MalwareTeks: Malware Cleaning Guide (Windows 2000/XP/Server 2003/Vista/Server 2008/7)

IMPORTANT

No system that has been infected can be trusted ever again. The only way to ensure that your system is safe again, is to do a 'Clean Install' of the Operating System. If your system has a 'RootKit' installed, there is a good chance your system is completely subverted by the RootKit; and is not to be trusted ever again. Malware comes in many forms; Spyware, Adware, Viruses, Trojans, Worms, Keyloggers, Remote Administration Tools and RootKits; ranging in difficultly to remove. Some can simply be removed by uninstalling the Malware via Add or Remove Programs in the Control Panel; others can be extremely difficult to remove. However the only way to truly be sure that the Malware is completely gone is to completely remove the partitions, format the drive, and do a 'Clean Install' of the Operating System.

If you don't take this advice and decide to do a manual clean instead of a reinstall of your system don't blame us if any sensitive data is stolen from you. The only reply you will ever get from us will be: "YOU WERE WARNED!"

Make sure you are familiar with the following:

NOTE

Do NOT disable System Restore yet! An infected restore point is better than no restore point at all.

Download the following to your Desktop:

CCleaner
OTL by OldTimer
ISeeYouXP by ShadowPuterDude
Malwarebytes' Anti-Malware (MBAM)

INFORMATION

This will generate a randomly named download for Malwarebytes' Anti-Malware.

Malwarebytes' Anti-Malware Professional
Microsoft Malicious Software Removal Tool

Install the following:

CCleaner
Malwarebytes' Anti-Malware

NOTE

Double-click the randomly named MBAM setup and follow the prompts to install the program. Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Close Malwarebytes' Anti-Malware
ISeeYouXP by ShadowPuterDude

NOTE

Double-click ISeeYouXP.exe, ISeeYouXP will be extracted to C:\ISeeYouXP; and a shortcut to ISeeYouXP.bat will be placed on the Desktop.

Cleaning Process:

Look in Add or Remove Programs and uninstall any Applications that you deem suspicious.

INFORMATION

For a list of Malware applications that can be uninstalled via Add or Remove Programs see: Uninstall Malware via Add/Remove Programs
Enable the viewing of hidden files and folders
Initial Scans
- Run CCleaner
  - The following should be selected by default, if not, please select:
  - Click and choose
  - Uncheck
  - Then go back to and click to run it.
  - Exit CCleaner.
- Open and run Microsoft Malicious Software Removal Tool and fix what it finds.
- Run Malwarebytes' Anti-Malware
  - Once the program has loaded, select Perform quick scan, then click Scan.
  - When the scan is complete, click OK, then Show Results to view the results.
  - Be sure that everything is checked, and click Remove Selected.
  - When completed, a log will open in Notepad. Save the log to a convenient location, you will be posting the log later.

INFORMATION

If after doing the above steps you are still having problems, continue with the below:

Post Cleaning Process

Run OTL by OldTimer

CAUTION

Make sure all other windows and applications are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  - When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
- Save both logs to a convenient loaction, you will being them later.
Run ISeeYouXP by ShadowPuterDude
Double-click the ISeeYouXP shortcut to run ISeeYouXP.

Windows Vista and Windows 7

User Account Control (UAC) must be turned off to run this script.

To Run ISeeYouXP right-click on ISeeYouXP.bat and select "Run as Administrator"
- Possible Error Messages:
  - If your ISeeYouXP.txt log appear to be empty or semi-empty or if you get an error message similar to the below when running ISeeYouXP.bat and you are running Windows XP or Windows 2000, follow the steps further down that relate to your OS
    
    C:\WINDOWS\SYSTEM32\AUTOEXEC.NT.
    The system file is not suitable for running MS-DOS and Microsoft Window applications.
    - For Windows XP Pro: download and run: XPproFix
    - For Windows XP Home: download and run: XPHomeFix
    - For Windows 2000: download and run: W2KFix
  - After attempting to fix the above error, run ISeeYouXP.bat again.
  - A possible second type of error message may occur as shown below! If you get either of these two messages, perform the Resolution steps given in this: Virtual Device Driver Error Message in 16-Bit MS-DOS Subsystem.
    
    16 bit MS-DOS Subsystem
    drive:\program path
    XXXX. An installable Virtual Device Driver failed DLL initialization. Choose 'Close' to terminate the application.
    
    -or-
    
    16 bit MS-DOS Subsystem
    drive:\program path
    SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers. VDD. Virtual Device Driver format in the registry is invalid. Choose 'Close' to terminate the application.
  - After attempting to fix the above errors, run ISeeYouXP.bat again
Start a thread in our Malware Removal Forum where one of our approved volunteers will be happy to assist you.

NOTE

Make sure you give your "New" thread a descriptive subject. Don't just title your thread Help inundated with Malware or similar.

or Simply Click

You must be a registered member of our site; in order to post in the Forums.

If you are not registered you may do so now, by Clicking Here!

You may not reproduce this article in whole or part without the express permission of the author and MalwareTeks.