Spyware/Adware/Virus/Trojan/Rootkit/Keylogger Removal Guide

[Matthew]

I think one of the first steps you should do is download SuperAntiSpyware Portable and run it as it ALONE solves most of the problems I've ever encountered, then Malware antibytes. PM me if you can' get to the official site and I'll mirror it.

http://www.superantispyware.com/portablescanner.html

 

[DeltaBurnt]

This is somewhat of a bump, but whatever this thread is stickied.

There are ways to re-enable your command prompt/registry/task manager if they get disabled by a virus by just running a command through your "run" console.

 

[Trulen]

Great stuff! Thanks. Will come in great handiness when I fix up folk's computers that Microsoft Security Essentials can't handle.

 

[ComplicatioN]

Quick question, do these steps remove Keyloggers?

 

[Rydian]

A "keylogger" is not any separate classification of infection, an infection can be called a keylogger if it logs key strokes.

It's like if viruses are school kids, and key loggers are school kids that play football.

So yes.

 

[ComplicatioN]

Alright thanks, managed to revive my screwed up comp thanks to this guide

Thumbs Up

 

[Minox]

Ah, my faith in Malwarebytes' Anti-Malware has been strengthened even more. My friend had a horrible virus on her computer, where she couldn't access any websites at all. It disguised itself as "Vista Antispyware 2010" or some bullshit, which to her (since she's a total retard on the computer) looked legit. I knew it was a virus right away, because she said it appeared out of thin air, and said she didn't install it. I had to send her MBAM through MSN, and one 3-hour scan later her computer was completely repaired. MBAM 23439408789239, virus 0.

I got a similar infection myself through a java exploit. It wasn't Vista Antispyware 2010, but it was something along those lines. However scanning my hard drives for this infection took far too long and didn't yield much of a result so I ended up having to remove it manually. Luckily I had shut down my computer instantly when I noticed that fraud anti-spyware/virus application and rebooted into safe mode so it didn't have much time to mess around with things. Another good thing was that the infection was rather stupidly made and only one instance of it existed. Once I had removed that and a couple of registry changes it had made I was pretty much done. Although I still ran another scan to make sure of it being removed properly.

So what did I learn from all this? Well first of all I learnt that I should have noscript running all the time to avoid nasty java/flash exploits. I also learnt that once you know what you're dealing with it's sometimes much easier to just remove it manually. That is unless the infection does major changes to your computer.

 

[MaK11-12]

OR you could just use UBCD which has loads of Computer repair stuff.
Great guide though. BUT i haven't got an anti-virus, and still no virus in sight. You have to be smart when browsing the net otherwise there isn't any need for anti-virus.
OR you could just use linux ((K)ubuntu/Puppy/Slitax/Slax/ect)

 

[Rydian]

Great guide though. BUT i haven't got an anti-virus, and still no virus in sight.A - I've never been to the doctor! I don't need to, no doctor has ever told me I'm sick!
B - I never bothered getting checked for STDs, because I'm sure I don't have any!
C - Well I don't see anybody wearing a black suit and shades, so there's no FBI agents here!

You have to be smart when browsing the net otherwise there isn't any need for anti-virus.CNET: Malware delivered by Yahoo, Fox, Google ads

Viruses and other malware were found to be lurking in ads last year on high-profile sites like The New York Times and conservative news aggregator Drudge Report.com, and this year on Drudge, TechCrunch and WhitePages.com. The practice has been dubbed "malvertising."

QUOTE(MaK11-12 @ Jul 18 2010, 11:09 AM)

OR you could just use linux ((K)ubuntu/Puppy/Slitax/Slax/ect)

Unless they need to use some windows-only programs as a requirement of their work/school.


If this guide was not needed it would not exist and would not be stickied.

 

[Scott-105]

My computer is brand new and has yet to get any viruses, but I'll be sure to bookmark this just in case something happens

 

[Rydian]

I suggest following the "future prevention" section anyways.

 

[Ace]

I'm trying to follow this guide for my cousin with the Super Removal. She's only here for visit and doesn't have her Vista recovery discs, so I'd be delighted to know what to do if Super Removal method fails? I'm well-oriented with these methods already, I just need to know what comes if Super Removal will not have an effect.

 

[Rydian]

Make a new user account and run rkill, then disable the proxy in the windows control panel and change your DNS settings to auomatic. Install an antispyware program fresh and scan with it, then run hijackthis and let hijackthis.de analyze your log, pick out whatever in there it marks as bad and anything else you find suspicious (like shit with a random name running from application data or a temp directory, keep a specific eye out for those) and fix it, then do a full antivirus scan.

If critical windows files have become infected you're kinda' fucked (and when this is fixed you need to turn UAC on and leave it on), you'll need to borrow somebody else's disc (with vista the version doesn't matter as long as it's the right bit-depth) and do an in-place "upgrade" (which is like XP's repair install), which will reinstall windows overtop of itself, leaving all your personal files, but some/all programs need to be reinstalled and windows update needs to be run again.

 

[Ace]

*How I should fix the system*

Thank you. I somewhat foresaw I'd need a Vista CD. I have one available from my mother's company (old Company-versions of Windows, most likely with VLK keys... Distribute or not?

), so I won't need to change my Windows Activation key, right?

I should mention that the virus she has (most likely Vundo, although it also gives thousands of error messages of a fake svchost process called "svchosty.exe") has crippled her system to a BSOD the instant Windows has finished booting, and Safe Mode is compromised as well. This is why I am now attempting the Super Removal. Upon questioning her on details (She isn't good with anti-virus programs), she came to the conclusion that the system has had the virus for a few weeks, to a few months. This was alerting, of course. I don't think I've heard of anyone using a crippled system for THAT long.

 

[Rydian]

The discs that tend to come with computers are usually modified copies and don't have any of the extra options (such as upgrading or even the recovery console sometimes) and are just made to image the drive, so be careful.

If it's been there for ages then the livecd should be able to remove it.

 

[Ace]

I really must thank you for this guide! It helped my cousin remove her Vundo + about 30 other viruses from her computer. For me, I just got another one of those "Fake AntiSpyware Crapware Beta 2.33.1235 2011 Christmas Rudolph's Limited Special Edition" from an XSS'd website. NOD32 and Malwarebytes' Anti-Malware got them away in a few hours

 

[Ubuntuの刀]

Dude, you are a genius. I had to reset my computer at least 4 times since I had no way on how to remove a virus(w/o installing programs to slow my computer down)

 

[Ubuntuの刀]

Hey, I click the link for super removal and it pops up with unable to go to the site. so i found another site with a bunch of Antivirus Live cd downloads

Antivirus Live CD

Rydian, add this in your Super Removal links

 

[Rydian]

Avira.com works for me. If it's not working for you it's likely something is wrong with your DNS, check the "removing redirects" section.

 

[aimansss95]

Help!!
I can't open those four flavors thing cause this 'security tool' doesn't allow me to
HELP PLS

EDIT = And any of the programs that is said that can delete this virus