that exists nowhere else on the planet. Then focus
on the stuff that would be difficult to replace in descending order of difficulty.
For XP I use NTBackup. This is found at:
Start-->All Programs-->Accessories-->System Tools-->Backup
XP Home Edition does not automatically install NTBackup.
Download NTBackup from Microsoft
if you do not find it in "System Tools".
Here are Backup instructions for:
XP,
Vista,
Windows 7.
5) Clean the Malware off the system: Use the tools shown below.
6) Turn System Restore Back on: This will automatically create a beginning Restore Point for later use if needed.
7) Fully Backup the Cleaned System.
8) Implement a regular Backup, Scanning and Cleaning Schedule.
