All kinds of windows and messages appeared, saying our virus protection was out of date. Do you want to purchase an update? Most people now realize they have infected their machine and have the presence of mind to stop. However, a small percentage of people fall for the scam and make a payment for something worthless. This small percentage can bring in a lot of cash from millions of infected machines. Huge cash!
At this point, the best thing is to shut down the machine. Hold the power button down for 5 seconds if necessary to force a shutdown.
Here's the method I used to clean our machine.
- Start the machine in Safe Mode with Networking. This keeps all the extra stuff, including your recent infection, from starting. But it is not obvious how to do this SAFE MODE thing. The start (boot) screen only says F2 for setup and F12 for maintenance. On Windows machines, the key to press is F8 (as it is loading). Although it doesn't appear to be working at first, the Windows system is indeed loading in safe mode. You are presented with a black and white text screen giving several options. Choose SAFE MODE with NETWORKING. Even though this sounds wrong - after all it was the bad Internet that just infected your machine - you will need to download and update a special program soon. I logged in as Administrator.
- Once in safe mode, the screen has all your desktop icons, but bigger. Start your browser (we use Firefox, but Internet Explorer will work too) and go to the Malwarebytes site: www.malwarebytes.org Download their free Anti-Malware program. Save it to the desktop or someplace easy to remember. Close the browser. Locate the mbam-setup.exe file you just got and double click. This installs the new cleaning program. I used all the default choices. Start the Anti-Malware program by double-clicking the desktop icon. Select the UPDATE tab at the top and download the latest database. This is important, as you want the most recent bad-guy signatures installed. Now run a full scan on the c: drive. It took me 15 minutes to scan 11,000 files. 9 infections were detected! Now choose REMOVE ALL. If you want to look at the log of what was done, you can fine the text file in the anti-malware folder in Program Files. Malwarebytes allows you to upgrade their program for a small fee. They are good people and you should consider supporting them.
- Even though your machine is now scrubbed of the bad guys, copies might be hanging around in hidden places. They love to reinstall themselves and do their evil again. While still in the SAFE MODE, open c:\windows\prefetch. Select all the files here and hit delete. None of the files are needed. They just make programs start faster and will rebuild again as you run your clean machine.
- There is a small chance that the bad files might reside in their own folder in c:\Program Files. I looked and found nothing unusual.
- One of the Windows features many people keep on is System Restore. A couple years ago, things were much simpler. The idea was to take a snapshot of registry and preference settings, as well as supporting files, before installing a new program. If things didn't work out, you could always roll back to the before condition. Windows sets aside some hard drive space to accommodate these rollback files. Unfortunately, bad files can also hide out here. So, I went to Control Panel --> System and selected the System Restore tab. There is a disk use slide control to set aside space for these restore files. I moved the slide all the way to the left (zero space). By clicking Apply, the previous files - including any contaminated ones - were removed. Then I clicked the box to turn off System Restore.
- Just to make sure, I ran a full scan of my hard drive with AVG Free. One hour later, it reported no infected files. Whew!
- I restarted the machine normally and everything was fixed. To prevent another human override of my installed AVG Free program, I enabled Auto-Heal in the AVG Advanced Settings. If the (good) AVG anti-virus program detects something bad, it nucs it without asking.
0 comments:
Post a Comment