A Guide To Removal of Unwanted Computer Parasites



It has been noticed that many folks are not taking normal sensible precautions to protect themselves from malicous adware or viruses etc that can occur when you use the internet or p2p programs and this help guide will hopefully give you the tools and knowledge to keep your machine safe.



I have broken the article down into 3 simple sections, feel free to jump to Removal if you have an existing virus/problem running loose.

1) Prevention
2) Detection
3) Removal
4) Useful System Tools
 


Prevention

Its common sense that you dont leave your doors open for a burglar, so make sure your machine has its locks in place too, specifically a background running antivirus solution, and a firewall.

There are a few free firewalls that can supplement the Windows Xp one and in fact many people choose third party firewalls and turn the Windows one off completely and this is fine, the point being to have at least 1 running firewall as this is often the first notification to you that a trojan is trying to "phone home" or spread itself.

Sygate Personal Firewall  
Kerio Personal Firewall
OutPost Free Firewall

Anti-Virus software is the most important aspect of your protection and must be kept up to date so that it can recognise new threats as they appear, most programs allow for automatic updates and I strongly urge you to make use of that function and leave it to do its work.
You can get free versions of software from here:

AVG Free Antivirus
Avast Free Antivirus
AntiVir
Stinger - Stand alone antivirus scan from Mcafee.


Detection

If a virus has slipped through the net or otherwise been allowed through by accident you will need to follow a few steps to remove it and those will depend on what is happening, sometimes you can run the antivirus and sometimes the machine is locked up and dying slowly, in the latter case I suggest running the machine in safe mode to locate and remove the offending program.

Starting In Safe Mode

Its often a good idea to run an online scan too, as these are nearly always "up to the minute" and can help to identify the latest versions of virus and some that certain programs do not detect.

BitDefender Online Virus Scan
Panda Online Virus Scan

WARNING: Recently Trend Micro has been deleting vital files for many P2P programs to work, including WinMX.  Please DO NOT USE IT.  If you do accidently run this scan and it deletes or disables your WinMX, reinstalling should fix this.

NOTE: When you run these scans, most will let you view the full path of dangerous files it finds.  Its a good idea to write these down or copy them to a notepad document incase you need that information to manually remove them later.  Running process can not be deleted while in use.
Also, there is much to be learned on ways to remove cetain threats by doing a simple google search for the file name.  More then likely your not the first one to have the problem and help is available to get rid of these.

Another form of program that borders on being a virus but does not cause as much damage is spy or adware, this can be equally annoying and cause many problems, its a sensible idea to install a few reputable programs that will scan your machine for this sort of program and remove it.  Keep in mind that Adaware scans for different things then Spyware programs so we recommend you use both regularly.
Heres a list of good places to get free versions to use :

Adaware
Spybot S&D
Spyblaster

Once again it may require you to be in safe mode to remove certain files that have attached themselves to your system as Windows cannot remove files if they are in use, and in safe mode Windows tries to use as few as possible, just enough in fact to get the system up and running, this can cause funny effects like poor video display but this is only while your in safe mode, do not be alarmed as this is normal.


Removal

This is often the most stressful time of all, having identified  the enemy its sometimes extremely hard to remove the beast but using a conbination of tricks and fiddles you can often do what is needed.
Work methodically in the following order to remove any items found by any of the programs listed above.  

1) Try to remove the virus using the normal procedure ie: your antivirus and spyware tools.
2) Try to remove it in safe mode
3) Try to stop it starting in the first place so you can remove it, this can be acheived by clicking your Start button and choosing the Run option, then type in msconfig.  This will bring up The System Configuration tool where you can click on the Start Up tab for a list of files that open as Windows starts.  This is often the place most spyware latches onto, so untick the ones you have identified to be possibly harmful, be wary of duplicates here as this may allow the one you switched off to return again.  If you untick something by accident, don't worry you can re-enable it by following the same procedure and ticking the item.

4) Try to turn off the process using task manager, this can be done by pressing ALT - CTRL - DEL buttons at the same time once ONLY.
Look down the list for the rogue process and right click on it selecting "end process". If your unsure whether a file is needed or not you can use the links below to identify them from your task manager.

If this fails, I have another trick that sometimes works, click on the explorer.exe file and close that process, this will close most of your desktop, do not be alarmed at what happens.
Now try to close the rogue process again, having either killed the process or not you need to restore your desktop by doing the following go to the File menu and select "add process" and type in explorer.exe (or browse for it in the c:\ windows folder ) that will restore operation to normal.







Links to help identify rogue processes:  

Task List
Security Task Manager  
                                                 

Useful System Tools

Msconfig - This is often the place to stop any virus/rogue processes running at start up, search for this in your system and look to the right and find the Startup tab.  Look in here for strangers that you may not recognise and google those to see what each does, bearing in mind some of the more successful trojans etc try to pick similar sounding names to legitimate system files, google will help you see if the file sizes are about right if your not sure.    

System File Checker - This is one of the most useful tools built into windows XP, it can be called into operation from the the command prompt (Start - Programs - Accessories - Command Prompt/Dos Prompt ). Once you have the command prompt box open type  sfc/scannow  and hit enter.  It will often require you to insert a operating system disk to make any repairs to the file system that it detects might be corrupt.



Command prompt - This can be useful for deleting files that are not normally able to be removed within Windows Explorer, not always helpful and often does not work but when used with the task manager can be a godsend.  You can access the command prompt by going to Start - Programs - Accessories - Command Prompt/Dos Prompt,  (see option 4 in removal section for deactivating Explorer.exe).  Once you have deactivated Explorer.exe, click on the command prompt box and enter del followed by the exact file name.  You can copy and paste the exact name to avoid mistakes.  This will often dislodge otherwise impossible to remove files.

 

Task Manager - This can be used to check what processes are running and how much of the system resources they are eating, you can access this by Pressing the ALT + CTRL + DEL keys all at the same time just once, unknown processes running twice are to be viewed with suspicion.

Remember folks the best cure is Prevention!

©2005-2017 WinMXWorld.com. All rights reserved. Page last updated Sat Jun 22 2013