Prerequisites:
A Computer
This guide is for infected PC & NON-infected PC
Probably this will save your money for stupid virus issues
"this tutorial mainly contains automated tools". for manual removal i am writing another tutorial
Probably this will save your money for stupid virus issues
"this tutorial mainly contains automated tools". for manual removal i am writing another tutorial
STEP -0 PREPARATION
a.disable UAC in vista/windows7 (disabling user account control will not block any removal tools process.and work will be little speedy)
-goto Start menu-->in search box type UAC-->Drag it down to lowest level-->ok.
a.disable UAC in vista/windows7 (disabling user account control will not block any removal tools process.and work will be little speedy)
-goto Start menu-->in search box type UAC-->Drag it down to lowest level-->ok.
b.disable installed anti-virus or any other security product (same reason of not interrupting malware removal process)
-this is very big list, follow [http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html]
-this is very big list, follow [http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html]
c.run RKILL [http://www.bleepingcomputer.com/download/antivirus/rkill]
(this will disable all possible virus files which are running And you can use the removal tools)
-Just double click the file you downloaded.
(this will disable all possible virus files which are running And you can use the removal tools)
-Just double click the file you downloaded.
d.run malaware [http://download2.emsisoft.com/malaware/MalAware.exe]
(very small and good cloud anti-malware .this will remove most common but difficult to infections. MAKE SURE INTERNET CONNECTION IS AVAILABLE)
-double click the file-->start-->Clean/protect-->select exit-->next
(very small and good cloud anti-malware .this will remove most common but difficult to infections. MAKE SURE INTERNET CONNECTION IS AVAILABLE)
-double click the file-->start-->Clean/protect-->select exit-->next
e.run quickFix plus -- ONLY FOR XP [http://leelusoft.blogspot.com/2009/10/xp-quick-fix-plus.html]
(enables most of the common problems like cmd.exe,regedit,taskman,cd/dvd drive error fix and much more.small and handy)
-double click file-->just put mouse on a fix to see the function in lower plane-->click on fix which is applicable.
(enables most of the common problems like cmd.exe,regedit,taskman,cd/dvd drive error fix and much more.small and handy)
-double click file-->just put mouse on a fix to see the function in lower plane-->click on fix which is applicable.
e2.run 7quickFix --ONLY FOR VISTA/WIN7 [http://leelusoft.blogspot.com/2009/12/7-quick-fix.html]
(same as quickfix xp but for vista & win7 machines)
-double click file-->just put mouse on a fix to see the function in lower plane-->click on fix which is applicable.
(same as quickfix xp but for vista & win7 machines)
-double click file-->just put mouse on a fix to see the function in lower plane-->click on fix which is applicable.
STEP -1 CLEANUP (no temp cleaner is perfect so i used good and effectinve cleaners. this will go to every possible temp & most virus remainings to remove and improve AV scan time.)
a.run Ccleaner (only file cleaning don't run reg cleaning) [http://www.piriform.com/ccleaner/download/portable]
(most simplest temp file cleaner.it can remove unwanted startup items)
-double click file-->press 'run cleaner'-->close the program.
a.run Ccleaner (only file cleaning don't run reg cleaning) [http://www.piriform.com/ccleaner/download/portable]
(most simplest temp file cleaner.it can remove unwanted startup items)
-double click file-->press 'run cleaner'-->close the program.
b.run ATF Cleaner (with all function temp + firefox + opera) -- for WIN XP ONLY [http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25]
(good at browser temp cleaning)
-double click file-->select the check boxes-->press 'empty selected' (do this same for firefox & opera)
(good at browser temp cleaning)
-double click file-->select the check boxes-->press 'empty selected' (do this same for firefox & opera)
c.run purera (check all the option) [http://raproducts.org/click/click.php?id=7]
(removes temp & backups that is not use full. and saves lots of space)
-double click file-->next-->select 'check all' & 'create log'-->clean. (this will create 'c:\purera.log' file)
(removes temp & backups that is not use full. and saves lots of space)
-double click file-->next-->select 'check all' & 'create log'-->clean. (this will create 'c:\purera.log' file)
d.run TFC (After cleaning this will reboot your PC) [http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/]
(specially designed for assisting malware removal tools. removes tools remainings & remainings by viruses)
-double click file-->start (run this as administrator)
(specially designed for assisting malware removal tools. removes tools remainings & remainings by viruses)
-double click file-->start (run this as administrator)
e.run CleanAfterMe [http://www.nirsoft.net/utils/cleanafterme.exes]
(this tool is used for clearing tracks)
-double click file-->select all check boxes-->clean selected items (cleaned items can be seen in lower plane)
(this tool is used for clearing tracks)
-double click file-->select all check boxes-->clean selected items (cleaned items can be seen in lower plane)
f.run diskmax [http://www.koshyjohn.com/software/diskmax/download.html]
(it is same as F.A.C.E. specially for temp cleaning and disk defragment.everything automated)
-install diskmax-->select 'complete' option.
