Originally Answered: I have a very stubborn Trojan Virus on my computer that my Anti Virus/Spy cannot seem to remove.Help?
This is the best advice money can buy, your gratitude is appreciated(you're welcome).
Follow these steps and it will remove almost all viruses and malware/spyware from your computer. It will also make your computer run faster.
•I know this procedure looks long, but much of this is explanatory text to help less experienced people.
•Please do not cheat by skipping any steps. You are only hurting yourself if you do. And you will waste more time. The goal is to get your PC fixed. Completing the steps in this generic guide may or may not resolve all of your malware problems, but in all cases it gets your PC into a known state to help make it easier for me to fix your problems. After completing all steps, if you still need help, please send a new question. You may have a problem trying to run steps in safe mode on user accounts that have limited priviledges. This will only be on Windows 2K, XP, & 2003 systems. Limited user accounts will not show when you boot into safe mode. You have two options, run the steps in normal boot mode which may not work to remove malware, or you can temporarily change the user account to an admin account and then complete the steps.
•0: Preliminary House Cleaning & Setup
Unistall Malware thru your computers Add?Remove program.
You MUST be sure that MSconfig is not being used to control Startups. Note: That some Window's OSs (like Win 2K) do not have MSconfig!
•MSConfig Startup Mode
Please go to Start > Run > type msconfig and click OK!
Select the General tab and select Normal Startup.
Thenclick Apply and OK and reboot PC before continuing.
Remain in this Normal Startup mode while your PC is being cleaned of malware.
1: Secondary House Cleaning
This second step of house cleaning may save a load of time later .
•Empty any quarantine folders for antivirus and antispyware applications. Make sure you do this. Logs could be huge otherwise. If you are a Symantec/Norton user make sure you empty their Norton Nprotect folder guarding the Recycle Bin. Empty your Recycle Bin
•Download and install CCCleaner
•MAKE SURE you download and avoid getting the Yahoo Toolbar version. I do not want you to install any unnecessary baggage.
•Also it is recommeded to login to all other User Accounts on the PC including the Administrator account which will only show when you boot in safe mode. Run CCleaner on each account. This can greatly reduce scan time and log sizes from the later scanning you will do below.
2: Enable viewing of hidden files, system files and file extensions
Some programs hide themselves by making their files invisible in normal Windows settings. Not doing this would allow file extensions commonly used by trojans and spyware to be hidden, for example a file ending in .exe or dll making manually finding it, if needed, difficult to impossible.
3: Do not use Multiple Antivirus Applications or Software Firewalls
•Antivirus: If you have multiple antivirus applications installed on your PC, please choose the one you prefer and uninstall all others. Do this now before continuing because you will only be asked to do it later if not done now. This does not mean online scanners. It is only referring to full antivirus applications like McAfee, Symantec, AVG, Avast, AntiVir, Kaspersky, etc.
•Firewall: Only use one software firewall. Running multiple software firewalls is unnecessary and using more than one software firewall on the same connection could cause issues with connectivity to the Internet or other unexpected behavior including excessive use of system resources which will slow down overall PC performance.
4: Downloading Tools
Download the following tools and save in your favorite download folder or create one, for example C:\Spyware Tools or C:\Downloads. ( It is not a good idea to download them to any folder within C:\Documents and Settings.) And then install, update, and configure as indicated below. Do not run the scans until later when indicated. Also DO NOT confuse the word download with the actual installation of the program. You should install all programs to their recommended (by the install program). default installation folders. First you download the files and then you install (if the program requires installation) the program. It is also a bad idea to download and save anything you need into any kind of Temp folder. Malware hides in Temp folders and standard cleaning practices will delete everything from Temp folders.
Download GetRunKey.Zip and ShowNew.Zip from the below links and extract all files from both ZIP files into a folder of their own. You can extract both ZIP files into the same folder. Like C:\MGTools While these tools will run from your Desktop, i strongly recommend that you DO NOT extract them to your Desktop. Please install them where recommended. Do not run the scans yet!!!
SpyBot - Search & Destroy
•PLEASE leave all settings at default!!!! Install, do the search for updates now and get any updates, then fix the below problem with Spybot default products. If you get an error message about "bad checksum" when trying to update, just choose a different server location. Also look for the Immunize feature in Spybot and use it. Do not use the Teatimer function. It can be a resource hog and also makes removal of certain problems more difficult. Make sure you leave the SDhelper ( IE bad download blocker) checked to install (this is the default).
