Jump to content


Photo
- - - - -

How to Remove Trojans,Viruses,Malware, etc.


  • This topic is locked This topic is locked
11 replies to this topic

#1 ChibiBaka

ChibiBaka

    Daydreamer

  • Respected Member
  • 2150 posts
  • IGN:N/A


Posted 09 December 2005 - 09:05 PM

If it's your first time here, welcome to Geeks to Go! You must register and be logged in to access the download links provided below.

Posted ImageMalware (Spyware, Adware, Trojans, Viruses) are every increasing in their frequency, and ability to disguise themselves. This forum is a resource for removal of these unwanted pests. Following is a guide that will help you to remove many of the most common problems, and allow us to help you most efficiently. It may look daunting, but shouldn't take long to complete.

Please remember, people are helping you for FREE. Be patient, somebody will help you as soon as they become available. We all have REAL jobs, families, have other interests, and may live half way around the world. Plus, there may be people in front of you waiting for help. Following these steps will lighten our work load, and allow us to help more members.

The reality is that Hijack This logs are getting more complicated, require more time to analyze, and the infections are more difficult to remove -- often requiring a multi-step process. Anything that you can do to help us before posting a log is greatly appreciated. Please acknowledge that you've followed these required steps (or our first reply will likely direct you here).

Preparation

Posted ImageIf your having trouble connecting to the Internet try running the WinSockFix utility to repair your connection:
WinsockXPFix for Windows XP/2000/NT
Winsock2Fix for Windows 98/98SE/ME

Clean temporary files Download CleanUp and install the program.

Running CleanUp

* Start CleanUp
* Click on the CleanUp button. This will take a short while, let it do its thing.
* When asked to reboot system select Yes
* Close CleanUp

Posted ImageIf you have anything disabled by MSConfig or any other startup manager, please re-enable them before running any scans, or posting a Hijack This log.

Step One: Scan for Spyware/Adware
Posted ImageAd-aware SE - Download - Home Page
1) Download and install.
2) Run the Webupdate feature. (Click on the Globe icon, Click connect, Click OK, Click Finish.)
3) Set up the Configurations (Gear wheel at the top) as follows:

* General Button > Safety & Settings: Check (Green) all three.
* Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

4) To start the scan, Click > "Scan Now"

* Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
* Select "Search for low-risk threats"
* Select "Perform full system scan"
* Click Next

5) When the scan has completed, select Next.

* In the Scanning Results window, select the "Scan Summary" tab.
* Check all objects found in the Critical Objects tab that you wish to remove
* Click Next, Click OK.

(credit Corrine)

Posted ImageCWShredder - Download - Homepage
Run the program. Click the Fix button to remove any malicious programs found.

Posted ImageSpybot S&D - Download- Homepage
Install Spybot and the DSO Exploit Fix. Start Spybot and select Update, Search For Updates, check the box next to each update and then select Download Updates. Next, select Search and Destroy, Check for problems and after scanning is complete, Fix selected problems. Finally, select Immunize and then the Immunize button to block common Spyware programs from installing.

No single program removes every threat. A multi-prong approach is best.

Rogue/Suspect Anti-Spyware Products & Web Sites. Unfortunately, many companies have chosen to exploit the spyware problem by releasing questionable software. These programs may be ripoffs of existing free programs, produce false positives to entice you to buy the full version, leave actual Spyware installed, or at the very worst even install Spyware. Use the link above to see if you have installed any of these programs on your system. Uninstall any found.

Step Two: Viruses/Trojans
Even the best antispyware programs are only able to remove about 70% of infections. Also, the line between spyware and trojans is getting blurred. You can never be too careful with these, we recommend at least one online scan.

Posted ImageEwido Security Suite for Windows 2000 and XP only - Download Free Version (14 day trial) - Homepage
Ewido has been very effective at helping remove some of the more difficult infections. After installed, there should be a icon for ewido on your desktop. Double-click to run it.
Update ewido: From the main Ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, but if Ewido finds anything it will pop up a notification, so it needs to be monitored. If notified, select clean and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on Save Report. This will create a text file. Please then paste the contents of the text file, and post it with your HijackThis log.

Posted ImageTrend Housecall - Homepage
Even if you do have antivirus software it can be compromised and corrupted by many forms of malware, so an online scan is a good idea.

Run the free online virus scan (tick the "Auto Clean" checkbox).

Here's another free online scan: Panda Activescan

Posted ImageAVG - Download - Homepage
If you don't have any antivirus software on your system, or if your subscription to definition updates has lapsed, install AVG's very good free version of antivirus. This comprehensive package includes real-time protection, scheduled scans, automatic definition updates, and email scanning. More free antivirus tools here.

NOTE: DO NOT install more than one antivirus program. They will conflict, and provide less protection, not more.