(it is same as F.A.C.E. specially for temp cleaning and disk defragment.everything automated)
-install diskmax-->select 'complete' option.
g.run JavaRa (removes old java JRE) [http://sourceforge.net/projects/javara/files/javara/JavaRa/JavaRa.zip/download]
(removes older virsions and useless remainings of java runtime environment-JRE)
-double click file-->select language-->remove older virsions (close all web browsers)-->after that 'search for updates'(and install new version)-->now click on 'additional tasks'-->select the checkboxes 'remove useless JRE files','remove starup entry'-->GO
(removes older virsions and useless remainings of java runtime environment-JRE)
-double click file-->select language-->remove older virsions (close all web browsers)-->after that 'search for updates'(and install new version)-->now click on 'additional tasks'-->select the checkboxes 'remove useless JRE files','remove starup entry'-->GO
h.run revo-uninstaller [http://www.revouninstaller.com/download/revouninstaller.zip]
(Use full for removing toolbars and other crap)
-double click 'revouninstaller.exe'-->select the unwanted software you want to remove-->press 'uninstall'-->check on 'moderate'-->press 'next'-->follow the application's uninstaller-->(now it will scan remaining files & registry) press 'next'-->select all (for files & registry)--> delete remainings-->finish
(Use full for removing toolbars and other crap)
-double click 'revouninstaller.exe'-->select the unwanted software you want to remove-->press 'uninstall'-->check on 'moderate'-->press 'next'-->follow the application's uninstaller-->(now it will scan remaining files & registry) press 'next'-->select all (for files & registry)--> delete remainings-->finish
i.run pc-decrapifier [http://www.pcdecrapifier.com/download]
(special tool for removing bloatware & trialware & toolbars)
-install-->next->next->next-->select state of your pc-->'create restore point'-->click 'next'-->select unwanted applications-->remove-->exit
(special tool for removing bloatware & trialware & toolbars)
-install-->next->next->next-->select state of your pc-->'create restore point'-->click 'next'-->select unwanted applications-->remove-->exit
STEP -2 BACKUP
a.run eruNT (registry backup) [http://www.larshederer.homepage.t-online.de/erunt/]
(when we use run any registry cleaner or registry removal by any Antivirus product .there is chances for registry corruption.for preventing that use this tool.it will save the copy of current user profile and all registry hives for easy restoretion)
-double click 'eruNT.exe'(run as administrator)-->press 'ok' on welcome message-->select check box 'system registry','current user registry'-->navigate where you want the backuped files-->press 'ok'-->create folder 'ok'-->back up complete 'ok'
a.run eruNT (registry backup) [http://www.larshederer.homepage.t-online.de/erunt/]
(when we use run any registry cleaner or registry removal by any Antivirus product .there is chances for registry corruption.for preventing that use this tool.it will save the copy of current user profile and all registry hives for easy restoretion)
-double click 'eruNT.exe'(run as administrator)-->press 'ok' on welcome message-->select check box 'system registry','current user registry'-->navigate where you want the backuped files-->press 'ok'-->create folder 'ok'-->back up complete 'ok'
b.run hostXpert (host file backup) [http://www.funkytoad.com/index.php?option=com_content&task=view&id=13&Itemid=]
(by this tool can edit host file ,removing or applying permissions of host file,backup & restore host file .when you are facing too many redirections check this file and replace it with original one by this tool)
-double click file-->click on 'make file writeable'-->click'backup/restore'-->create backup (this will create the host file back up in same folder where hostxpert is)-->click'make readonly'-->exit
(by this tool can edit host file ,removing or applying permissions of host file,backup & restore host file .when you are facing too many redirections check this file and replace it with original one by this tool)
-double click file-->click on 'make file writeable'-->click'backup/restore'-->create backup (this will create the host file back up in same folder where hostxpert is)-->click'make readonly'-->exit
