Virus removal


Here are some useful tools for removing viruses or spyware.

Malwarebytes Top rated anti-malware tool which should be used along with SUPERAntiSpyware to clean viruses.
SUPERAntiSpyware Very good tool for removing spyware. I use it now instead of Ad-aware and Spybot Search & Destroy.
They even offer a portable solution that can be run from a thumbdrive with no installation required.
 
ComboFix Specialized tool to remove certain root kit viruses. Read the "how to use" guide for more information.
 
HijackThis Get the latest version of HijackThis from sourceforge.net
 
Spybot S&D Safer Networking is the maker of Spybot Search & Destroy.
 
PC Hell This site has lots of advice for fixing your PC.
Bleeping Computer This site has a tutorial for removing viruses. The main details of the article are listed below.


In October 2011, a friend's computer got infected with a bunch of nasty root kit viruses. The computer had limited access to the Internet and blocked any attempt to use anti-virus tools. It renamed existing tools and somehow marked them as read-only. The anti-virus tools could not be deleted or reinstalled. Spent a lot of time trying to remove the viruses but almost gave up. Found an article about the ComboFix tool and decided to give it a try. Was very impressed with how ComboFix was able to dig out the hidden root kit entries and restarted Windows to remove additional viruses. The process took some time but was well worth it. Ran Malwarebytes Anti-Malware and SUPERAntiSpyware which cleaned up additional issues.


In May 2010, one of our Windows 7 computers got a bogus warning about Spyware. The warning was the actual virus! The program made it impossible to run other programs. I restarted the machine in Safe Mode and chose to restore to the last known working version. The main problems went away but there was still some clean-up required. Used HijackThis to remove a few bad startup entries and CCleaner to remove numerous temporary files. During the analysis phase AVG recognized one of the temporary Internet files as Trojan horse Crypt.UZD! The program probably snuck in the system from the Boston.com web site.


Back in 2006, one of our computers got hit with some nasty spyware/virus programs: Ezula, VX2 and iSearch. Luckily Trend Micro real-time scan notified us about the suspicious activity. We immediately halted all Internet traffic to stop additional programs from loading. The spyware updated the search tools in Internet Explorer and Firefox. It redirected all search requests through custom search sites and updated the host file. New spyware kept loading and limited our ability to download clean-up programs from the Internet!  (The spyware removal tool in Trend Micro is limited.)
 
It took over 2 hours to get the system clean. Luckily we had a second PC to grab the correct tools from the Internet. Had to reboot in Safe Mode in order to remove a hidden folder where the iSearch software was installed.
 
I strongly recommend having Spybot Search & Destroy and HijackThis installed on your machine or available on a CD.
Another useful utility is called Starter, it allows you to disable programs that load at startup.

Click on the links below to download directly from the-wright-site or visit the vendor sites listed above. All the programs are free.
Spybot Search & Destroy v1.4, Hijack This v1.99.1, CWShredder v219.

You could try an older version of CWShredder v215 to remove files. The newer versions are from Trend Micro and only report problems.
 

How do I remove Spyware and Hijackers?

A word of caution before you use any of these programs. Spyware is sometimes tightly integrated into other legitimate programs that you use and disabling them could cause those programs to no longer function properly. For example, Kazaa, which is a popular file sharing service, installs spyware into your computer when you install it. By removing this spyware, Kazaa will no longer work. In my opinion, removing the spyware and preserving your privacy is more important than using the programs that install them, but it is ultimately your choice to decide which is more important.

Spybot - Search and Destroy is an excellent utility. It will search your computer for any known Spyware and Hijackers and remove them from your system. It does this by scanning your registry, files, cookies, and other storage places against a large database of known offenders.  When it finds a Spyware/Hijacker it will present it in a list of others that if found and allow you to choose which you want to delete.  You can then have Spybot remove these entries and delete the files.

You can download this Spybot here: Spybot - Search and Destroy

Ad-Aware is another excellent piece of software for removal of Spyware and Hijackers. It has the same features as Spybot, but was one of the first programs to be created for removal of these types of programs and is recommended that you scan with this software as well as Spybot.

You can download Ad-Aware here: Ad-Aware

HijackThis is another tool that you can use when all else fails or to remove any leftover traces of a removed Hijacker , Spyware, or Trojan.  Unfortunately, Spybot does not find everything, so if you are still having problems you can use this tool to try to find the offender. When you run Hijack this, it will list all entries found on your computer that COULD be potential Browser Hijackers. I stress could, because HijackThis will list all entries, regardless of whether or not they should be there, that follow the same pattern that a Hijacker would use. This tool is not a removal tool in itself, but rather an enumerator that will list settings found in various files and in your registry.  You can then use that information to determine if you have any leftovers of a Hijacker/Trojan/Spyware still in place, or to find one that Spybot may have missed.  Use of this program should only be done by those who have a advanced understanding of how a windows and operating systems work or are willing to ask others for help. Please make sure you know what you are doing when you have HijackThis fix entries, as incorrect usage can cause problems on your computer.   If you use this program and are unsure of how to interpret the results, you are more than welcome to paste your log into a message on our forum for us to help you.

You can download HijackThis here: HijackThis

If you would like to read some tutorials on how to remove Spyware and Browser Hijackers, click on the links below.  It is recommended that you scan with both Ad-Aware and Spybot before you use HijackThis, as each of those programs tend to find Spyware/Hijackers that the other does not.