Posted ImageTrojanHunter - Download Free Version (30 day trial) - Homepage
TrojanHunter is the most powerful trojan scanner on the market. Featuring an intuitive user interface and a scanner capable of thoroughly examining your files, system registry, open ports and running processes it gives you all-round protection against trojans.

Step Three: Windows Updates
Posted ImageWindows Update - Homepage - Download SP1a
An unprotected, unpatched Windows XP installation will get infected within minutes of connecting to the Internet. Because of this, we'll require you to do install critical updates before providing assistance in our forums. If not, we're both just wasting our time.

SP2 NOTE: Windows XP Service Pack 2 (SP2) has terrific security features, and we highly recommend everyone install it, however it should not be installed until your system is free from malware. Installing SP2 with malware present can cause many compatibility problems, or even prevent your computer from restarting. If your system has a malware infection, or if you're unsure, use the SP1a download link above.

Step Four: Reboot - Test
The tools above will completely clear malware from the majority of systems. Test your system to see how it's working.

If you're still having problems, continue to the next step. Otherwise, check out this article on how to prevent future Spyware/Hijack attacks.

Step Five: Posting a Hijack This Log
Posted ImageHijack This - Download - Homepage
Automated tools are not always successful at removing malware from your system. Some infections may generate random files names, are too new, or use other tricks to avoid detection.

HijackThis examines certain key areas of the Registry and Hard Drive and lists their contents. These are areas which are used by both legitimate programmers and hijackers. Some items are perfectly fine. You should not remove them. Never remove everything. Doing that could leave you with missing items needed to run legitimate programs and add-ins.

This section is designed to help you produce a log, post the log into the Forum and finally remove the items as directed by the Member helping you. This involves no analysis of the list contents by you. That will be done by the Geeks to Go Staff.

If you have run and fixed anything with Spybot Search and Destroy, Ad-Aware, or any spyware program please reboot before scanning.

Save HijackThis in its own folder (i.e. C:\HJT). DO NOT run it from within a zip manager (Winzip), as no backups will be saved.

Posted Image
This is how HijackThis looks when it first opened.

You do not have to change any settings at this point.
Notice the empty section in the middle. This is where the scan results will be listed later.
Examine the two sets of buttons. To start the scan, Click the Scan button on the left.

Posted Image
HijackThis after the scan.

The Scan Button has a new Caption. Save Log. Click the Save Log button to create a file named Hijackthis.log. A dialog box will pop up. Use it to select the location where you will save the log. Close the program.

Return to the Forum and reply to your original post. Open the Log in Notepad. Highlight the entire contents. Copy and paste the contents of the HijackThis log into your post. Wait for help.

Additional Copy and Paste Instructions
Having problems with cut and paste? Open the text file. Go to the Toolbar of your text editor, Notepad for example and click Edit. Move the mouse down to Select All and click on Select All to highlight the text. Go back to Edit again and move the mouse down to Copy. Click Copy. Go to the Forum and reply to your original post. When the page opens, click on an empty space in the reply window with your mouse to set focus for the paste operation. Finally, hold down the Ctrl button and click the letter v on the keyboard to paste the text into your post.

Mark Items for Removal
Once you have received advice on what should be removed, reopen HijackThis. Scan again. You have changed nothing and this scan result will be the same as the first. Place a check-mark in the box in front of each item you plan to remove. In this example, there are three items marked for removal.

Click the Fix checked button.
A confirmation box will appear. Click Yes. HijackThis will now remove the checked items.

Click Here to Download HijackThis
(NOTE: You must register and be logged in to download files.)

Hijack This Forum Rules:

* Please do not post your logs in someone else's thread. Start a new thread by clicking on New Topic. Do not post your problems into other open logs saying "I have the same issue, here is my log" etc. This gets really confusing for everyone involved. Also, please stay with your original topic when posting follow ups.
* The "Topic Title" should contain the name of the infection that you are having a problem with e.g. WinTools, http://...sp.html etc. Use the "Topic Description" to include more details. This will help you get faster responses as some people are more familiar with certain infections.
* Tell us if you're having any problems, and please be specific. Let us know what you've already done to fix it (if anything).
* If you do not understand a step, do not panic, simply ask for direction and information. We will offer any advice necessary to help you.
* Please only post your topic once. Duplicate posts will be closed, and just create additional work for the staff members trying to help you.

Click Here if not yet registered. Click Here to start a new topic and paste your log.

If you would like to learn more about reading HJT logs and help us by becoming a member of the staff, please click here. If you're already an expert, and would like to help, please PM the admin.

Please acknowledge that you've followed these required steps (or our first reply will likely direct you here). Please be patient, let us know the results, and remember to thank the helper assisting you.

Printable View

Thanks!
--
Geeks to Go admin team

Hopes this helps alot of people
Edit-Woops let me add the hyperlinks

Edited by ChibiBaka, 09 December 2005 - 10:49 PM.