STEP -3 REG CLEANUP (remove obsolute and crap registry entrys)
a.run wise cleaner [http://www.wisecleaner.com/soft/WRCFree.zip]
(this is safe registry cleaner.which will fix many internet and file related problems)
-double click 'WiseRegistryCleaner.exe'-->select language-->cancel the back up option (because we have done it)-->scan(make sure it is on 'check all')-->Fix-->exit
a.run wise cleaner [http://www.wisecleaner.com/soft/WRCFree.zip]
(this is safe registry cleaner.which will fix many internet and file related problems)
-double click 'WiseRegistryCleaner.exe'-->select language-->cancel the back up option (because we have done it)-->scan(make sure it is on 'check all')-->Fix-->exit
b.run glary registry repair [http://download.glarysoft.com/rrsetup.exe]
(another registry cleaner with good reputation)
-install(uncheck ask toolbar)-->start glary registry repair--> scan registry for problems-->'repair'-->close-->exit
(another registry cleaner with good reputation)
-install(uncheck ask toolbar)-->start glary registry repair--> scan registry for problems-->'repair'-->close-->exit
STEP -4 MALWARE REMOVAL (only quarantine virus file if not sure)
Part -1 general infection removal
a.run spybotSD [http://www.safer-networking.org/en/download/]
(this tool removes malware entrys based on registry hives.works good for bot removevals.removes registrys by malwares and unhooks them)
-install-->start spybotSD-->'search for update'-->'check for problems'-->'fix problems'-->uninstall program(optional)
Part -1 general infection removal
a.run spybotSD [http://www.safer-networking.org/en/download/]
(this tool removes malware entrys based on registry hives.works good for bot removevals.removes registrys by malwares and unhooks them)
-install-->start spybotSD-->'search for update'-->'check for problems'-->'fix problems'-->uninstall program(optional)
b.run malwarebytes anti-malware [http://portableappz.blogspot.com/2010/12/malwarebytes-anti-malware-15011100.html]
(most effective and special tool for malware & fraud software removals)
-install it where you want its portable virsion-->update database-->'full scan'-->remove findings(when asked for reboot do it)
(most effective and special tool for malware & fraud software removals)
-install it where you want its portable virsion-->update database-->'full scan'-->remove findings(when asked for reboot do it)
c.run emsisoft emergency kit scanner [http://www.emsisoft.com/en/software/eek/]
(this is the new generation antivirus scanner with good detections but it gives some false positive.over all works with any condition)
-double click 'emergencykit.bat'-->update database-->select 'deep scan'-->quarantine infected files-->exit
(this is the new generation antivirus scanner with good detections but it gives some false positive.over all works with any condition)
-double click 'emergencykit.bat'-->update database-->select 'deep scan'-->quarantine infected files-->exit
Part -2 fake security programs (antivirus,antispyware,optimization tools)
FIRST BOOT IN SAFE MODE (this tools are self explanatory follow instructions on screen)
a.run remove fake-antivirus [http://freeofvirus.blogspot.com/2009/05/remove-fake-antivirus-10.html]
b.run SmitfraudFix [http://siri.geekstogo.com/SmitfraudFix.php]
c.run smitRem [http://noahdfear.geekstogo.com/click%20counter/click.php?id=1]
d.run roguefix [http://www.internetinspiration.co.uk/roguefix.htm]
e.run stinger Fake-Alart [http://www.mcafee.com/us/downloads/free-tools/fake-alert-stinger.aspx]
(above are the separate tools from diffrent authers for fraudware & malware removals removes fake alerts of system,removes rogueware)
FIRST BOOT IN SAFE MODE (this tools are self explanatory follow instructions on screen)
a.run remove fake-antivirus [http://freeofvirus.blogspot.com/2009/05/remove-fake-antivirus-10.html]
b.run SmitfraudFix [http://siri.geekstogo.com/SmitfraudFix.php]
c.run smitRem [http://noahdfear.geekstogo.com/click%20counter/click.php?id=1]
d.run roguefix [http://www.internetinspiration.co.uk/roguefix.htm]
e.run stinger Fake-Alart [http://www.mcafee.com/us/downloads/free-tools/fake-alert-stinger.aspx]
(above are the separate tools from diffrent authers for fraudware & malware removals removes fake alerts of system,removes rogueware)
