Spyware & Virus Removal - Win7 & Vista

Our first order of business is to download the programs we will need. Many forms of Malware (some designed to be invisible to the user) will hide in Temp folders, so we will not download programs to any Temp folders Because standard Malware cleaning will delete everything in there. We will install and configure the programs and then run scans in the C:... This is the root directory Where Windows is installed.

Download the Programs listed below:

- CCleaner (do not run yet)

- SuperAntiSpyware (do not run yet)

- Malwarebytes Anti-Malware (do not run yet)

*Rename  as a work-around for malware  malware will block the setup file to avoid detection

-  (do not run yet)

*Not compatible with 64 bit versions of Windows

*If you are running a real time antivirus (like AVG) you must disable it or you could damage your system while running combofix

*The same problem may exist while running McAfee

*Kaspersky may get false detections from  and  as Heur.Invader (infections)... ignore these false positives

*Some Firewalls may have to be uninstalled to run combofix.

- MGTools (do not run yet)

*Download this and save to the root folder ( C: ) where Windows is typically stored. You should have C: after download.

- RootRepeal (do not run yet)

*Not compatible with 64 bit systems

Disable The User Account Control (UAC)

- Click Start, and then click Control Panel.

- In Control Panel, click User Accounts.

- In the User Accounts window, click User Accounts.

- In the User Accounts tasks window, click Turn User Account Control on or off.

- If UAC is currently configured in Admin Approval Mode, the User Account Control message appears. Click Continue.

- Clear the Use UAC to help protect your computer check box, and then click OK. If it is already unchecked, then you should also notice a red shield with an X in it

located in your system tray. Ignore any messages about the UAC being disabled.

- Click Restart Now to apply the change right away. (Restart even if you did not make the above change, we need to be sure that a reboot has occurred since

the first time that UAC was disabled.)

*Note: Do Not Continue Until The UAC has been disabled and you have rebooted your system

Safety in Safe Mode

The moment you become aware that your system has random browser windows materializing out of oblivion and your bandwidth mysteriously is being siphoned by an unknown binary entity boot into safe mode; it varies with the type of PC you have, but try hitting F8 during boot up. Safe Mode is a special diagnostic mode you can boot Windows into. Windows loads and runs the bare minimum of services in memory, neglecting all the extra stuff that usually loads up--in many cases, spyware

included--when you boot up Windows normally.

Determine if it's a Virus or Spyware

It's not always easy to determine whether your PC is infected with a virus or spyware. Often random browser windows materializing out of oblivion and your bandwidth mysteriously being siphoned by an unknown binary entity may seem like a virus. To determine (if your infected and) exactly what you're infected with you will need to run virus scans. Also, gather as much information as you can and query Google to see if any users are having the same problems and have any possible solutions. You may find out more information about the infection plaguing your system.

When in Safe Mode, it's time to run a virus scan. Run a full system scan with your anti-virus program set at its maximum scan settings; (consult its manual to learn how to do this). If you have a massive hard drive, this may take an hour or more (for each scan), so be patient. When each scan has concluded, delete any suspected

infected files and reboot into Safe Mode. At this point you are going to install the programs and run each scan one time.

- CCleaner Unpack and analyze the temporary files on the system. You can adjust according to your needs with passwords (for example), but, clean out everything.

- SuperAntiSpyware Unpack and follow the on screen instructions to load... Update the Virus signatures and run a scan. Clear out all of the bad stuff. Obtain a log for

analysis. Repair broken Internet Connections, Desktops, Registry Editing, Task Manager and more with the Repair System.

- Malwarebytes Anti Malware Unpack and follow the on screen instructions to load... Update the Virus signatures and run a scan. scan. Quarantine all of the bad files. Obtain a log. The system is probably pretty clean at this point.

- ComboFix Execute the  file. If Safe Mode is blocked,  will correct this. Finish all procedures and attach the log at the end. If you have any problems running combofix, skip this procedure and continue on.

- RootRepeal Run rootrepeal to get a rootrepeal log.

- MGTools Run mgtools

*Note: Each of these programs have tutorials which can be accessed if users run into any difficulties following the on screen instructions.

Determine If Your Still Having Problems with a Virus or Spyware

If you are still having problems, you can get expert log analysis for Free at the support forums of ,  or . You will send them the logs from Malwarebytes anti-malware, Superantispyware, ComboFix, Rootrepeal and MGlogs... Depending on which forum you choose, make Sure you submit your query once and wait for the experts to get to your problem. Sometimes they are near real time with their response time and sometimes not. Be Patient. If you start multiple requests on the same problem it will take them longer to assist you. Your other alternative is to take your system in to a professional Repair shop and pay money for what can be accomplished for free.

Problems Solved

If you are no longer having any problems,

- Enable User Account Control

*Look into your system tray and locate the security notice alerting you to enable UAC... Click on it to bring your security posture back to normal.

Depending on how long you have been infected with viruses, spyware, Trojans, etc... this malware could have saved in your system through the System Restore Utility. If this is the case it can re-infect your system. The Virus and Spyware removal programs ran to clean out the malware did not have access to the protected Directory of system restore. Disabling the System Restore removes all restore points. This removes any infected restore points. We saved this for last in case of Disaster (we still have a restore point).

- Disabling System Restore

- For Windows 71. Click Start2. Right click Computer> Properties > Choose Advanced System

Settings option in left menu listing.3. Click System Protection tab4. Then highlight the drive you wish to turn off System Restore

and click Configure

5. Then choose Turn off system protection6. Click Apply > OK

To re-enable follow steps 1 - 4 and then choose Restore system settings and previous versions of files > Apply and OK

- For Vista1. Click Start2. Right click Computer > Properties > Choose Advanced System

Settings option in left menu listing.3. If UAC enabled you will get a UAC prompt at this click Continue4. Click System Protection tab5. Then Untick any Drive Listed ( see pic below ) and in the popup

window click Turn Off System Restore6. Click Apply > OK

To re-enable System Restore, follow steps 1-4 then Tick the Drives you wish to enable System Restore on and click Apply and OK

- ***Disable System Restore, Reboot the system, then you re-enable System Restore!!!

Antivirus & Antispyware Certification Programs

When you're purchasing a trustworthy Security Application, confirm that the program you choose has earned certification from ICSA Labs, Virus Bulletin, West Coast Labs, the National Association of Specialist Computer Retailers, and others that require antispyware and antivirus programs to meet stringent requirements to receive certification.

Are Things Back to Normal

After performing all the above, do a normal reboot (not in Safe Mode) and determine if your PC is still acting up. If you are still having problems, quite possible your only other option is to completely format your Windows drive and do a clean install. This last resort can sometimes be a pain to do and is time consuming, to say the least, but you may notice that your PC has gotten back that right-from-the-store spring in it's step! Don't forget to back-up your data first. Good Luck!