Computer virus and spyware scan in safe mode with networking

Use this procedure to clean your computer of malware if you are currently unable to browse the Internet and download files while at the Desktop in normal startup mode, but are able to browse and download in safe mode with networking. This may be either the case where you cannot connect to the Internet in normal mode, or that you cannot even boot to the Desktop in normal mode. This procedure does require that you be able to boot your computer to safe mode with networking and in that mode be able to browse the Internet. Otherwise--providing that you can at least boot to safe mode--use Procedure C. For a discussion about which kinds of Internet connections can connect in safe mode with networking, see can I connect to a network in safe mode with networking?.

Outline. First you will touch up Internet Explorer's settings and do a disk cleanup. You will then download and install several leading free malware removal tools, get their latest updates and scan your computer with them. You will also be downloading a tool with which certain difficult to remove viruses can be removed, and perform a preliminary virus scan with it. As you will be performing these scans in safe mode these tools can so a better job of scanning, as there is no interference from background tasks and many of the system components running in normal mode. Also, much malware does not load in safe mode. After that, presuming that you can then boot to normal mode, you will reboot to normal mode and perform an online virus scan using an online virus scanning tool.

(Note that the importance of getting the latest definition files and other updates cannot be overstated. Without these updates, scanning tools cannot detect and remove the latest malware!)

The links in the following steps open the sites in new pages, so you can close the pages after performing the downloads without losing the connection to this page. This page will remain open in the background, so you can refer back to it if necessary. However, as a safety precaution you may wish to place this page in your "Favorites" folder. You can remove it again after you are finished.

1. Internet Options. This step may be performed in either normal mode or safe mode with networking. Use the latter if your computer will not boot to normal mode, see How to reboot to safe mode. Perform the Reset Internet Options procedure. This should be done even if you normally use a browser other than Internet Explorer, as these settings influence your networking beyond just browsing with Internet Explorer. You should also do a disk cleanup at this point. This will speed up the scans we will shortly be performing, and may also cure some networking problems. If you are able to connect to the Internet in normal mode after resetting Internet Options, you can use Procedure A - basic scan for computer virus and spyware/adware to clean your computer.

2. Safe Mode With Networking. Boot your computer to safe mode with networking. If you are do not know how to boot your computer to safe mode with networking, see How to reboot to safe mode. If you computer fails to boot to safe mode, you may require technical assistance from either your computer manufacturer or from Microsoft.

If you are not familiar with safe mode with networking, you will find that your Desktop looks strange. Your graphics card is in its basic VGA mode, so your Desktop items look large and grainy. The startup items you usually see in the notification area next to the clock have not loaded. Only the most basic system services are running. Much (but unfortunately no all) malware is also blocked from starting in safe mode, so it cannot interfere with detection and removal. There is no audio, you cannot burn CD's, you cannot install or uninstall programs that use the Windows Installer. Many programs will not function correctly in safe mode. All of the programs we will be using below will install and run correctly in safe mode of safe mode with networking. In fact, they will run better in safe mode, as there will be no startup programs (and only minimal Windows services) to interfere with them.

Now we will proceed to scan your computer.

A. Ad-Aware. Follow the directions in Download and install Ad-Aware, and scan for spyware and adware.

B. Spybot. Follow the directions in Download and Install Spybot and Scan for spyware and adware.

C. CWShredder. If either Ad-Aware or Spybot detected variants of CoolWebSearch, then Follow the directions in Download CWShredder and scan for CoolWebSearch variants.

D. Stinger. Before performing a full virus scan, perform a preliminary scan with Stinger. Follow the directions in Download Stinger and scan to remove problem viruses.

Warning about multiple viruses! You have just performed a preliminary virus scan with Stinger, and we will now be proceeding to a more complete scan using an online virus scan. Keep count of the total number of viruses found, and write down their names! Note that this mean the total number of different viruses found, not the number of files infected. Read (and heed) this multiple virus warning.

3. Reboot to normal mode. To perform the online virus scan you must be in normal mode. Go to Start and shut down your computer. Use the option to restart.

4. Virus scan. The next step is to perform an online virus scan. Go to http://www.trendmicro.com/hc_intro/default.asp, click on Scan Now, It's Free and scan your computer for viruses following the directions on the site. Don't forget to keep track of how many viruses you find, and which ones. Once again, heed the multiple virus warning.

This concludes you procedure, and your computer should now be free of malware. You hold down further problems, be sure to follow the advice in Checklist for protecting your computer. You have a head start, as you have already downloaded and installed Ad-aware and Spybot. Now go get Defender, an antivirus and--unless you are using Windows XP with SP2--a firewall program.