Part -3 Rootkit removal (RUN IN NORMAL MODE AND ALWAYS USE DISINFECT OR CURE OPTION)
a.run TDSS-Killer [http://support.kaspersky.com/downloads/utils/tdsskiller.zip]
(most effective automated antiroot kit tool for 'all versions of TDSS root kit.works on both x32 & x64 OS)
-double click file-->check both options & start scan-->ONLY APPLY CURE OR DISINFECT OPTION-->close
a.run TDSS-Killer [http://support.kaspersky.com/downloads/utils/tdsskiller.zip]
(most effective automated antiroot kit tool for 'all versions of TDSS root kit.works on both x32 & x64 OS)
-double click file-->check both options & start scan-->ONLY APPLY CURE OR DISINFECT OPTION-->close
b.run Norman TDSS cleaner [http://www.norman.com/support/support_tools/77201/en]
(good automated tool for mbr and kernal hooking rootkit removals)
-double click file-->start scan-->it will automatically cure infections-->close
(good automated tool for mbr and kernal hooking rootkit removals)
-double click file-->start scan-->it will automatically cure infections-->close
c.run GMER (ONLY FOR EXPERTS) [http://www2.gmer.net/gmer.zip]
(best for manual removal of rootkits,includes cmd shell,registry,process)
-double click file-->select'rootkit/malware'-->remove detection-->close
(best for manual removal of rootkits,includes cmd shell,registry,process)
-double click file-->select'rootkit/malware'-->remove detection-->close
d.run mbr-check (ONLY FOR EXPERTS) [http://ad13.geekstogo.com/MBRCheck.exe]
(detects and removes malicious MBR CODE injected to standard MBR code)
-double click file (run as administrator)-->if non-standerd or infected MBR found-->press 'y' hit enter-->press '2'(restore standard MBR code) hit enter(DONT USE THIS ON DELL MACHINES)
(detects and removes malicious MBR CODE injected to standard MBR code)
-double click file (run as administrator)-->if non-standerd or infected MBR found-->press 'y' hit enter-->press '2'(restore standard MBR code) hit enter(DONT USE THIS ON DELL MACHINES)
e.run combofix (download letest file USE IT AS LAST RESOURSE. IT CAN CAUSE DAMAGE IN 10/100 PC) [http://www.bleepingcomputer.com/download/anti-virus/combofix]
(very usefull for trojans and root kit removal.which even not caugth by major AV tools)
-double click file(RUN AS ADMINISTRATOR)-->this will run all scan
(very usefull for trojans and root kit removal.which even not caugth by major AV tools)
-double click file(RUN AS ADMINISTRATOR)-->this will run all scan
STEP -5 REPAIR (DO THIS EVEN IF ALL LOOKS FINE)
a.run Dial-a-Fix -- ONLY FOR XP [http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip]
(re-registers and re-assings file to its proper links and functions.repairs most of the system unstability problems)
-double click file-->select 'fix ssl/https/cryptsvc' all under 'registration center'-->'go'-->after that,click 'policies'-->uncheck 'hide disabled policies'-->rescan-->if found 'remove'-->exit
a.run Dial-a-Fix -- ONLY FOR XP [http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip]
(re-registers and re-assings file to its proper links and functions.repairs most of the system unstability problems)
-double click file-->select 'fix ssl/https/cryptsvc' all under 'registration center'-->'go'-->after that,click 'policies'-->uncheck 'hide disabled policies'-->rescan-->if found 'remove'-->exit
a2.run Advantage-PC-Fix -- ONLY FOR VISTA/WIN7 [http://www.advantage-pc.com/?page_id=721]
(same as Dial-a-fix but only for vista/win7 machines)
-double click file-->under'fixes & utilities'-->select 'system file checker','driver verifier','file signature verifier'-->press 'run'-->select all under 'vista repair options'-->press 'process checked'
(same as Dial-a-fix but only for vista/win7 machines)
-double click file-->under'fixes & utilities'-->select 'system file checker','driver verifier','file signature verifier'-->press 'run'-->select all under 'vista repair options'-->press 'process checked'
b.run xpy -- ONLY FOR XP (it is like AGENT-TWEAKS) [http://code.google.com/p/xpy/downloads/list]
(a good replacement for GS agenttweaks for xp.applies very good tweaks by registry for optimization of OS)
-double click file-->select 'make changes to your system'-->select desired tweaks-->next-->close
(a good replacement for GS agenttweaks for xp.applies very good tweaks by registry for optimization of OS)
