GENERALIZED ROUTINE FOR CLEANING UP AN INFECTED PC :
If you think you have a virus, get rid of it as soon as possible. These programs are like a cancer and will feed and grow until you cannot cure the disease without killing
the patient. Much of the software I use is freely available on the internet and can be found at minornotes.com/misc.html
Although I often don't, it's a good idea to boot to safe mode if at all possible.
For XP, tap F8 after the bios screen on bootup and choose "Safe Mode" or "Safe Mode with Networking".
For 98/95, tap shift/F3 or shift/F5 after the bios screen.
For 2000/NT, it's shift/F8.
For Win ME, well, first get rid of ME and then start again.
The first thing I look for is a recent backup, either in SystemTools/SystemRestore or start/run/regedit/import as a backed up registry. Rarely do I find any registry backups unless it's a machine I've
previously worked on. The System Restore files are probably also infected anyway.
If System Restore is useless, turn it off in ControlPanel/System. Not mandatory, but this purges any infected Restore points, plus frees up a lot of space.
Using Startup Mechanic or start/run/msconfig/startup, disable any suspicious looking processes that launch when Windows loads.
Run the utility "Hijack This". This works like msconfig but includes critical windows services and browser helper objects that can have serious effects if accidentaly disabled. This list needs to
be studied very carefully unless you're familiar with it's entries.
Reboot. Empty all internet junk files with a clean utility like Ace or Norton, or by your IE browser in tools/internet options/clear history, delete cookies and delete files (check delete offline
content).
Run AdAware, SpyBot, MalwareBytes and/or any other spyware scanner you can throw at it. A reboot may be necessary but not always.
Run AVG, Avira or similar virus scanner at full sweep. Eat lunch. Drink a beer. This will take over an hour to complete.
Reboot in normal mode.
Re-run all spyware scanners and HijackThis. If anything is found, write down the virus filenames and go online to find a solution for those specific infections. Otherwise, run Ace or any other
registry/temp file cleaner then defrag hard drive.
For XP, turn on SystemRestore in ControlPanel/System and reboot one last time. If everything is okay backup your work either in SystemTools/SystemRestore or start/run/regedit/export.
Although this sounds simple, these are VERY general instructions. In the event of infections that involve Vundo, Smitfraud or the various combinations of viruses used by scareware companies such as WinAntiVirus Pro, Security Tool, Internet Security 2010, etc., then much of this procedure will not be do-able because you'll be unable to access the required utilities and will not be able to boot in safe mode. If you can identify the parent application of these infections, you'll need to find a working computer and search for removal instructions specific to the parent application.
