LINKS | LINUX | MAIN MENU | PS2 | REFERENCE | USENET
By Anthony Olszewski|
Once a computer is infected-infested with viruses and/or spyware, it's extremely difficult to clean the drive using an antivirus program running on that computer. (Prevention is a lot easier than a cure!) The most practical course of action is to remove the hard drive from the sick PC. Then, install that drive as the second or third drive in a healthy computer that has an antivirus program installed. For EIDE notebook hard drives, you will need an adapter to install the device in a "hospital" desktop computer.
It's important that both Windows and the antivirus program in the host computer are up-to-date with all updates and not connected to the network. Without an agressive antivirus defense in the boot drive, instead of a cure you'll just wind up with two sick computers! Also, the scan will go a lot faster by using as powerful a system as possible. A shop will find it well worth the effort to have a computer with both SATA and EIDE connections set up just for this purpose.
The first thing to do is to go to MY COMPUTER and then to the afflicted drive. From there, go to WINDOWS and on to PREFETCH sub-folder. Delete the contents of that folder (not the folder). After that, run a scan of the antivirus program on the sick drive. When the antivirus scan is finished, download Roguefix to the new drive. Reinstall the drive in the original computer. Before the Windows logo appears, hit F8 to boot into Safe Mode. Run Roguefix in Safe Mode. The computer should be clean. Be sure to install an antivirus program now!
Some of the stinkers infect the Windows System Restore volume -- where antivirus programs can't get at them. When this happens (booting from the drive installed in the infected computer), go to START > Control Panel > System > System Restore and then Turn Off System Restore. This deletes the System Restore volume (and erases all checkpoints). Turn System Restore back on once you are certain that all malware is exterminated.
You also will need to make sure that a rootkit is not the problem. If Internet Explorer gets forwarded to a different Site in Search Engine results, the computer is very likely infected with a rootkit. TDSSKILLER is the best tool for this.