I thought I would share these pearls from the Microsoft website. BTW - I attempted system restore before using my method. The malware tricks the registry into to thinking that evil piece that was added had always been there. Restore works on some things - NOT everything.
Hi,
Using System Restore when there is malware present may result in the Restore Points being
infected as well. So its usually best to remove the malware before using System Restore if
at all possible. There are some malware infections that it is ok to use System Restore to
remove however unless one is very sure it is best not to do so.
If you need to check for malware here are my recommendations - these will allow you to do
a thorough check and removal without ending up with a load of spyware programs running
resident which can cause as many issues as the malware and maybe harder to detect as the
cause.
No one program can be relied upon to detect and remove all malware. Added that often easy
to detect malware is often accompanied by a much harder to detect and remove payload. So
its better to be overly thorough now than to pay the high price later. Check with these to an
extreme overkill point and then run the cleanup only when you are very sure the system is clean.
These can be done in Safe Mode - repeatedly tap F8 as you boot however you should also run
them in regular Windows when you can.
TDSSKiller.exe. - Download to the Desktop - then go to it and Right Click on it - RUN AS ADMIN
it will show any infections in the report after running - if it will not run change the name from
tdsskiller.exe to tdsskiller.com. Whether it finds anything or not does not mean you should not
check with the other methods below.
http://support.kaspersky.com/viruses/solutions?qid=208280684
Download malwarebytes and scan with it, run MRT, and add Prevx to be sure it is gone.
(If Rootkits run UnHackMe)
Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
Malwarebytes - free
http://www.malwarebytes.org/
Run the Microsoft Malicious Removal Tool
Start - type in Search box -> MRT find at top of list - Right Click on it - RUN AS ADMIN.
You should be getting this tool and its updates via Windows Updates - if needed you can
download it here.
Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
(Then run MRT as above.)
Microsoft Malicious Removal Tool - 32 bit
http://www.microsoft.com/downloads/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
Microsoft Malicious Removal Tool - 64 bit
http://www.microsoft.com/downloads/details.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en
also install Prevx to be sure it is all gone.
Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
Prevx - Home - Free - small, fast, exceptional CLOUD protection, works with other
security programs. This is a scanner only, VERY EFFECTIVE, if it finds something come back
here or use Google to see how to remove.
http://www.prevx.com/ <-- information
http://info.prevx.com/downloadcsi.asp <-- download
PCmag - Prevx - Editor's Choice
http://www.pcmag.com/article2/0,2817,2346862,00.asp
Try the trial version of Hitman Pro :
Hitman Pro is a second opinion scanner, designed to rescue your computer from malware
(viruses, trojans, rootkits, etc.) that have infected your computer despite all the security
measures you have taken (such as anti virus software, firewalls, etc.).
http://www.surfright.nl/en/hitmanpro
--------------------------------------------------------
If needed here are some online free scanners to help
http://www.eset.com/onlinescan/
New Vista and Windows 7 version
http://onecare.live.com/site/en-us/center/whatsnew.htm
Original version
http://onecare.live.com/site/en-us/default.htm
http://www.kaspersky.com/virusscanner
Other Free online scans
http://www.google.com/search?hl=en&source=hp&q=antiv irus+free+online+scan&aq=f&oq= &aqi=g1
--------------------------------------------------------
Also do these to cleanup general corruption and repair/replace damaged/missing
system files.
Run DiskCleanup - Start - All Programs - Accessories - System Tools - Disk Cleanup
Start - type this in Search Box -> COMMAND find at top and RIGHT CLICK -
RUN AS ADMIN
Enter this at the prompt - sfc /scannow
How to analyze the log file entries that the Microsoft Windows Resource Checker
(SFC.exe) program generates in Windows Vista cbs.log
http://support.microsoft.com/kb/928228
Run checkdisk - schedule it to run at next start and then Apply OK your way out then restart.
How to Run Check Disk at Startup in Vista
http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html
Also from the MS site for you restore fanatics:
System Restore almost always
cannot remove a virus/malware and in most cases, will make things worse by masking the effects of the virus for a short time while it continues to do damage to a system. Use System Restore after using both a good antivirus (a couple of good free ones are out there such as Microsoft Security Essentials, Avast and AVG) AND a good antimalware/antispyware program (Malwarebytes and Superantispyware are good free examples) if your system still has difficulties. If after antimalware programs and System Restore have been used and the system is still unstable, a reload of the operating system is probably required, which is generally beyond the scope of most home users.
Spirit13 - Linux, removing drive could work, but well beyond most users abilities. Again I would contend, many users on this board wouldn't be comfortable allowing others to work on their computer.