Computer virus and spyware scan

Use this procedure to clean your computer of malware if you are currently able to browse the Internet and download files while at the Desktop in normal startup mode. If you are unable to browse the Internet in normal mode, but can browse the Internet in safe mode with networking, or but cannot boot to the Desktop in normal, but can boot to the Desktop in safe mode with networking and browse the Internet there, use Procedure B. Otherwise--providing that you can at least boot to safe mode--use Procedure C.

This procedure is somewhat more thorough than the scan you might do on a weekly or bi-weekly basis, primarily in that we will be performing the actual spyware scan in safe mode.

Outline. First you will touch up Internet Explorer's settings and do a disk cleanup. You will then download and install several leading free malware removal tools, and get their latest updates. You will also download a tool with which certain difficult to remove viruses can be removed. After these downloads you will reboot to safe mode to scan with them. The reason we get the downloads first is that you cannot connect to the Internet in safe mode. The reason for performing the scans in safe mode is that these tools can so a better job of scanning when there is no interference from background tasks and unnecessary system components. Also, much malware does not load in safe mode. After that you will reboot to normal mode and perform an online virus scan using an online virus scanner.

(Note that the importance of getting the latest definition files and other updates cannot be overstated. Without these updates, scanning tools cannot detect and remove the latest malware!)

The links in the following steps open the pages in new Windows, so you can close the pages after performing the downloads without losing the connection to this page. This page will remain open in the background, so you can refer back to it if necessary. However, as a safety precaution you may wish to place this page in your "Favorites" folder. You can remove it again after you are finished.

1. Internet Options. Perform the Reset Internet Options procedure. This should be done even if you normally use a browser other than Internet Explorer, as these settings influence your networking beyond just browsing with Internet Explorer. You should also do a disk cleanup at this point. This will speed up the scans we will shortly be performing. These steps may also cure some networking problems.

A. Download the Ad-aware Installer and Updates. See Download and install Ad-Aware for use later in safe mode for instructions and additional information.

B. Download the Spybot Installer and Updates. See Download and install Spybot for use later in safe mode for instructions and additional information.

C. Download CWShredder. See Download CWShredder for use later in safe mode. for instructions and additional information.

D. Stinger. This is a tool that scans for and removes approximately 50-60 viruses that pose difficulties for conventional antivirus programs. See Download Stinger for to use later in safe mode for instructions and additional information.

2. Reboot to safe mode. You are now ready to reboot to safe mode and scan with the above tools. Don't know how to get to safe mode? The tutorial on How to boot to safe mode will tell you everything you need to know. At the logon screen be certain to logon with the user name you were using while performing the previous downloads, if it was an account with administrator rights. Otherwise log in to the built-in Administrator account. If you use the built-in Administrator account, you will no longer have access to the Desktop of the account you used to do the downloads earlier. This is why we saved programs where necessary to the root of your system drive, normally c:\.

3. Scan. Your computer is now operating in Safe Mode. Your graphics card is in its basic VGA mode, so your Desktop items look large and grainy. The startup items you usually see in the notification area next to the clock have not loaded. Only the most basic system services are running. Much (but unfortunately no all) malware is also blocked from starting in safe mode, so it cannot interfere with detection and removal. There is no audio, you cannot burn CD's, you cannot install or uninstall most programs, and there is no network access. Many programs will not function correctly in safe mode. However, all of the utilities you downloaded previously will work--in fact, they will be able to perform their functions better without the presence of the missing background activity normally present on the computer.

A. Scan with Stinger. Start the scanning portion of the procedure with Scan with Stinger to remove problematic viruses.

B. Ad-aware. Next, Scan with Ad-Aware for spyware and adware.

C. Spybot. Scan with Spybot for spyware and adware.

D. CWShredder. If Spybot or Ad-Aware found any traces of a CoolWebSearch variant, Scan with CWShredder for CoolWebSearch variants.

Warning about multiple viruses! You have just performed a preliminary virus scan with Stinger, and we will now be proceeding to a more complete scan using an online virus scan. Keep count of the total number of viruses found, and write down their names! Note that this mean the total number of different viruses found, not the number of files infected. Read (and heed) this multiple virus warning.

4. Reboot to normal mode. To perform the online virus scan you must be in normal mode. Go to Start and shut down your computer. Use the option to restart.

5. Virus scan. The next step is to perform an online virus scan. Go to http://www.trendmicro.com/hc_intro/default.asp, click on Scan Now, It's Free and scan your computer for viruses following the directions on the site. Don't forget to keep track of how many viruses you find, and which ones. Once again, heed the multiple virus warning.

This concludes you procedure, and your computer should now be free of malware. You hold down further problems, be sure to follow the advice in Checklist for protecting your computer. You have a head start, as you have already downloaded and installed Ad-aware and Spybot. Now go get Defender, an antivirus and--unless you are using Windows XP with SP2--a firewall program.