gillianbrown
Posts: 141 +0
Hi Kimsland, just a quick couple of points.
In the UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions I believe it's important to tell users to rename HijackThis.exe to Crusty.exe or some other such name. This is because some malware can actually hide from the HijackThis.exe filename.
Also, you may not be aware, but the CastleCops website is no more and therefore the link for instructions to disable real time monitoring programmes no longer works.
Feel free to add these instructions if you wish.
I hope this proves useful.
Sorry for posting this here, but I couldn't send it via a pm due to length restrictions. I also couldn't post in the main thread as it is closed.
In the UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions I believe it's important to tell users to rename HijackThis.exe to Crusty.exe or some other such name. This is because some malware can actually hide from the HijackThis.exe filename.
GillianBrown said:[center]Very Important.[/center]
You need to rename HijackThis.exe to Crusty.exe. This is because some malware can hide from HijackThis.exe. Follow these instructions in order to do so.
Go to the C:\Program Files\Trend Micro\HijackThis\HijackThis.exe file and right click on HijackThis.exe. Choose rename. Click in the title box and hit the enter key to clear what`s there.
Now type Crusty.exe into the title box and hit the enter key. Right click on the Crusty.exe file and choose "Send to desktop Create Shortcut".
You can now close the HJT directory.
Also, you may not be aware, but the CastleCops website is no more and therefore the link for instructions to disable real time monitoring programmes no longer works.
Feel free to add these instructions if you wish.
GillianBrown said:Malware Removal: Temporarily Disable Real Time Monitoring Programs.
The reason we do this is because real time protection programmes can interfere with any fixes we are trying to run.
Instructions on how to disable the real time monitoring of some of the more common antispyware programmes can be found below.
AD-AWARE AD-WATCH
* Right click on the Ad-Watch icon in the system tray.
* At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
o Active: This will turn Ad-Watch On\Off without closing it.
o Automatic: Suspicious activity will be blocked automatically.
* Uncheck both of those boxes.
* (When done, you can re-enable it using the same steps but this time check both boxes.)
AVG ANTI-SPYWARE
* Launch AVG Anti-Spyware.
* From the "Status" menu, select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
* Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
COMODO BO CLEAN
* Right-click the System Tray Icon.
* Select Shut down BO Clean button.
* Restarts on reboot or open from Program Menu.
COUNTERSPY
* Right-click on the running CounterSpy icon in the sytem tray.
* Hover your mouse over "Active protection".
* A menu will slide out and then you need to left click on "Disable Active Protection".
* Disabling CS Active Protection should cause the systray icon to turn orange/red and hovering your mousing over the icon will then state "Active protection is disabled".
(When we are done, re-enable Counterspy by launching the program from Start > Programs, click on the Active Protection. It will either say Active Protection enabled or disabled. On the right side, you can select each of the tasks (scroll down to see all of them) individually, then either enable or disable them on the bottom right, individually. If you have a problem doing that then click on help, choose run setup wizard, click next 2 times, make sure automatic updates is set to yes, click next, make sure enable active protection is set to yes, click next, then click finish, then exit. Then open CounterSpy to make sure that the active protection has been enabled.)
PREVX
* Right click on the Prevx icon in your system tray and choose Show Management Console.
* On the Management Console click the Protection Level drop-down menu.
* You will see three levels:
o Maximum
o Off
o User Defined
* To disable all protection set the level to Off.
* You will receive a prompt asking "You are about to change your security settings. Do you wish to continue?" Click Yes.
* Click the X on the upper right hand corner to exit the Management console.
PROCESS GUARD
* Right-click the blue lock ProcessGuard icon located in the system tray.
* Uncheck 'protection enabled'.
* Click yes.
REG DEFEND
Right click the icon for RegDefend in the systray and select Exit.
SPYBOT TEATIMER
* Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
* On the left hand side, click on Tools, then click on the Resident Icon in the list.
* Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
* Click on the "System Startup" icon in the List
* Uncheck the "TeaTimer" box and "OK" any prompts.
* If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
* Exit Spybot S&D when done.
* (When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]
SPY SWEEPER
* Open Spy Sweeper and click on Options > Program Options and uncheck "load at windows startup".
* On the left click "shields" and then uncheck everything there.
* Uncheck "home page shield".
* Uncheck "automatically restore default without notification".
* Exit the program.
* (When we are done, you can re-enable it using the same steps but this time reverse them.)
SPYWARE DOCTOR
* Click the Spyware Doctor icon in the System Tray.
* Click Settings.
* Click Startup Settings under Pick a Category.
* Uncheck "Run at Windows startup".
* Click Apply and Exit Spyware Doctor.
* From within Spyware Doctor, click the "OnGuard" button on the left side.
* Uncheck "Activate OnGuard".
* (When we are done, you can reenable Spyware Doctor)
SPYWARE GUARD
* Right click the running icon of Spywareguard in the system tray to open the program.
* Then go to Menu, File, and choose Exit.
TROJAN HUNTER
* Go to TrojanHunter Guard in the the system tray. It is a light blue icon with a magnifying glass and red handle.
* Right click on it and select settings.
* Uncheck "Load at startup" and "Enabled". Make sure that the program, TrojanHunter itself, is also closed/not running.
WINDOWS DEFENDER
* Click Start > Programs > Windows Defender or launch from the system tray icon.
* Click on Tools & Settings > Options.
* Under Real-time protection options, uncheck the "Real-time protection" check box.
* Click Save.
* Go to Start > Control Panel > Security > Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save.
* (When we are done, you can re-enable Defender using the same steps but this time place a check next to "Turn on real-time protection" check box.)
WINDOWS ONECARE
* To Disable Antivirus: Open the Windows OneCare user interface.
* Click View or Change Settings > Antivirus Tab.
* Click the radio button to turn the anti-virus off.
* To Disable Firewall: Open the Windows OneCare user interface.
* Click View or Change Settings > Firewall Tab.
* Drag down the slider to turn the firewall off.
WINPATROL
Right-click the running icon of Winpatrol in the sytem tray and choose exit.
Once we are finished with the cleaning process you are advised to turn the protection back on
I hope this proves useful.
Sorry for posting this here, but I couldn't send it via a pm due to length restrictions. I also couldn't post in the main thread as it is closed.
