Getting Rid Of Malware, Step 1*
What do you do when your PC is displaying all the signs of having been infected, but your antivirus and anti-spyware scan reports come back clean?
This was the case for a fella who called me for advice recently. He had done things ‘right’ — and by that I mean he has a firewall, he keeps his antivirus definitions up to date, 
and he runs a couple of anti-spyware applications — but suspected his machine had been hacked anyway.
He couldn’t do things he was used to doing (like deleting a file) and his machine was “really slow.”
But according to his scanners, his machine is in perfect shape.
Tip of the day: If you should find yourself in a similar situation there are several steps you can take to help resolve your questions and (hopefully) fix your machine without taking the drastic step of wiping your hard drive, formatting, and reinstalling Windows.
The first step is to use a scanner that isn’t installed on your machine. Here’s two ways to do that: one, if your antivirus allows it (and most of them do these days), follow its instructions and make an antivirus recovery disk. This is a bootable disk that scans your system before Windows loads.
To use one, put it in your CD tray and restart your machine. A plain-text sentence will appear telling you to “press any key to boot from CD…” (if you don’t see this, click here.) When you see it, hit your spacebar or, well, any other key, and then follow the instructions. When it’s finished, remove the CD and restart your machine again.
[note: you may also use a properly prepared USB thumb drive. Click here to read my article on how to do that.]
A second method is to use an online scanner. I have a list, with links, of several good online scans on my Website, here. Quite a few of the online scanning tools will try to sell you their full application, but you’re under no obligation to buy. The big advantage to these two methods lies in the fact that they have not been compromised, or altered, and the files and scanners on your machine may be– the modification being done by the virus or hacker.
Another thing to do is scroll down to my “Today’s free link” and download HiJack This! Run it and dump the result into a .txt file (there’s instructions for this) and then register on one of the HiJack This! forums (there’s instructions for this too) and post your results there. Before too long, an expert anti-malwareologist [don’t bother looking: I just now made that word up] will have looked over the intricacies, and will post his analysis and instructions. These guys (and gals) are really, really good at what they do, and you can trust their answers.
Also run CheckDisk with the “r” “f” switches (this probably will require a reboot) to make sure the problem is not your hard drive.
Click on Start >Programs >Accessories >Command prompt. In the white-on-black window type “chkdsk /r /f” (no quotes, and be sure to include the spaces). You may be told that certain files are in use, and asked if you want to “schedule this at the next reboot Y/N?” Type in a “y” and restart your machine.
Hopefully these efforts will be rewarded with a rejuvenation of your machine, and you will be back in business again. If not, you have my sympathy. You may have a rootkit and then your best solution is to re-format your hard drive and reinstall everything, or enlist the aid of a professional
Today’s free link: HijackThis™ is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs. HijackThis does not clean infections, but creates a report, or log file, with the results of the scan. A large community of users participates in online forums, where experts help interpret the scan results to clean up infected computers.
Copyright © 2007-8 Tech Paul. All rights reserved.
post to jaanix
| Share this post : |  |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
7 Comments »
Post your Comment/Question
• About Tech Paul
I am a Retired computer & network technician. I used to think the machines were pretty cool. Now I don’t.
They’re anything but.
I regularly posted how-to’s and tricks & tips and general computing advice here starting in 2007. (Use the Search tool to find answers. But be aware, many are rather dated.) Sometimes I answered (your) specific questions in an article if I believed the answer was generally helpful to “everyone”. All the writing you see was my own, typos and all. There always is/was an implied “IMHO” in what you see here.
Note: You are responsible for using this blog and its content. I am in no way liable for any losses caused by user error, viruses and/or other malware, hardware or software failure, or any other conceivable reason.
-
Say "thank you!" Buy Tech Paul a cup of coffee (and keep T4E ad free).
-
-
McAfee® Cybersafety Resource Portal, an online help center designed to assist victims of computer crime and provide information on how to avoid becoming a victim.
-
Subscribe to Tech--for Everyone by EmailRecent Comments
-
-
-
-
Also:
-
-
Tech - for Everyone 
Microsoft offers a rootkit scanning utility called Rootkit Revealer that might be able to help. Still in my opinion you need to nuke your hard drive if there is any hint of a virus or spyware infection. Being able to sanitize a compromised computer may be a source of pride for some people, but if there is the slightest chance that you missed stuff and there is a keylogger on your system tracking your banking information, you had better play it safe.
LikeLike
[…] Go to the author’s original blog: Getting Rid Of Malware, Step 1* […]
LikeLike
Pingback by Getting Rid Of Malware, Step 1* | October 7, 2008 |
jgoto–
Rootkit Revealer (now owned by Microsoft) is one tool for combating this form of malware, and should be used in conjunction with other anti-rootkit tools, such as AVG’s..and by advanced users who can identify the proper anomalies it might reveal.
But I absolutely concur.
Trouble is, people never make backups (one customer of mine had proper backups. One!) and so their tax records, family photos, etc. are on that hard-drive and “nuking it” is as tragic as a house fire.
LikeLike
Great Post! HiJackThis is a great tech utility… With so many people getting nailed with these “rogue” imposter antivirus/anti-spyware packages, also recommend the site “Spyware Techie” http://www.spyware-techie.com/ as a research point. Backups definitely is a necessity and jgoto is absolutely right, people never make backups OR from what I found, don’t know how.
LikeLike
Rick–
Thanks for the tip.
For those who “just don’t know how” to make a backup:
LikeLike
Clean out those bugs and viruses.
I was having trouble with my new computer running slow after I had only had it for a few months. I was upset thinking it was something wrong with my computer until I realized that I needed a good scan to clean out those bugs and viruses that was the real problem. When I started using Search-and-destroy Antispyware it took care of this problem and now my PC is running like new again. The antispyware solution from Search-and-destroy has made a big difference for me and I’m sure you’ll be happy with it too.
LikeLike
Folks–
Julia is referring to Spybot Search & Destroy (http://www.safer-networking.org/en/download/) which at one time was considered one of the best free tools.
I would much rather you have this than nothing on your machine, but be aware that there are more effective choices now… my top pick in the free category remains Spyware Doctor (http://pack.google.com).
LikeLike