Malware Removal tools Click Here!
disclaimer: while these methods work great for basic malware
they may not work against more sophisticated virus, trojans, and worms
and will almost definitely NOT work against a Rootkit.
INTRO: Virus vs Malware
Remove W32 Virus with free tools
Virus vs. Malware:
Most people think that anything bad on their computer is a “virus”.
But there are actually many variations such as worms,
trojans, logic bombs and others. Collectively, these are all known
as “malicious software” aka malware. Spyware is not usually considered,
but recently the lines between spyware and malware have begun to blur
as spyware gets more aggressive, subversive and intrusive.
Here are the two easiest ways to remove viruses and spyware from your
system without using Symantec, Mcafee or other high priced “security”
1) Conduct a System Restore. Click Here to remove a virus with System
2) Use FREE Adaware/Spybot Search and Destroy (see instructions below
on how to remove a virus using free security tools)
Remove Virus with Free Security Tools
1. Load Anti-Spyware/Anti-Malware Applications
Download and Install Adaware SE for free at Majorgeeks.com
When installing, ensure that you update the signature files
of Adaware (it will prompt you to do so).
Download and install: Spyware Search & Destroy
You can get Spybot Search & Destroy from Majorgeeks.com
Spyware Search & Destroy may prompt you to install the updates once
you have installed the software on your system. Just follow the Install
Wizard walk through and you’ll be fine. (Step 4 & 5 will instruct
you on how to clean the system, but it is best to be in SafeMode,
which is explained in Step 2.)
2. Reboot and go into Safe Mode
Reboot your computer and HIT the “F8” Funtion
Key like crazy If it doesn’t, work try again. The system should
ask you what mode you want to boot in. You want “Safe Mode” or “Safe
Mode with Networking” MORE ON SAFE
3. Add/Remove Spyware From “Programs”
Once in Safe Mode, Go to Start | Run | Add/Remove Programs. Look for
odd software that looks suspicious. Spyware typically has keywords
like “Optimizer” or “Spy
Sheriff” or “surf.”
You should have any doubts about the program you are going to remove
DO NOT DO IT. Go to the next step. I just want you to realize that Add/Remove
programs can be an important feature for removing unwanted programs.
4. Clean your system up with Adaware SE
Once you are in Safemode and have the free anti-virus/anti-spyware
loaded, do a “Full
System scan” and
an ADS scan with Adaware SE
An ADS scan will require you to select a drive (select the C: drive.)
*ADS Scans look for files hiden in files.
5. Clean Malware off with Spybot Search & Destroy
Install the updates once you have installed the software on you system.
You may have to click on the desktop icon or go into Start | Programs
to start “Spybot Search & Destroy” and do a complete system
6. Make sure the malware is gone:
Once you boot back into Normal mode (just reboot the system),
system performace will be an indication of whether of not the
system has been cleaned of the malware and Spyware.
If the system is
suggest running both Spybot and Adaware again to
If you still can not remove all the malware, check out what
your system is doing with Netstat
and Task Manager. It may give you some clues of what malware
is still being executed. Here is a list of command malware:
List of Malware that was loaded on my system:
winstall.exe (reloads Spy Sheriff after it is uninstalled)
iexplorer.exe (Variant of evivinv.virus, rapid Blaster)
z*.exe (z11, z12, z13.exe ect.)
You have to realize that some Malware is really, really hard to
get rid of and may require much more time to remove. One great
way to figure out how to get rid of more specific hard to remove
PS Guard, smithfraud, rootkits, and others that will piss
all over Spybot and Adaware, is to seek out the forums.
If you have the problem, chances are 1000 people have already had
it and lived through it.
You might also try as System
Restore. Its even faster than the instructions above.
When all else fails, back up your important porn and format with
your original Windows software. And make sure you have adequate protection
a hardware firewall using NAT) otherwise you will, like a Katrina
survivor, moving right
back under the levee with no protection from another disaster that
is almost certain.
You should also surf with Firefox. It is currently the best browser
on the market IMO.
This utility, which has the most comprehensive knowledge of auto-starting
locations of any startup monitor, shows you what programs are configured
to run during system bootup or login, and shows you the entries in the
order Windows processes them. These programs include ones in your startup
folder, Run, RunOnce, and other Registry keys.
Download Autorun into C:\Autoruns and run it in while in Safemode (you
will have to reboot to get to safemode).
2. When in Safemode, goto the C:\Autoruns folder and double-click on
3. When autoruns.exe starts, click on the “Options“
menu and enable the following options
- Include empty locations
-Verify Code Signatures
- Hide Signed Microsoft Entries
4. The F5 key on your keyboard will refresh the startups
list using these new settings.
5. Autoruns will show information on all the locations where the malware
is loaded (pay attention to Logon and the Services tabs). Click on each
tab and look through the list for the filename that you want
The filename will be found under the Image Path column. There
may be more than one entry associated with the same file as it
is common for
malware to create multiple startup entries.
6. Once you find the entry that is associated with the malware, you want to
delete that entry so it will not start again on the next reboot. To do that
right click on the entry and select delete. This startup entry will now be
removed from the Registry.
7. The next step is to delete the file using My Computer or Windows Explorer.
If you can not
the file, it may be hidden (How
to unhide files).
8. When you are finished removing the malware entries from the Registry and
deleting the files, reboot into normal mode as you will now be
9. Visity Beeping Computer and give thanks