Virus Removal

  1. Malwarebytes
  2. ESET Free web
  3. eset website
  4. Microsoft Security Essentials
  5. TDS Killer
  6. TDS Killer from Kaspersky site
  7. FreeFixer
  8. AdwCleaner
  9. JRT – removal tool

Detection programs

  1. Process Explorer
  2. Monitor all network  connections from infected machine
  3. Handle Sysinternals
  4. System Explorer- download SystemExplorerSetup_700

Links

  1. http://malwaretips.com/blogs/adware-win32-gamevance-virus/
  2. http://www.bleepingcomputer.com/virus-removal/

Registry fixes after virus removed

  1. http://www.kellys-korner-xp.com/xp_tweaks.htm
  2. http://www.tweaking.com/
  3. http://www.gegeek.com

Process to remove virus

  1. create a backup image of boot drive using Image for windows
  2. do not plug computer into main network. plug into dmz
  3. clean all temp files from the system %userprofile%\temp
    1. download and run TFC from oldtimer TFC
  4. if possible look are number or running processes, note any that are using a constant % of the cpu
    1. document the number of processes running
  5. check scheduled tasks, sometimes they are started from here
  6. run autoruns.exe and look at all the start programs, download
    1. make note of any that do not show a manufacturer.
    2. check with process explorer look for suspicious activity Download
    3. check with process montitor look for suspicious activity Download
  7. see this under spyware removal processes
  8. boot into safemode with networking
      1. run and see if it finds virus and cure
    2. install malwarebytes and update and complete a full scan
      2. save log file to memory stick in directory for customer
  9. download and install Microsoft Security Essentials
    2. run scan of system
  10. goto nod32 and run online scan off system
  11. reboot and run malwarebytes again
  • Optional sophos
  1. using memory stick run the following program from sophos
    2. SAV32CLI -REMOVE -P=C:\LOGFILE.TXT
  2. boot into standard mode
    1. update installed antivirus and run a complete scan of the system.

checklist after clean

  • the following must be completed to make sure system is clean
  • go to several websites, leave running for about 1/2 hour check for unwanted popups
  • run windowsupdate if it gives you a dns error
  • run gmer, it must be clean download gmer
  • run mbr in dos from gmer this checks master boot record sometimes the bugs hide here
  • last thing to try if you still can not clean it