Virus writers many times infect the restore points in Windows since normal scans don't go there. Here is some info that helped me a lot:
I'll divide this post into 2 parts, preventing infections, and removing infections. Read this thread carefully, there are many terms and program names that you can click on for more help! Also, the term malware covers virus, spyware, adware, trojans, rootkits, etc...
Before we get started though...
Use the following online scanners to help clean your computer. These are useful if you do not have updated antimalware protection on your computer, or if you think there is something on your computer but you cannot find it, or if you have already cleaned your machine with one program but want to check with another (highly recommended).
If you find an infection, I HIGHLY recommend using one or all three of the following, in INTERNET EXPLORER(not supported in Firefox).
http://www.bitdefender.com/scan8/ie.htmlhttp://www.kaspersky.com/virusscannerhttp://housecall.trendmicro.com/Part I Preventing infections(updated 12-29-2007)
1. Keep up with your Windows security updates.
2. Use an alternate browser, such as Firefox or SeaMonkey. SeaMonkey is nice and fast (formerly Netscape 4.xx), and comes with its own e-mail client. If you must use Internet Explorer I suggest version 7. If you must run IE6 though, make sure you turn off "Install on demand", and set your Security Settings to High.
3. Keep your antivirus updated. I recommend daily. Also, I recommend NOT using Norton or McAfee. These products suck the life out of a computer, and are the first ones targeted by virus writers. If you want a recommendation I suggest Bitdefender or Kaspersky. Kaspersky offers a lot more features, but is a more advanced product, and will nag you constantly about different security things. That is not a bad thing, but some people may not like it. If you want a free antivirus I suggest Clam for Windows. I DO NOT recommend AVG, Avast, or any of the others that are free. I have used them all and seen them come up with clean scans, on a HEAVILY infected machine. Clam is open source and updated frequently.
4. Use a professional antispyware program. I recommend Spy Sweeper. It is not free, but the 2 highest rated products out there are Spy Sweeper and CounterSpy. I haven't used CounterSpy, but Spy Sweeper does a good job of detection and does not take a lot of resources. Whatever you choose, update it daily.
5. Use a firewall. I used to advocate only using a hardware router for protection, but software firewalls not only help defend against new infections, they prevent malwares from "dialing home," and making the infection worse by downloading new components, sending spam, etc... I recommend Kerio. Zone Alarm sucks up too much in resources, and tends to corrupt the TCP/IP stack, as well as leave your machine with web browser problems if you uninstall it. No, I don't care that YOU didn't see this problem, but I have seen it on several occasions.
If you want a recommendation on one program that gives you antivirus, antispyware, firewall, and antispam, use Kaspersky Internet Security. It isn't cheap, but well worth getting all of these features in one package.
Part II Removing Infections(updated 12-29-2007)
1. Disable System Restore. Malwares and viruses tend to infect files in your System Restore area, which most tools can't clean.
2. Scan your system with antivirus and antispyware tools. Okay, a few rules here. First, get all the tools you can (you should own Spy Sweeper if you read above, but Ad-Aware, Hijackthis, Spybot, and Windows Defender are free). Next, update all your definitions. Unplug your computer from the Internet. Then, run full scans. Many tools don't scan everything by default, so make sure you check out all your options and menus for check boxes that tell the tools to do this. Finally, scan again in safe mode. Many infections cannot be removed in regular mode, because the malicious files are busy working. I also recommend scanning in safe mode, while logged in as administrator if you can. Sometimes your software tools miss files or can't clean them because the account you were using didn't have full rights to the file system, or files within your profile were in use.
3. Run MSCONFIG to remove items from your startup that do not belong there.
4. Remove Browser Helper Objects. Also known as BHOs, these are the little pieces of code that tend to redownload spyware as soon as you launch IE again. Get hijackthis from
www.download.com to find and remove them. There are legitimate BHOs, for Google Toolbar, Acrobat, etc... But if the same program keeps reinstalling itself, odds are you have a BHO causing it. Anyways hijackthis will list them (scroll to the bottom of the hijackthis scan window), and hijackthis also has a log feature that is handy. If you want to ask for help with what is safe to delete and what isn't, you can always post it. Just not in my thread please, make your own.
5. Check your hosts file. It may have been hijacked, and the next time you go to a website, you might be redirected to a malicious site. Also, if you cannot update your antivirus/antispyware, this may be why! Fix the file, or delete it altogether.
6. Once you are done scanning and removing things, plug back into the Internet, and test your system. If it is stable, clean out the quarantine areas of your antivirus and antispyware tools. No need to store copies of all the junk you just removed.
