The key symptoms: messages that your computer is infected (and you need to buy a product to get rid of it). However, these tricks should work with just about any piece of malware out there. First course of action should always be your antivirus/malware software, but if you can't get to that or it doesn't work, there are other options. If you have this particular nasty bug, you can not get to your antivirus software nor can you get out on the net.
You'll need to save any needed files from 'the net on a flash drive or disk, to use on the infected computer. As a security precaution, if you can unplug your modem or shut down network access to the infected computer, that would probably be wise, in my opinion.
Once you've gotten rid of this nasty bug, it would be wise to make a new System Restore point.
So, here are some suggestions, IF you can't get to your antivirus/malware software:
- Use a removal tool from the web
- System restore or force last successful installation (builtin windows features)
- Use backup discs or original installation discs
- Use HijackThis and manually remove + cleanup
- Microsoft has a free malicious software remover. http://www.microsoft.com/security/malwareremove/default.aspx
- Malwarebytes: http://www.malwarebytes.org/mbam.php
- The first half of this post focuses on using a removal tool. The second half focuses on manually deleting and cleaning up. If you would prefer other alternatives to manually deleting, you can try some of the things I've listed below. System Restore can be an excellent tool.
System Restore is an easy to use & built in feature of Windows XP, Vista & 7. The point of a System Restore in Windows is restore your system back to a point prior to whatever problem is happening. It can be used when upgrades fail, malware/viruses which can't be treated by malware/antivirus programs, etc.
Windows *should* be making restore points automatically; however, if you do not see a restore point listed, then obviously you can't use this. ;-)
Note: You will lose some changes in software, drivers, etc that were upgraded or added after the rollback. You won't (or shouldn't!) lose Word documents, e-mail settings and messages, anything stored in My Documents, My Pictures, or My Music folders either. If you do a System Restore, just make sure to check for windows, virus protection and other program upgrades. Hopefully, you should have several restore points to choose from.
You will need to work in the Safe Mode on the infected computer
Windows 7 and Vista instructions:
Don't forget to rerun your virus scan; check for upgrades and make a new restore point.
Last Known Good Configuration feature
Windows 7 instructions
*this may or may not work for this kind of malware, but it's really not going to hurt to try it!
Backup discs or reload from original installation discs
Depending on what your comfort level is with manually editing the registry (see below), you may prefer to reload a clean copy from your backup discs (or drive) or even reload from the original installation discs/files.
That's kind of up to you. Reloading from the backup discs will mean that anything you've added since those files will be lost. Reinstalling from the original installation will take your PC back to the "just out of the box" state.
Manually delete it and clean up registry
How to use Hijack this to get rid of it; more manual, but will not lose anything other than the malware (if you do it correctly!) The later half of this post focuses on Hijack This and is excellent step by step.
I love hijack this and have used it several times to help clean up my registry, but if you screw up your registry it can be alot of work to fix it. So, be careful. ;-)