I'm going to assume you are profeceint with windows, so some of the "Click
Ok"'s are left off. Spyware and viruses have a way of placing themselves in
the exclude list for lots and lots of software. To prevent this, you need to
run the software as soon as you install it.
On a 'clean' PC re-download
spybot and the includes
Msft's Anti-Spyware
You might also want to check out
http://www.wilderssecurity.net
for spyguard and spyblaster.
Don't forget FireFox
Get powertoys tweakUI from the msft site, disable 'parse autoexec.bat',
unless you upgraded from Win9x, c:\autoexec.bat should have size 0 (if it
does, then delete autoexec.bat).
Your AV software with the updates
Don't forget to donate (to the shareware companies [not microsoft] ... and
actually purchase msft software)
Burn the software to a CD
On your infected PC disconnect from the internet
Next, uninstall all anti-virus and spyware protection
reboot into safe mode
INSIDE SAFE MODE
Clean out suspects
Click start | run type 'inetcpl.cpl', click ok
Delete Cookies, Files (as well as offline), Clear Histroy
Click Settings, Click View Objects, Right-Click each item and then select
remove
Start | My Computer
For each drive, click and press ALT+ENTER
Check Everything, except for Office and Compress DON'T CLICK OK
Click More Options, Click the System Restore Clean Up.. Button, click yes
Click OK
click start | Run type 'cleanmgr.exe /sageset:101'
check everything, except for Office Setup Files (if you have it) and
Compress old files
Click Ok
Click start | run type 'cleanmgr.exe /sagerun:101'
***
A better way:
Search your hard drive for cache, cookie, content.ie5, history, recent,
temp, tmp
delete the contents of each folder NOT THE FOLDERS
***
Now install spyguard and spyblaster (enable all protection/protect against
items)
Now install Spybot, Don't update or back up the registry, but immunize
When the teaTimer prompts you, don't select remeber
Click Mode | Advanced
Click the Immunize button, Click the Immunize Button at the top
Click Settings Bar,
Click the settings label, Check All
Click Directories, right-click the window and add a directory
You add everything except for system volume information<-KEY STEP HERE
then you add c:\ as the last one
Click Ignore Products
For each Tab Right-Click in the window select Deselect All <-KEY STEP HERE
Click the Tools Bar
Check Hosts File, ActiveX, BHO's, System Startup
Under ActiveX, only java, spybot, spyguard, spyblaster, acrobat
Under BHO, only java, spybot, spyguard, spyblaster, acrobat
Under Hosts File, Click Add Spybot-s&d hosts list at the top
Click File | Check for problems
smok'em if you got'um (15-45+ minutes)
Close Spybot
Install the updates
ReInstall Spybot
Go though above again <-KEY STEP HERE
Now Install Msft Anti-Spyware beta
Run Scans upon install
Run Anti-Spyware beta after install
Click Spyware Scan
Click Scan Options
Check full system scan, run scan now, come back in 10 minutes
If you're lucky, you will be prompted to have spybot run again at start up.
After it runs in the normal gui, you can right-click the entries and select
exclude from detection (you should also do this for the
Settings\IgnoreProducts\Security.sbi Windows Security Center.whatever)
Click Advananced tools, click system explorers
Click Networking\Windows Hosts File
Everything with 127.0.0.1 is ok, anything else, remove (could have done this
in spybot, but msft has nice red x's)
You might want to check the start up, for that matter, just uncheck everything
Now install your anti-virus
Run the check,
install updates, install the software again, install updates and run
Upon rebooting, either Msft Anti-Spy or spybot will prompt you about things
trying to be installed ~ this is the virus/spyware, so don't allow it, but
have it cleaned.
Connect to the Internet
Update:
Spybot, Spyguard, Spyblaster, Anti-Spyware, your AV,
Check the settings, and then rerun your scans.
If you disabled start up items, re-enable, then reboot
Now Connect to the WindowsUpdate site, and update. Click Start | All
Programs | Microsoft Office | Msft Office Tools | App recovery
Go to office.microsoft.com and have it run a check for updates; you might
want to re-apply the latest service pack.
Your system should now be clean ~ takes 4+ hours
