Hi all and welcome again to another Tech Tip from the folks at Blog.Web Diligence. This week we’re talking about Windows viruses, specifically, how to get rid the little bastards. Whether you’re running Windows on a daily basis or just on occasion using bootcamp on a Mac, you’re bound to contract some nasty malware eventually… the laws of mathematics just demand it. And with so many different variations of malware on the web today, it’s getting increasingly harder to rid yourself of these unwanted pests.
Luckily, there are some really useful and effective tools at our disposal, all of which are free to download and use (as of the time of this article).

Firstly, you’ve probably already started to notice some "odd" things happening with your PC and have no doubt thrown down the obligatory "I’ve got a virus!" accusation, so let’s go through a few tell tale signs of virus activity that you can look for to be absolutely sure. You may be experiencing one or more of these symptoms:

• Internet Explorer no longer opens to your usual homepage.
• The computer runs slower than usual.
• The computer stops responding, or it locks up frequently.
• The computer crashes, and then it restarts every few minutes.
• The computer restarts on its own. Additionally, the computer does not run as usual.
• Applications on the computer do not work correctly.
• Disks or disk drives are inaccessible.
• You cannot print items correctly.
• You see unusual error messages.
• You see distorted menus and dialog boxes.
• There is a double extension on an attachment that you recently opened, such as a .jpg, .vbs, .gif, or .exec. extension.
• An antivirus program is disabled for no reason. Additionally, the antivirus program cannot be restarted.
• An antivirus program cannot be installed on the computer, or the antivirus program will not run.
• New icons appear on the desktop that you did not put there, or the icons are not associated with any recently installed programs.
• Strange sounds or music plays from the speakers unexpectedly.
• A program disappears from the computer even though you did not intentionally remove the program.

The first step that you must not ignore is to backup your pictures, documents, etc… All of the following procedures have the possibility of making your Windows installation no longer boot, so get your stuff off while you can. Trust me, you’ll be thankful you did.

The next step is something that many people overlook when troubleshooting a virus, which is to turn off System Restore. Viruses like to nestle up in your system restore points, making sure you can’t just take your windows installation back in time to rid the infection.

Turn Off System Restore:
• Right-Click on My Computer
• Choose Properties
• Goto the ‘System Restore’ tab
• Check the ‘Turn Off System Restore’ button
• Click the OK button

Now, we’ll need to download some tools for the job… Either download them directly to the infected PC or to another PC and transfer them via CD or USB Key (note: USB Keys can become infected by some ‘autorun’ viruses, use with caution).

Required Tools:
• SmitFraudFix – http://siri.urz.free.fr/Fix/SmitfraudFix.php
• SuperAntiSpyware Free – http://www.superantispyware.com>
• Malwarebytes’ Anti-Malware – http://www.malwarebytes.org/mbam.php

Next, we’ll need to restart into ‘Safe Mode’. The easiest way to accomplish this is:

Restart in Safe Mode:
• Restart your PC
• Once the screen goes blank start tapping the ‘F8′ key repeatedly
• From the Windows Advanced Options menu select ‘Safe Mode’
• Press ‘Enter’

By now you should be booting into Safe Mode, once you login (to an account with administrator privileges) you’ll be prompted with a message alerting you that you are in Safe Mode, click the OK button to continue in Safe Mode. Once fully logged on, copy SmitFraudFix.exe to your desktop and launch it.

Clean PC using SmitFraudFix:
• Launch SmitFraudFix.exe
• Press Any Key to continue thru the initial message
• Press ‘2′ for “Clean”
• Press ‘Enter’
• Wait for SmitFraudFix to finish
• Drive Cleanup will be launched, wait for it to finish before continuing
• After Drive Cleanup is finished, press ‘Y’ to the “clean registry?” question
• Press ‘Enter’
• Once completed, press ‘Q’ then ‘Enter’ to quit.

Now that the worst of the worst are taken care of, we’ll need to restart the PC back into ‘Normal Mode’:

Restart in Normal Mode:
• Restart your PC
• Don’t press any keys, allow PC to boot normally

Next, we’re going to install a couple of programs that will effectively scan for and remove any left over viruses:

Install Malware Bytes’ Anti-Malware:
• Launch mbam-setup.exe
• Install using default settings
• MBAM will auto-launch after setup and will prompt you to download the newest definitions, please do so.
• Once loaded, choose “Full-Scan”
• Click ‘Scan’
• Once finished scanning, review the scan results, select all items and ‘Remove Selected’.
• MBAM will remove all selected items and ask to restart the computer, please do so.

Install SUPER Anti-Spyware:
• Once rebooted launch SUPERAntiSpyware.exe
• Install using default settings
• SUPERAntiSpyware will auto-launch after setup and will prompt you to download the newest definitions, please do so.
• Once loaded, choose “Full-Scan”
• Click ‘Scan’
• Once finished scanning, review the scan results
• Select all items and click ‘Next’
• SUPERAntiSpyware will remove all selected items and ask to restart the computer, please do so.

90% of the people should now be running a malware free machine… There are some viruses that require more digging and know-how to eradicate, but for most of you this will most likely be a life-saving exercise at some point Lastly, let’s go and turn System Restore back on for future use:

Turn On System Restore:
• Right-Click on My Computer
• Choose Properties
• Goto the ‘System Restore’ tab
• Uncheck the ‘Turn Off System Restore’ button
• Click the OK button

Now do yourself a favor and install a quality Antivirus solution (my favorite at the moment is Norton 360 Version 2.0, note: version 1.0 sucked) and keep it up-to-date. See you all next time with another Tech Tip from Blog.WD.