Infection Guide

[FSM72]

Credits for the basic outline to kk/Valiant from his old HF Guide. I will be changing it, updating a bit and expanding on it further.

If you think you're infected, don't despair, follow these steps.

1. The most basic, yet crucial step. Run a full, not quick, system scan with your antivirus. Make sure it is up to date.
Suggestions include Kaspersky, Avast, McAfee or NOD32. FYI, I have many thing I have picked up with free online scanners do not pick up on my version of Symantecs Norton thefore I do not recommend it.

2. Download and install either or all of the following:

MalwareBytes Anti Malware (MBAM)
Ad-Aware
Spybot Search and Destroy

Run a full scan and let it remove anything it finds.

3. Download Trend Micros HijackThis (HJT).
Run it. Do a system scan and save log file. When notepad pops up, copy and paste the log here on SF or a qualified and reputable site that does it (IE automated, not another forum - some have been posted). Do not try to fix it yourself unless you have training - most of these processes are perfectly normal and a wrong move can do more harm than good.

If you are still having trouble, a PC professional may be needed.

Sandboxing or Virtualization is also worth looking at.

Once again props to Valiant, a great White Hat.

[nullsession]

I wanted too add a few things too that list if i may.

If its a root kit or any sort of nasty memory virus/Trojan it will block the virus scanners with updates or even installing.

Best thing too do is restart the pc when its starting up press f8 or f7 depends on the machine motherboard ( for safe mode)

when started up you will be greated by the normal login screen just type administrator and password is nothing so leave it blank.
when logged in go too start then run and enter msconfig.

when you arrived at msconfig go too services click hide all Microsoft services and click disable all.
bare with me as were almost done ;)
then go in msconfig and go too start up click disable all or look for strange programs you do not know!
then click apply and it will ask too restart your pc ( witch you will do)
boot up normally this time and then download the scanners ect.

for the rest i like spyware doctor a good one aswel for rootkits and nasty ones ;)

i do want too say good job on referring the HijackThis (HJT) as its very valuable.

regards nullsession

[Skawke]

I don't recommend taking your computer to a computer specialist, unless it is a hardware problem. Then tend to do things I don't like.
HJT is and indispensable tool when it comes to viruses, as it catches all running viruses, and even injected ones. Remember to make sure you know what you're doing, so you don't accidentally remove a critical system process.

The link in my sig explains more.

[DAMINK™]

When i am infected i just do similar to nullsession.
I run msconfig first up and kill as many startup processes as i can.
Then i delete all restore points. Then safe mode and run my scans then.
Deleting anything that i need to then rebooting in normal mode and scanning again to be sure.
That all said at the end of the day i have everything backed up at all times so C can easily be reformatted and a new install without loosing a single thing. For the sake of a few hrs its often easier. Especially if its a good infection.

[nullsession]

I agree damink with you 100% the best thing too do for personal use is just too make a clean slate but for company use its not the viable option most of the time

Also its indeed a very good choice too delete the system restore points but be carefull with backing up data as the virus may still be in there ;)

Regards nullsession