If you suspect your computer has become infected by a virus or spyware program (sluggish performance, pop-up windows, internet search takes you to an unknown site etc.) following the steps outlined below may save you some time and money. Simply running the programs listed below could correct the problem(s). If additional help is needed, the programs listed will generate reports you can submit here for more precise removal instructions.  

If you feel your computer is infected and/or a program below confirms it you should NOT continue to use your computer for online banking or other sensitive operations such as logging into your work computer. Many infections include programs that track and record your keystrokes! Things like account info and passwords are highly sought after on the “black market”.

Download, Install, Scan instructions

After installing and updating each one, Do the Scan to clean in SAFE MODE, offline with IE closed
How to start the computer in Safe mode
Copy the instructions in the link above for easy use in safemode since you will not be able to access online information. (Note: Safe Mode with Networking is not recommended) Copy any other instructions you need to operate the programs you are using so you have them handy.  

 

Spybot Search & Destroy 1.6.2 (free/donationware):
If you already have Spybot, make sure it is the latest version 1.6.2

 

(a) Download and install Spybot S&D.
(b) Click on “Update” in the left column.
(c) Click on “Search for Updates”.
(d) Select a download location (usually one close to you).
(e) Click “Download Updates” and wait of the updating process to finish.
(f) Close all programs and reboot into safe mode. Do not open IE.
(g) Click “Search and Destroy” in the left column.
(h) Click “Check for Problems”.
(i) Have Spybot remove/fix all the problems it identifies in RED. The items not listed in red should not be touched at this time.
(j) Reboot to normal mode and scan again. Repeat until no more bad (red highlighted) items are found. 
 

 

Malwarebytes’ Anti-Malware
»www.besttechie.net/tools/mbam-setup.exe or
»www.majorgeeks.com/Malwarebytes_···756.html

Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select “Perform Quick Scan”, then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy & Paste the entire report in your topic along with a current HijackThis log after running utilties.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so immediately.
 
Ad-aware AE Free (freeware version for personal use):
»www.lavasoft.com/products/ad_aware_free.php
Note: Windows 2000, XP, and Vista only!

(a) Download and install Ad-Aware AE Free. If you an had an older Ad-aware installed, grant the installer permission to uninstall it when it asks.
(b) As the installation ends, it will check for any program and definition updates needed. Please allow ALL to download and install. Then restart your computer.
(c) Reboot to SAFE MODE. Scan again with Adaware (full system scan)
(d) Wait for the scanning process to complete.
(e) When finished it will present a list of infected items found, if any and a recommended action. Use the *Perform Action Now* button to remove any infected items with a TAI above 3.
(f) Reboot your computer back into normal mode.  

If you are running Windows 2000, WinXP, or Vista download and run these additional freeware scanners to clean for trojans and spyware (Note: These additional tools will not run on Win98/ME).
Windows Defender (Microsoft) (freeware)
»www.microsoft.com/windows/produc···ult.mspx
  

(a) Download and install Microsoft Windows Defender (user the recommended settings on installation)
(b) Reboot to SAFE MODE
(c) Choose *Run Quick Scan Now*. Let it scan your system and choose to fix the infections found at the end.
(d) Reboot to normal mode and scan again. Repeat until no further bad items are found.
Complete instructions on using Windows Defender can be found here:
Using Windows Defender
»www.microsoft.com/athome/securit···ult.mspx 

 

Q. Does the version of Windows Defender that is included in Windows Vista provide additional protection?
A. Yes. Windows Defender in Windows Vista offers additional performance and security enhancements including the ability to scan only files that have changed, to run under a security-enhanced account, and to scan files when you run them. Windows Defender will also allow you to scan files as you download them if you use Internet Explorer 7.
 
Malicious Software Removal Tool
»https://www.microsoft.com/security/malwa···ult.mspx 
 

(Just download and run it – it will remove any malicious malware found)  

ONLINE AV SCANS
Get a free online Antivirus scan at one or more of the following . This is an important step to do even if you ran your resident AV program, as some malware can disable the program currently installed on your PC. The online AV scanners can sometimes reveal infections your present AV can not. Use both scanners. Do a full system scan, delete any infected files found, and choose to save the log at the end (we may need to see a copy)
Go here: »www.eset.eu/online-scanner to run an online scannner from ESET.
 
 -Note: You will need to use Internet explorer for this scan
-Tick the box next to YES, I accept the Terms of Use.
-Click Start
-When asked, allow the activex control to install
-Click Start
-Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
-Click Scan
-Wait for the scan to finish
-Use notepad to open the logfile located at C:Program FilesEsetOnlineScannerlog.txt
-Copy and paste that log as a reply to this topic, along with a new HijackThis log & a description of any remaining problems
*Note: If the above does not work for you, you can try the ESET BETA scanner here: »www.eset.eu/eos/eset-online-scanner

(Includes 64-bit Platform Support)
Trend Micro Housecall – Free on-line Scan
»housecall.trendmicro.com/
 
  

If the above steps have solved the problem, please skip the following step.
If you are still having a problem: Create a Diagnostic log using HijackThis
(a) Instructions for HijackThis:
* Download Trend Micro Hijack This™
»download.bleepingcomputer.com/hi···tall.exe
 
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program FilesTrendmicro folder and create a desktop shortcut.Special Problems?
If you can connect to the internet but are having a problem accessing certain security sites,such as those listed in this topic for downloading software and help, etc., you may have a Hijacker that has manipulated your HOSTS file.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log.
Copy and paste the contents of the log in your next reply.
Most of what it lists will be harmless or even essential, don’t fix anything yet. Someone will be along to tell you what steps to take after you post the contents of the scan results.
 
To correct this situation, download this free tool called HostsXpert:
»www.funkytoad.com/index.php?opti···temid=31
 
Unzip the HostsXpert file and doubleclick on HostsXpert.exe
(1). Press ‘Restore Original Hosts’ and press ‘OK’
(2). Exit Program.
Note: if you were using a custom Hosts file you will need to replace any of those entries yourself. If you do not know what a HOSTS file is, you are most likely not using a custom one. If you are on a company computer, check with your system administrator first.