Self instructions – how to remove malware


Whats your should to have:
1. anti spyware programs
2. hijackthis items and/or registry items for removing
3. files / folders for removing

Your steps:

1. Uninstall programs
Go to Start > Control Panel > Add or Remove Programs and remove the PROGRAM_NAME, if found.

2. Reboot your computer in Safe Mode.
3. Fix hijackthis items.

Start HijackThis. Click “Do a system scan only.” and put a checkmark next to the ITEMS. Click ‘Fix checked’.

4. Reboot your PC in the normal mode.
5. Fix registry items.

Open notepad and copy/paste the text in the quotebox below into it:

REGEDIT4

REMOVE THIS LINE AND INCLUDE REGISTRY ITEMS

Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.).
Double-click on the fix.reg. When it asks if you would like to merge the information, press the Yes button and then the OK button when it is done.

6. Remove malware service.

Open notepad and then copy and paste the lines below into it.

@echo off
sc stop SERVICE_NAME
sc delete SERVICE_NAME

Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
Double-click on fixes.bat file to execute it.

7a. Remove folders.

Run Avenger.
Check the ‘Input script manually’ option. Click the Magnifying Glass icon. In the box that opens, copy,then paste the following text:

Folders to delete:
FOLDERS FOR REMOVING, ONE FOLDER IN ONE LINE

Then click on ‘Done’.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

7b. Remove files.

Run Avenger.
Check the ‘Input script manually’ option. Click the Magnifying Glass icon. In the box that opens, copy,then paste the following text:

Files to delete:

FILES FOR REMOVING, ONE FILE IN ONE LINE

Then click on ‘Done’.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

8a. Run combofix

Close any open browsers. Double click on combofix.exe and follow the prompts.

8b. Run SmitfraudFix

Open the SmitfraudFix folder and double-click smitfraudfix.cmd. Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).

You will be prompted : “Registry cleaning – Do you want to clean the registry ?“; answer “Yes” by typing Y and press “Enter” in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer “Yes” by typing Y and press “Enter”.
The tool may need to restart your computer to finish the cleaning process; if it doesn’t, please restart it into Normal Windows.

8c. Run SuperAntiSpyware

On the main screen click on ‘Scan your computer’. Check: ‘Perform Complete Scan’. Click ‘Next’ to start the scan.

Superantispyware will now scan your computer,when it’s finished it will list all/any infections found. Make sure everything found has a checkmark next to it,then press ‘Next’. Click on ‘Finish’ when you’ve done.

8d. SDFix

Open the SDFix folder and double-click RunThis.bat.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

9. Run ccleaner

Click Analyze button. After scan your system, click Run Cleaner.

10. Reset system restore
Disable system restore to flush out infected restore points. Reboot your computer again. Turn on Windows System Restore. After that click START > ALL PROGRAMS > ACCESSORIES > SYSTEM TOOLS > SYSTEM RESTORE. click on “create new restore point” > click on NEXT and follow the prompts.

Comments are closed.