-double click file-->select 'make changes to your system'-->select desired tweaks-->next-->close
b2.run vispa --ONLY FOR VISTA/WIN7 (it is like AGENT-TWEAKS) [http://code.google.com/p/vispa/downloads/list]
(agenttweaks for vista/win7 same as xpy)
-double click file-->select 'make changes to your system'-->select desired tweaks-->next-->close
(agenttweaks for vista/win7 same as xpy)
-double click file-->select 'make changes to your system'-->select desired tweaks-->next-->close
c.run Security-Restore [http://www.rizone3.com/archives/88]
(restores security setting for internet,system etc, which may be altered by malware)
-double click file-->press 'GO' (it will take some time to complete)
(restores security setting for internet,system etc, which may be altered by malware)
-double click file-->press 'GO' (it will take some time to complete)
d.run complete internet repair (RUN ONLY IF INTERNET PROBLEMS ARE THERE) [http://www.rizone3.com/archives/1308]
(repair most of the internet not working problems)
-double click file(run as administrator)-->simply just select every option and hit 'GO'
(repair most of the internet not working problems)
-double click file(run as administrator)-->simply just select every option and hit 'GO'
STEP -6 PROTECTION
Part -1 Passive Protection
a.disable autorun (THIS IS THE BEST FIX IN MY OPINION.IT JUST PATCHES AUTORUN VULNERABILITY)
-just run the setup which is applicable for your OS
for xp [http://support.microsoft.com/kb/967715/en-us]
for vista [http://support.microsoft.com/default.aspx?scid=kb;en-us;953252]
(stops malware spreading by usb drives)
Part -1 Passive Protection
a.disable autorun (THIS IS THE BEST FIX IN MY OPINION.IT JUST PATCHES AUTORUN VULNERABILITY)
-just run the setup which is applicable for your OS
for xp [http://support.microsoft.com/kb/967715/en-us]
for vista [http://support.microsoft.com/default.aspx?scid=kb;en-us;953252]
(stops malware spreading by usb drives)
b.run spywareblaster (apply all protections) [http://www.javacoolsoftware.com/spywareblaster.html]
(works for all browsers.inserts bad websites to black list in host file by loopback address.and protects from that type of websites infections)
-install-->goto 'updates' & update database-->goto 'protection status'-->click 'enable all protection'-->exit-->uninstall(optional - if you keep it there is no harm to PC)
(works for all browsers.inserts bad websites to black list in host file by loopback address.and protects from that type of websites infections)
-install-->goto 'updates' & update database-->goto 'protection status'-->click 'enable all protection'-->exit-->uninstall(optional - if you keep it there is no harm to PC)
c.run immunize in SpybotSD [http://www.safer-networking.org/en/download/]
(works for all major browsers.inserts bad websites to black list in host file by loopback address.and protects from that type of websites infections)
install-->update database-->goto 'immunize'-->click 'immunize'-->exit-->uninstall spybotSD(optional)
(works for all major browsers.inserts bad websites to black list in host file by loopback address.and protects from that type of websites infections)
install-->update database-->goto 'immunize'-->click 'immunize'-->exit-->uninstall spybotSD(optional)
d.use mozilla firefox + WOT + Noscript + adBlockPlus + Redirect Remover + advanceTOR [http://www.mozilla.com/en-US/firefox/]
(i use this setup for 3years and it works.so i added it for extra protection.protects from censorship,hijacking,adds,rendom popups.)
(i use this setup for 3years and it works.so i added it for extra protection.protects from censorship,hijacking,adds,rendom popups.)
Part -2 Active Protection
a.install comodo internet security (do not install it's antivirus) [http://www.comodo.com/home/internet-security/free-internet-security.php]
b.install avast or any other AV you like [http://www.filehippo.com/software/antimalware/antivirus]
a.install comodo internet security (do not install it's antivirus) [http://www.comodo.com/home/internet-security/free-internet-security.php]
b.install avast or any other AV you like [http://www.filehippo.com/software/antimalware/antivirus]
This are the steps which i prefere over years for solving pc problems.
hope this will help in fighting with malware.
hope this will help in fighting with malware.
No comments:
Post a Comment