Cleaning An Infected Windows PC

Schedule a Skype Meeting with Eli: https://silicondiscourse.com

Info

Level: Beginner
Presenter: Eli the Computer Guy
Date Created: January 14, 2012
Length of Class: 73 Minutes
Tracks

Computer Repair
Prerequisites

None
Purpose of Class

This class teaches the procedures and thought process behind trying to clean a Windows PC that has been infected with viruses.
Chapters

Introduction (00:00)
First Steps (00:00)
Uninstalling Crapware (00:00)
Installing Security Software (00:00)
Install ALL Updates (00:00)
Run Scans (00:00)
Final Thoughts (00:00)


Class Notes

Introduction
Generally is a PC has a virus you should just do a Wipe and Reload
Create a checklist for the procedures you will use to clean the PC
Know when you will decide the computer is not repairable
You can run the computer in Safe Mode is regular mode is not responsive. You access Safe Mode by pressing F8 while the PC boots, and then selecting "Safe Mode" option.
MSCONFIG tool can be used to keep software from booting when the computer boots. To use MSCONFIG go to Start - Run - and then type MSCONFIG
First Steps
Try to do a System Restore to an earlier time before the computer had the virus with Windows built in System Restore Utility
Use OpenDNS on your router to try to prevent the infected computer from "phoning home"
Change the password on the system to prevent scripts from being able to easily modify configurations
Reset Internet Explorer Settings to default to ensure that Internet Explorer will not block your attempts to download updates and software.
Uninstall Crapware
Uninstall ALL Toolbars and anything that you do not recognize
Uninstall ALL Security, and "Tune Up" Software. This software can cause problems o the system.
Use "Removal" tools to remove Norton or other Anti-Virus software if it does not uninstall correctly.
Uninstallers for toolbars and "crapware" can many times be found within the folder that the software is installed in. Under C:\Program Folders.
If crapware will not uninstall boot PC into Safe Mode, and then Rename the Folder that the Software is installed in. This will effectively brake the software.
Tune Up Computer
Use "Tune Up" software such as CCleaner to perform a basic Tune Up of the PC
Delete ALL Temp files
Defragment the Registry
Disable Unnecessary Start Up Items
Install Security Software
Anti Virus Software is like condoms. One is good, but more then one is horrible. (Anti Virus software will attack each other)
Minimize the number of "Tune Up" of Anti Malware pieces of software you use. These can actually cause problems unto themselves.
Computer Security companies generally do a very good job creating one product, but then package that good product with other inferior ones into an "Internet Security Suite". I recommend you use different software from different manufacturers.
Eli prefers Microsoft Security Essentials for Anti Virus, Spybot Search and Destroy for Anti Spyware, and Windows Firewall for Firewall.
Immunize system immediately with Anti Malware software, but do not run scans yet.
Disable "Registry Guards" such as Spybot's TeaTimer. these guards will ask you whether or not the computer should make a change to the Registry, and if you make the wrong choice you can create problems.
Install ALL Updates
Many times Updates themselves will fix problems with the PC, and disable Viruses and Malware
Install ALL Windows and Office Updates
Install Latest Adobe Reader and Flash
Install Latest Java
Install Updates to any other pieces of software on the PC (Quickbooks, iTunes, Quicktime, Word Perfect)
Run Scans
Run FULL Anti Virus Scan
Run Anti Malware Scan
You can run multiple scans at the same time
If this does not fix the PC try Malwarebytes and Combofix (Only download Combofix from BleepingComputer.com, everywhere else is a piece of spyware)
If computer still is infected then you must simply start trying to figure out how to remove the virus manually.
Final Thoughts
If you cannot remove the virus, but you can also not Wipe and Reload the system then you simply lock down the system as much as possible and use it as little as possible. Take a backup of the system, restrict user accounts to have as few rights as possible, etc.
Resources

Norton Removal Tool
CCleaner
Microsoft Security Essentials
Combofix
Malwarebytes

Show more