Cleaning an Infected Windows PC
- Level: Beginner
- Presenter: Eli the Computer Guy
- Date Created: January 14, 2012
- Length of Class: 73 Minutes
Purpose of Class
- This class teaches the procedures and thought process behind trying to clean a Windows PC that has been infected with viruses.
- Introduction (00:00)
- First Steps (00:00)
- Uninstalling Crapware (00:00)
- Installing Security Software (00:00)
- Install ALL Updates (00:00)
- Run Scans (00:00)
- Final Thoughts (00:00)
- Generally is a PC has a virus you should just do a Wipe and Reload
- Create a checklist for the procedures you will use to clean the PC
- Know when you will decide the computer is not repairable
- You can run the computer in Safe Mode is regular mode is not responsive. You access Safe Mode by pressing F8 while the PC boots, and then selecting “Safe Mode” option.
- MSCONFIG tool can be used to keep software from booting when the computer boots. To use MSCONFIG go to Start -> Run -> and then type MSCONFIG
- First Steps
- Try to do a System Restore to an earlier time before the computer had the virus with Windows built in System Restore Utility
- Use OpenDNS on your router to try to prevent the infected computer from “phoning home”
- Change the password on the system to prevent scripts from being able to easily modify configurations
- Reset Internet Explorer Settings to default to ensure that Internet Explorer will not block your attempts to download updates and software.
- Uninstall Crapware
- Uninstall ALL Toolbars and anything that you do not recognize
- Uninstall ALL Security, and “Tune Up” Software. This software can cause problems o the system.
- Use “Removal” tools to remove Norton or other Anti-Virus software if it does not uninstall correctly.
- Uninstallers for toolbars and “crapware” can many times be found within the folder that the software is installed in. Under C:\Program Folders.
- If crapware will not uninstall boot PC into Safe Mode, and then Rename the Folder that the Software is installed in. This will effectively brake the software.
- Tune Up Computer
- Use “Tune Up” software such as CCleaner to perform a basic Tune Up of the PC
- Delete ALL Temp files
- Defragment the Registry
- Disable Unnecessary Start Up Items
- Install Security Software
- Anti Virus Software is like condoms. One is good, but more then one is horrible. (Anti Virus software will attack each other)
- Minimize the number of “Tune Up” of Anti Malware pieces of software you use. These can actually cause problems unto themselves.
- Computer Security companies generally do a very good job creating one product, but then package that good product with other inferior ones into an “Internet Security Suite”. I recommend you use different software from different manufacturers.
- Eli prefers Microsoft Security Essentials for Anti Virus, Spybot Search and Destroy for Anti Spyware, and Windows Firewall for Firewall.
- Immunize system immediately with Anti Malware software, but do not run scans yet.
- Disable “Registry Guards” such as Spybot’s TeaTimer. these guards will ask you whether or not the computer should make a change to the Registry, and if you make the wrong choice you can create problems.
- Install ALL Updates
- Many times Updates themselves will fix problems with the PC, and disable Viruses and Malware
- Install ALL Windows and Office Updates
- Install Latest Adobe Reader and Flash
- Install Latest Java
- Install Updates to any other pieces of software on the PC (Quickbooks, iTunes, Quicktime, Word Perfect)
- Run Scans
- Run FULL Anti Virus Scan
- Run Anti Malware Scan
- You can run multiple scans at the same time
- If this does not fix the PC try Malwarebytes and Combofix (Only download Combofix from BleepingComputer.com, everywhere else is a piece of spyware)
- If computer still is infected then you must simply start trying to figure out how to remove the virus manually.
- Final Thoughts
- If you cannot remove the virus, but you can also not Wipe and Reload the system then you simply lock down the system as much as possible and use it as little as possible. Take a backup of the system, restrict user accounts to have as few rights as possible, etc.