Re: removing infected files

• Previous message: Torgeir Bakken \(MVP\): "Re: unable to activate firewall"
• In reply to: Malke: "Re: removing infected files"
• Next in thread: Bob_Whaley: "Re: removing infected files"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 25 Jan 2005 03:17:07 -0800

Yeah... sorry about that. I foolishly neglected to mention using an ntfs
version of dos (most of which also work for fat). I spose thats what happens
at 6am post-all-nighter!

"Malke" wrote:

> tungstentoaster wrote:
>
> > I would suggest deleting them in the MS-DOS environment booting your
> > computer on an MS-DOS boot disk and using "del C:\undo\<name of
> > infected file>.ini" for each.
>
> This will not be useful for the OP unless he has a) his XP installation
> on a FAT32 partition; b) or is using a specialized DOS boot disk that
> can read NTFS.
>
> To the OP: Make sure your NAV has the most current virus definitions and
> scan with it in Safe Mode. To get to Safe Mode, repeatedly tap the F8
> key as the computer is starting. This will get you to the proper menu.
> Do a thorough scan.
>
> If you are having difficulty seeing files/folders, make sure you have
> the Folder Options>View choices set to show all files and extensions.
> After you are completely sure your computer is clean, make a new System
> Restore point and delete all but that System Restore point from the
> More Options section of Disk Cleanup (Run>cleanmgr).
>
> Here are general malware removal steps. Do everything with updated tools
> in Safe Mode:
>
> 1) Scan in Safe Mode with current version (not earlier than 2003)
> antivirus using updated definitions.
>
> Before you remove malware, get LSPFix (or WinSockFix for XP which you
> can get from MajorGeeks) - see links below.
>
> 2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
> programs are free, so use them both since they complement each other.
> There is a new version of CWShredder from Intermute. I would not
> install the other Intermute programs, however. Alternately, there are
> CoolWebSearch malware removal steps at SilentRunners.
>
> Be sure to update these programs before running, and it is a good idea
> to do virus/spyware scans in Safe Mode. Make sure you are able to see
> all hidden files and extensions (View tab in Folder Options).
>
> If the malware remains even after you used Ad-aware and Spybot, you can
> scan with HijackThis. HijackThis is an excellent tool to discover and
> disable hijackers, but it requires expert skill. See below for
> HijackThis links, including sites where you can post your HJT logs. A
> combination of HijackThis and About:Buster works well in removing the
> About:Blank homepage hijacker. Again, this is an expert tool and
> novices should get help with it.
>
> 3) If you are running Windows ME or XP, you should disable/enable System
> Restore because malware will be in the Restore Points. With ME, you
> must disable System Restore completely. With XP, you can delete all but
> the most recent (presumably clean) System Restore point from the More
> Options section of Disk Cleanup (Run>cleanmgr).
>
> 4) Make sure you've visited Windows Update and applied all security
> patches. Do not install driver updates from Windows Update.
>
> 5) Run a firewall.
>
> Links to help with malware:
>
> Software/Methods:
> http://www.safer-networking.org - Spybot Search & Destroy
> http://www.lavasoftusa.com - Ad-aware
> http://www.majorgeeks.com - good download site
> http://www.intermute.com/spysubtract/cwshredder_download.html
> http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
> http://www.cexx.org/lspfix.htm - Repair Winsock 2 settings after
> removing spyware
>
> HijackThis:
> http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
> Eshelman
> http://forum.aumha.org/
> http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
> forum
> http://www.wilderssecurity.com/
> http://forums.tomcoyote.org/
>
> General:
> http://forum.aumha.org/ - look under "Security" for various forums
> http://rgharper.mvps.org/cleanit.htm
> http://mvps.org/winhelp2002/unwanted.htm
> http://www.aumha.org/a/parasite.htm - The Parasite Fight
> http://www.spywarewarrior.com/rogue_anti-spyware.htm
>
> Malke
> --
> MS MVP - Windows Shell/User
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
>

• Previous message: Torgeir Bakken \(MVP\): "Re: unable to activate firewall"
• In reply to: Malke: "Re: removing infected files"
• Next in thread: Bob_Whaley: "Re: removing infected files"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]