How to delete the hard-to-remove malwares, spywares and trojan downloaders?
Posted on 2005-04-06
a friend of mine had the computer full of sh1t. You know what I mean... (read title)
I'm not new in cleaning malware etc., I've used Adaware Pro, then I found PestPatrol, which works better than Adaware...
Anyway, PestPatrol is not perfect. With PestPatrol I removed lots of spyware from a computer, rebooted, and new spyware was detected. I removed it again, rebooted, and still the same. Obviously there was a spyware downlaoder somewhere else.
The news spyware and trojan downloaders (onm my computer i have none of them) are really hard to kill. So I'd like to know better systems to clean them.
I used Xraypc, which is similar to hijackthis. But this tool didn't help that much.
I had to manually search in the registry file, regedit... and found lots of interesting entries that I removed from "Run".
I also deleted some suspect files inside c:\Windows\Downloaded Program Files
I tried The Cleaner, which found a trojan and removed it inside c:\Windows.
I deleted some .exe files inside c:\Documents and Settings\Myprofile\
But some .exe files couldn't be deleted.
Now, I searched the registry file to find where these files are executed at startup and found nothing, I searched win.ini, system.ini and found nothing.
So now my qustions are the following:
1) how can I get rid of this suspect file .exe inside c:\Documents and Settings\Myprofile\Local Settings\Temp ? If I try to delete, it says "file in use".
2) How can I see where all the processes are started, and deactivate them? Is there a program better than xraypc and hijackthis?
3) Where are the locations to run files at startup?
I know these ones:
- Start > Programs Startup
- Regedit > Software > Microsoft > Windows > CurrentVersion > Run, RunOnce
- Windows Services (can some spyware or trojans be installed as Windows Services? I didn't investigate this on my friend's PC)
4) Can you provide a tutorial or a guide to clean also the most messed up computer full of sh1t like the one that has my friend?
My friend is not the only one, other people may ask my help and I'd like to help them to remove everything.
I'd prefear links of guides/tutorials online: no need to copy and paste here all the text, just put the links.
5) Can you provide me a list of programs (also non-free) that I should ahve with me when I go to a friend that has the computer full of this sh1t?
The programs I already have in my collection:
- PestPatrol 4.4 + updater (I don't use Adaware, as Adaware finds less spyware than PestPatrol)
- The Cleaner
- Xraypc (I prefear this one instead of hijackthis... do you know if one is better than the other?)
Do you know a better program then PestPatrol 4.4, because it doen't seem effective with the new hard-tokill malwares...?
6) Once I cleaned all the trojans, or if I give a PC to a new computer user... what should i install to protect him against all the spyware, malware etc?
As basic protection I use the following:
- Service Pack 2, Autoupdates turned on, SP2 Firewall turned on
- AVGFree antivirus autoprotect turned on, autoupdate turned on
- Mozilla Firefox to surf, coz IE is the main hole where spyware gets in, am I right?
Should I add something more?
Thanks for letting me know, I really need more techniques to efficiently clean computers affected with the hard-to-kill spyware, malware etc. around.