Please support our sponsors and mapletip. Don't block ads if you want mapletip to survive! If you do not want to have ads, simply Subscribe to mapletip today!

#2 WHO AM I?!

WHO AM I?!

    Papulatus

  • MapleTip Contributor
  • 4300 posts
  • Gender:Male
  • Location:4


Posted 15 December 2005 - 06:50 AM

Wow, this is very nice. :D I'm going to try this soon for sure. Thanks, Chibi. ^_^
WHO AM I?!

#3 Jetic

Jetic

    Jr. Necki

  • Members
  • PipPipPipPipPip
  • 166 posts
  • IGN:KaiserJera


Posted 15 December 2005 - 06:58 AM

You are really awesome. Thank to you, i'm able to download a new antivirus program(mine expired a long time ago >.<)

Thank a lots Chibi!

#4 .:: ŴŏōđŜŧŏļčĸ ::.

.:: ŴŏōđŜŧŏļčĸ ::.

    I'm a sucker for mushies

  • Validating
  • 999 posts
  • Location:Secks Island. Lawl.
  • IGN:Xayen


Posted 15 December 2005 - 08:33 AM

Good work ChibiBaka, but my dad feels that online scans are ebil and they're trojans and adwares too. =.= Thanks anyway.
This post has been edited by Mr Miyagi: Today, 12:34 PM


#5 motion

motion

    MapleTip supporter

  • Mapletip Veterans
  • 2266 posts
  • Gender:Male
  • Location:NYC
  • IGN:-None-


Posted 15 December 2005 - 07:59 PM

Hopes this helps alot of people
Edit-Woops let me add the hyperlinks


Meh this looks like an ad for destroying adware and spyware. I remember once that I had adware and an ad popped up talking about HiJack this and thats how it went away lol.

#6 ChibiBaka

ChibiBaka

    Daydreamer

  • Respected Member
  • 2150 posts
  • IGN:N/A


Posted 16 December 2005 - 04:15 PM

Meh this looks like an ad for destroying adware and spyware. I remember once that I had adware and an ad popped up talking about HiJack this and thats how it went away lol.

Hijackthis is a very hard program to use for normal people because they wont know what to delete and may delete something wrong. AND it is not an ad

#7 Sindacco

Sindacco

    Stirge

  • Members
  • PipPipPipPip
  • 135 posts
  • IGN:Mistermonday


Posted 08 February 2006 - 04:01 AM

TY TY *kisses chibibaka's feet*
IPB Image

#8 cairyangei

cairyangei

    Ribbon Pig

  • Members
  • PipPip
  • 23 posts
  • IGN:cairyangei


Posted 15 March 2006 - 09:53 AM

sweet!thanks chibi~nxt tym i del all those idiotic trojans n viruses myself :D *kisses chibi on the cheeck*i already haf a dar XDXDbut he wont jealous coz its a real help =D

#9 iamnoob

iamnoob

    Cargo

  • Official Member
  • 846 posts
  • IGN:0


Posted 29 April 2006 - 01:23 AM

is zonealarm good?
Updating my old signature was annoying

#10 Omega

Omega

    Crimson Balrog

  • Respected Member
  • 1811 posts
  • Location:Secks?
  • IGN:Z3RO


Posted 30 April 2006 - 09:52 PM

Baka, give us an example of how HiJackThis is. Like if we know ______ we should be ok.


If anyone still remembers me, this is Omega. My account has been inactive for a while and it will remain so. This is because, as many veteran members may agree, Mapletip has lost its touch. Obviously, this is not everyone's opinion but just mine and several other people's. Despite this, I hope the remaining members and the new members enjoy the Mapletip community as much as I did. This is my goodbye and I wish you all the best. Btw, happy Chinese New Year :D "Written on Febuary 8, 2007"
"Goodbye Mapletip" - Omega

#11 3_tits

3_tits

    Ribbon Pig

  • Members
  • PipPip
  • 41 posts
  • IGN:XxCuxX


Posted 05 May 2006 - 03:40 PM

spybot and adware is completely useless...
adware is only good because its free.

hijackthis and Ewido Security Suite is pretty good but ewido cost money.

i recomend just buying nod32 and zone alarm and you cant go wrong.
nod32 would clean your viruses and trojans and zone alram would get 100% hackers out, and seriously, hackers are on loads of computers.

well, if you are a person that likes free stuff you should go with ChibiBaka


you can also get a huge number of spyware programs @ www.download.com

including some of ChibiBaka said..ChibiBaka

#12 ChibiBaka

ChibiBaka

    Daydreamer

  • Respected Member
  • 2150 posts
  • IGN:N/A


Posted 05 May 2006 - 04:06 PM

Hijackthis works by detecting running programs and registries and you can choose to delete them but for the people who dont feel like postin their log in a forum they could use this site hjt.iamnotageek.com




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users