Computer virus and spyware scan with no networking

Use this procedure to clean your computer of malware if you are currently unable to browse the Internet and download files even in safe mode with networking, and may even be unable to boot to the normal mode Desktop. If the reason you are having networking or startup difficulties is related to malware, this procedure should cure the problem. Otherwise you may require the assistance of a qualified technician to restore normal functioning.

Outline. You will be using several free malware removal tools, which will be downloaded from the Internet. As you cannot browse the Internet on your computer, you will have to download them along with their necessary definition files and updates using another computer, and store them on removable media such as a burnable CD, Zip disk or memory stick to transfer them to your infected computer. Which media you use will be determined by the supporting hardware you have on your computer, and on the computer you will be using to download.

After you have obtained the software necessary to clean your computer and stored it on CD or other removable media, you will return to your computer and boot to safe mode. There you will reset Internet Options to normal values and do a disk cleanup. Next you will install the software removal tools you previously obtained, and update them and install their definition files. Then you will thoroughly scan your computer for spyware and adware, and do a partial scan for viruses. After that, if you are able to boot the Desktop, you will do so and perform an online virus scan using one of several online virus scanning tools.

(Note that the importance of getting the latest definition files and other updates cannot be overstated. Without these updates, scanning tools cannot detect and remove the latest malware!)

If there is a second computer in the vicinity of your computer, you can use it to follow these steps. Otherwise you will need to use a computer at another location. The links in the following steps open the sites in new pages, so you can close the pages after performing the downloads without losing the connection to this page. This page will remain open in the background, so you can refer back to it if necessary. However, as a safety precaution you may wish to place the page your are now on in your "Favorites" folder. You can remove it again after you are finished.

1. Safe Mode. Boot your computer to safe mode. If you are do not know how to boot your computer to safe mode, see How to reboot to safe mode. If you computer fails to boot to safe mode, you will require technical assistance from either your computer manufacturer or Microsoft.

If you are not familiar with safe mode, you may find that your Desktop looks strange. Your graphics card is in its basic VGA mode, so your Desktop items look large and grainy. The startup items you usually see in the notification area next to the clock have not loaded. Only the most basic system services are running. Much (but unfortunately no all) malware is also blocked from starting in safe mode, so it cannot interfere with detection and removal. There is no audio, you cannot burn CD's, you cannot install or uninstall most programs, and there is no network access. Many programs will not function correctly in safe mode.

2. Internet Options. In safe mode, perform the Reset Internet Options procedure. This should be done even if you normally use a browser other than Internet Explorer, as these settings influence your networking beyond just browsing with Internet Explorer. You should also do a disk cleanup at this point. This will speed up the scans we will shortly be performing. These steps may even cure some some networking problems, and possible even get you to where you can boot to normal mode. After performing these steps, see if you have now gotten to a point where you can boot to normal mode, or if not, at least boot to safe mode with networking, and then browse the Internet. If so, you can continue using Procedure A or Procedure B, whichever is now applicable. If not, continue with this procedure.

If you have a CD-ROM drive on this computer, insert a CD and open it to ascertain is it is still functioning. If you have a Zip drive, see if it is working. If you have a memory stick other external media, make sure it is working. In the following steps, you will be downloading software and updates you need to get this computer functioning, and you do not want to go to this trouble just to find that you can not read the medium you used.

3. Download the necessary software. Using another computer, download the programs, upgrades and definition files covered in steps A through E, and save them to a type of media you determined in the previous step will work on your infected computer. If you will be burning these downloads to CD, make a temporary folder on the Desktop and download to this folder. When you are finished downloading, burn these downloads to your blank CD. If you are using a Zip disk, memory stick or other removable media, you should be able to download directly to it. Note that although many installers do not run in safe mode, the installers for the programs you will be downloading below will all run in safe mode.

A. Download the Ad-aware Installer and Updates. See how to download Ad-Aware to removable media for instructions and additional information.

B. Download the Spybot Installer and Updates. See how to download Spybot to removable media for instructions and additional information.

C. Download CWShredder. See how to download CWShredder to removable media for instructions and additional information.

D. Stinger. This is a tool that scans for and removes approximately 50-60 viruses that pose difficulties for conventional antivirus programs. See how to download Stinger to removable media for instructions and additional information.

E. Msconfig. If your infected system is running Windows 2000, go to the download page for Windows 2000 users to download the Windows XP msconfig utility.

These are the programs and updates you will be needing to cleanse your infected computer. Burn the above files to a blank CD now, if you are using a CD to transport the files. Otherwise remove the removable drive you are using and return to your malfunctioning computer.

4. Reboot the infected computer to safe mode. You are now ready to scan with the above tools. Log in to an account with administrator rights. Now you will cleanse your computer with software you previously downloaded, getting them of the CD or removable drive you saved them to. As you are having severe problems, the possibility of a virus should be treated first. You cannot do an online scan for virus in safe mode, but Stinger may catch a few, so start with Stinger first, then continue with the other programs. Read (and heed) this multiple virus warning.

A. Scan with Stinger. Start the scanning portion of the procedure with Scan with Stinger to remove problematic viruses.

B. Ad-aware. Next, Scan with Ad-Aware for spyware and adware.

C. Spybot. Scan with Spybot for spyware and adware.

D. CWShredder. If Spybot or Ad-Aware found any traces of a CoolWebSearch variant, Scan with CWShredder for CoolWebSearch variants.

This concludes the safe mode portion of this procedure. You have removed most or all adware and spyware on you computer, but so far you have made only a partial virus scan. An online virus scan will require that you download and run an ActiveX object, and to do this you must be in normal mode, or at leas a clean boot. There is a good chance that you can now boot to normal mode and browse, so try it now.

5. Reboot to normal mode. Go to Start and shut down your computer. Use the option to restart. If you are unable to boot to normal mode, reboot to safe mode, and follow the instructions in How to set up a clean boot configuration using msconfig and see if you can boot to a clean boot. In normal mode, check to make sure that you can browse the Internet. If not, How to repair the networking stack may restore your ability to browse. If you cannot boot to normal mode (at least in a clean boot), or you cannot browse the Internet, you will require the assistance of a qualified technician, or the phone support center of your computer manufacturer or Microsoft.

6. Virus scan. The next step is to perform an online virus scan. Go to http://www.trendmicro.com/hc_intro/default.asp, click on Scan Now, It's Free and scan your computer for viruses following the directions on the site. Don't forget to keep track of how many viruses you find, and which ones. Once again, heed the multiple virus warning.

This concludes the procedure, and your computer should now be free of malware. To keep from having further problems, be sure to follow the Checklist for protecting your computer. You have a head start, as you have already downloaded and installed Ad-aware and Spybot. Now go get Defender, an antivirus program and (unless you prefer the Windows XP SP2 firewall) a firewall program. And be sure to keep all of them, along with your Windows operating system, updated.