This may be a little adv for most people here but I will post it anyway. I recommend running the scan from
Note: This isnt the original scanner I recommended but the one I did like was shut down an now they want you to buy an app. An I wont make people pay for something so. http://housecall.trendmicro.com/ just to clear out spyware you might have and not know about. Run it even if you have spybot and adaware and microgaycrapscan w/e... This will find stuff most of thoughs ignore or dont find at all.
After doing this step I recommend pressing Ctrl+alt+delete and google the exe files under Processes tab. Most of the time you can find spyware and or virus's doing so. (Tip: Do not close explorer.exe even if you think it has something.)
Most of the time doing so can bring forth issues if it is a virus that is being stopped by the explorer.exe process running. Meaning the virus cant do anything at that time because the program is in use so it cant edit the exe file etc.
After your list is some what clear. Download and install spybot if you do not have it. Once installed click mode at the top and set it to advanced.
Once done click the tools bar on the left side menu. Now note you will see boxs not checked in the box to the right. It is recommended you check them all for the full range of options but isnt needed. All you will be needed to check stuff is the follow.
ActiveX
BHOs
Process List
System Internals
System Startup
Also before closing this Id recommend you go to the host files button an add the spybot hosts list. This will block a good number of spyware programs from reopening in ie to download again. It just makes it so the site wont work that the spyware comes from. Anyway next step
We want to start with activex once you have closed down all ie and browser related windows. Go through this list and clear out anything that might look funny if you arnt sure write it down and google it. Now I say close all browsers because with them open the activex files are active and if you have something nasty it can reinstall itself some of the time. I have seen it happen...
BHOs - Again do the same as activex clear out what u think you dont need. Google it if ur not sure. (Note: If they have no name or anything try left clicking them for more details. If you still cant find any info its just your best guess if you want to remove it or not.)
System internals - Run this and fix anything you can most of the time I just delete what it finds but be sure you are picky on doing so with some files.
Next click the process list button. Read the list of processes and the path they are leading to anything that might look funny google it. Note that some virus's do tend to make random folder names in the system32 and or system folder and then hide them. So read the full path and confirm its safe by researching it on google.
- This can take 1 to 5 hours depending on the user and how fast they are. It only takes me 30 minutes or less to check mine because most of the time I dont need to google because I know what it is ment to look like. -
Next step dont worry we are going a little deeper. On with Process List look down the list an google them if anything shows up funny or you think something is running funny select it like example svchost.exe once you select it you can run down the process info tab and just check it all over make sure it looks right google what you dont know next. Select the loaded modules tab this is how you can catch most virus's running in the exe itself. Read down this list and google anything funny and or everything to be safe if your not sure.
Keep in mind that 99.999% of the time system files such as explore.exe only run files and dlls that are located in the system32 folder. So if anything is running in program files or system google the dll and or exe right away and see what it is. You can find removal tools this way.
-Another note when looking over files if any open network ports you should google it an the port to see what it is doing.-
-Note you can kill modules that are loaded in the exe with the button at the top of spybot. -
Next after you have ran through and checked everything over move on to the system startup list. Check anything that isnt normal or shouldnt be around. Be very very picky about this and google each one if you are not sure what you are doing you can damage your system.
Once you have done this click start>run>and type in "msconfig"
Select the selective startup if not already done so.
After this select the startup tab and run down the list just checking.
This should be clean because you already checked it in spybot but it never hurts to check it again.
Next click the services tab. Once done check the box that says hide all microsoft services. Once done check down that list and uncheck anything that seems fishy.
Google things you arnt sure of once done if you want you can uncheck the hide microsoft services and run a check of that list but I have never ran into a virus that hides like that but im sure someone has done it.
-An note be sure you dont remove anything you need this is a bad place to remove something.-
Now that you have done all this im sure your ready for a reboot but lets not do this just yet!
Find and download hijackthis I dont really have a link but im sure someone can find it with a little time.
-You might be able to download it at
http://www.hijackthis.de/ I think I saw a download link at the top once.-
Once you have downloaded this run and save a log. Once you have done this go to
http://www.hijackthis.de/ and browse to ur log and load it. Read down this list remove anything that is nasty and check over the unknowns etc.
-Note If you dont feel safe reading this list an or doing what it says you can post your logs on this area of the forums an ill be more then happy to look over them for you rather then let the site do it.-
Safe should be fine. NOTE AND A BIG NOTE! If you see something with nameserver and then an ip I RECOMMEND YOU NOT REMOVE THIS!
I have done this before and it screwed up the net if by chance you do the only way to fix it is to reinstall network drivers if you dont use windows default drives if you use default you just go in to the device manager under my computers right click properties an under the network list you uninstall everything then reboot an it should auto reinstall the drivers. So be very picky when going down this list and google over anything that might be an issue. If you still are unsure if its clean you can post your hijackthis log here and ill look it over.
Once you have done this I recommend clicking start then right clicking my computer going to properties then selecting the system restore tab and turning it off until you have rebooted. This way if you have a virus and its hidding in the system restore it will be gone next reboot.
After doing all this reboot your computer and do all the checks listed here one more time. The reason I say do them again is simple. When you uncheck the process or remove the issue so its not starting up anymore it will no longer hide from some of the checks. So you might in fact find something the system wasnt able to see before. After you have a clean bill of health turn system restore back on and reboot one last time. Also another reason you run the check is some files wont allow you to uninstall them that simple.
This is a most evil and long process but it will kick the hell out of any virus. Atleast the ones I have got so far.
Another note a few programs id recommend other then the ones I posted here to help you clear out crap is the free trail of prevx. To be honest prevx is by far one of the best cleaning programs I have ever used I been thinking about buying it. Another one is WinPatrol this tool helps located hidden files etc its a really handy tool an has saved me a pain load of time. Yet one more tool is webroots spysweaper though that one costs as well its really worth the money if you can get it. Its like prevx.
If you are still having this issue after all this you will want to make a post.
