Run
this program. Then report back.
The easiest, no fuss, no muss way to clean ANY computer is this:
Download
Combofix. Rename the executable to random characters such as 5235cf.exe.
Download install and update
Malwarebytes. Rename the setup executable to MB.exe
Download, install and update
AVG8.
Run Combofix, then a full system scan with Malwarebytes. AVG will pick up the stragglers as MBAM does it's thing. If it fails in normal mode, reboot into Safe Mode (Press F8 after the BIOS screen) and do it there.
In the Combofix log, it gives you the recently created programs. Go to tools > options in My Computer. On the view tab, check "show hidden files and folders", uncheck "hide extensions for known file types" and "Hide system files". Click ok on the warning, then click ok in the options window.
Look for the entries Combofix shows you (I find the easiest way is to go to C:, C:\Windows and C:\Windows\System32, right click and "arrange by > modified")
Google any that you're not sure of. Usually it's the .dll files with random characters for file names, but not always. If they refuse to go, download
Killbox and use it to get rid of them. This WILL fail if they're being called by the winlogon entry in the Registry. If that happens, make a note of the file name, then manually delete it in the Recovery Console.
Run
HijackThis to pick up any stragglers and old entries.
Of course, at the end, use
CCleaner to delete temp files, useless registry entries (make a backup of the registry first before you clean it...It will ask you).. and voila.. No 30 page threads and 3 weeks to clean up infections.
We do cleanups at least a half a dozen times a day.. Formatting is not an option. This strategy has been tried and tested on hundreds of machines. On very, very rare occasion you may have to do a repair install at the end. Also be aware that ANY cleanup on a defective hard drive (a drive with MFT errors, etc, on it) may result in you having to do a CHKDSK C: /R at the Recovery Console to repair the drive. It's rare, but it does happen.
There are other decent programs, like
Superantispyware.. But it's a tad redundant. Still decent. There are also useless ones like Spybot and Adaware that are just a waste of time.
Final note: Bear in mind that there are the RARE exception when you have to use more advanced tools.
Some issues I've seen:
- Deleting the HOSTS file (C:\Windows\System32\Drivers\etc) to remove entries looped back to the local host (a favorite trick of some malware is to loop back known antivirus and microsoft sites, resulting in a "page cannot be displayed" error)
- Resetting Winsock and the TCP/IP stack with
WinsockXP Fix
- Removing rogue LSPs (Layered Service Provider) with
LSP Fix
- Going into the Recovery Console to delete baddies attached to the Winlogon registry entry. They're a real pain in the tush.
- Using a
Hook Analyzer to look for hidden baddies hooking onto legitimate system processes.
- Deleting the upper and lowerfilters for the optical drives in the Registry so they reappear again on reboot.
- Removing the hard drive and scanning it remotely before we could work on it.
- Removing the hard drive and replacing the registry with an archived copy from the System Volume Information folder before we could work on it. You can do it from the Recovery Console, followed by Safe Mode, as well... Detailed instructions exist out there.
And.. of course.. Hand grenades.
