Removing Viruses, Spyware, Trojans, and Worms

CLASSIC PC | YOU DO SUCCEED | DOWNLOAD | FAQ LIBRARY
LINKS | LINUX | MAIN MENU | PS2 | REFERENCE | USENET

By Anthony Olszewski
Updated 08/18/12

Once a computer is infected-infested with viruses and/or spyware, it's extremely difficult to clean the drive using an antivirus program running on that computer. (Prevention is a lot easier than a cure!) The most practical course of action is to remove the hard drive from the sick PC. Then, install that drive as the second or third drive in a healthy computer that has an antivirus program installed. For EIDE notebook hard drives, you will need an adapter to install the device in a "hospital" desktop computer.

It's important that both Windows and the antivirus program in the host computer are up-to-date with all updates – and not connected to the network. Without an agressive antivirus defense in the boot drive, instead of a cure you'll just wind up with two sick computers! Also, the scan will go a lot faster by using as powerful a system as possible. A shop will find it well worth the effort to have a computer with both SATA and EIDE connections set up just for this purpose.

The first thing to do is to go to MY COMPUTER and then to the afflicted drive. From there, go to WINDOWS and on to PREFETCH sub-folder. Delete the contents of that folder (not the folder). After that, run a scan of the antivirus program on the sick drive. When the antivirus scan is finished, download Roguefix to the new drive. Reinstall the drive in the original computer. Before the Windows logo appears, hit F8 to boot into Safe Mode. Run Roguefix in Safe Mode. The computer should be clean. Be sure to install an antivirus program now!

Some of the stinkers infect the Windows System Restore volume -- where antivirus programs can't get at them. When this happens (booting from the drive installed in the infected computer), go to START > Control Panel > System > System Restore and then Turn Off System Restore. This deletes the System Restore volume (and erases all checkpoints). Turn System Restore back on once you are certain that all malware is exterminated.

You also will need to make sure that a rootkit is not the problem. If Internet Explorer gets forwarded to a different Site in Search Engine results, the computer is very likely infected with a rootkit. TDSSKILLER is the best tool for this.
To fix the System Time Virus Alert spyware:
START > Control panel. Click Regional and Language option. Change from ENGLISH (US) to ENGLISH (ZIMBABWE). Apply and then again select ENGLISH (US). Click apply.

For Task Manager disabled, no My Computer, no My Documents, Regedit disabled, no cmd, and no Local C: drive:
Right click the Taskbar and then select Properties > Start Menu > Customize. Click Advanced, then select all the missing Start Menu items.

If the Local C: drive and All Programs entry on the Start Menu are missing:
Run regedit. Find
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Delete these entries in the right pane: NoDrive and NoStartMenuMorePrograms

Useful Programs

  • Fix-Policies.exe
    Fixes a number of problems caused by malware by correcting Registry Entries
  • ATF-Cleaner.exe
    Clears out a wide range of temporary files where viruses hide