If you think you have a virus, get rid of it as soon as possible. These programs are like a cancer and will feed and grow until you cannot cure the disease without killing the patient. All the software used here is freely available on the internet or can be found at MINORNOTES

Although I often don't, it's a good idea to boot to safe mode if at all possible.
Tap F8 after the bios screen on bootup and choose "Safe Mode" or "Safe Mode with Networking".

The first thing I look for is a Registry backup prior to the infection in Start/Programs/Accessories/SystemTools/SystemRestore.
Windows 8 has no Start so you'll need to search out the file rstrui.exe
Keep in mind that the Restore points may also be infected, and that Windows 8 has trouble with Restore points older than a week or so.
If System Restore is useless, turn it off in ControlPanel/System. Not mandatory, but this purges any infected Restore points, plus frees up a lot of space.

Run COMBOFIX. Eat lunch. Drink a beer. This will take quite a while to complete.
Keep in mind Windows 8 is not capable of running Combofix.


Run an up-to-date MALWARE BYTES. Have another beer.

Using MSCONFIG in start/run/msconfig, disable any suspicious looking Services and Startup items that launch when Windows loads.
In Windows 8 you'll need to do a search for msconfig.exe (by now it should be apparent that Windows 8 sucks).

Run the utility HIJACK THIS. This works like msconfig but includes critical windows services and browser helper objects that can be either rogue or needed, and have serious effects if the wrong ones are disabled. This list needs to be studied very carefully unless you're familiar with it's entries. Skip this step if the scan looks intimidating. Better safe than sorry.

Run CCleaner Junk Files and Registry cleaners.

Defrag the hard drive using AUSLOGICS or your preferred defragger.

Reboot one last time.

If everything is okay backup your system in SystemTools/SystemRestore.

That's it. Definitely have another beer.

Now that you have the tools and have used them once this will go much quicker & easier next time. However, these are VERY general instructions. In the event of infections that involve various combinations of viruses used by scareware companies such as WinAntiVirus Pro, Security Tool, RegCleanPro, Internet Security 2015, etc., then much of this procedure will not be do-able because you'll be unable to access the required utilities and will not be able to boot in safe mode. If you can identify the parent application of these infections (the fake scareware product name like the aforementioned) , you'll need to find a working computer and search for removal instructions specific to those fake products.

Good luck & happy hunting!

jw. September 2006 / revised April 2015