•Fixing SpyBot's Ignore Products Bug: Please run SpyBot and get into the Advanced mode by selecting Mode and then Advanced mode. Then select Settings and the in the left column select Ignore Products. In the right window pane make sure the All products tab is selected. Then in that window, right click your mouse and choose "Deselect all". Now exit Spybot. We will run a scan later.
Now if running Windows XP, 2K or NT do the below. If you have Windows 95, 98, or ME skip to Downloads for Older Windows OS below. CounterSpy and AVG Antispyware will no longer run on the older Windows's OS.
•If you had previously used a CounterSpy trial, you may not be able to run it again. If this is the case, then run the below AVG Antispyware Removal procedure and attach the log later.
•Only run the AVG Anti-Spyware procedure if you could not run CounterSpy. You do not need to run both of these.
Note: If you are using an older Windows OS you may not be able to run some of the above tools! So if you are running Windows 95, 98, or ME run SUPERAntiSpyware and save a log from it so you can attach it. This step is not required if you are running Windows XP, 2K or NT) HOWEVER, no matter what OS you are running, if you could not run CounterSpy or AVG Antispyware then run SuperAntiSpyware.
5: Cleaning Malware
Important Note Before continuing with the below scans:
The best method to remove malware is to do it after booting in Safe Mode with no connection to the internet possible and no browsers running. Booting in safe mode is important because best results are achieved since safe mode disables most drivers and running programs. If you cannot boot in safe mode due to the malware problem then run the scans in normal boot mode but make sure you tell us later in any messages you post.
Thus you will need to print or save these instructons locally in a text file so you can refer to them while offline. Do this before continuing!
•Reboot into safe mode
•Physically unplug your cable to the internet (even if you have dial-up, unplug modem)
•Shut down ALL unrequired applications including browsers
•Run Ccleaner with the default options to clean out temporary files. Only use the Default Scan on the Windows Tab and select Run Cleaner. Do not run any other options from other tabs.
•Run Spybot Search & Destroy and allow it to fix all that it finds. Make sure you use the Immunize feature and use the SDHelper function but do not use Teatimer.
•For Windows XP, 2K and NT users
•Run CounterSpy - Make sure you have it Quarantine all detections! Also attach the log from CounterSpy later if you still have problems. To get the log after scanning. Click View -> Spyware Scan -> View Spyware Scan History. Next click on the scan you want to view, then click view full details of scan. Right-click anywhere in the window that just opened, click on Select All, right-click again select Copy. Now open notepad and right-click anywhere in notepad and select Paste. Now Save As CounterSpy.txt. If you could not run CounterSpy for any reason, run the steps in the following link for AVG Antispyware Running AVG Anti-Spyware and allow it to fix all that it finds. Save the log as requested and attach it later if you still have problems and have to post a message requesting support.
•For Windows 95, 98 and ME users
•you should now run SuperAntiSpyware
6A: Online Virus And Trojan Scanning
Please run the below two online scanning tools and make sure you save and attach the logs later to any request for help that you post. From step 5 you should already be in safe mode but you will need to reconnect your cable now and possibly reboot and choose Safe Mode with Networking Support. If you cannot connect in safe mode for any reason (like dial-up users), run the online scanners in normal boot mode. You will need to use Internet Explorer to run these online scans. Also MAKE SURE YOU HAVE THE LATEST SUN JAVA Version installed by checking against the below link which normally has the most current version. This may help prevent some problems in trying to get these online scanners to run. Before installing the current version, you should uninstall all previous versions first!!!!
*** MAKE SURE YOU RUN BITDEFENDER BEFORE PANDA ACTIVE SCAN ***
*** But if Bitdefender cannot be run then run PandaActiveScan anyway ***
Bitdefender agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. Once Bitdefender completes the scan:
Click-on the Detected Problems tab. When the window comes up to save the report, change the Save as type: box to Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click save. This will save a file named bdscan.txt in whatever folder you are currently in when you save the file (take notice of where you are at so you can find it later). This bdcan.txt file will actually contain HTML code that i can easily view later while reviewing your log. All i have to do is rename the file to bdscan.html.
If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to me.
Panda ActiveScan It will only fix certain viruses and trojans. Most items found will not be fixed. When it finishes the scan click on See Report . Then in the next window click Save Report. The default report name is Activescan.txt. Just save it where you can find it so you can attach to your message when you begin a thread with a request for help. If you have any problems trying to get a PandaActiveScan log,If you use Avast antivirus and it gives you and error like below when trying to use Panda, just disable Avast while your run the scan. The error is a false positive. See the below link for more info.
Do the following and see what happens......