Have you ever gotten those really annoying trojans that carry loads of spyware that makes you feel small and gives you the feeling that you never will get your computer clean again. Well this guide is made to help you identify and delete your enemy. This guide is based on my own routines. I will add stuff to this guide when i come up with more stuff that you could check.
First you need a good play list, somewhere in the play list include the song "Daft Punk - Harder, Better, Faster, Stronger", makes it easier somehow.
Now you will need TOOLS.
1: Process Explorer Dowload
2: Hijackthis Download
3: spybot Download
4: ad-aware Download
5: AVG Anti virus Download
ok now you got the tools, now you need to know that you must have knowledge of your own computer to make it easier for you to use this guide, as in you must know some of the programs that you have installed and such.
Well anyway lets begin the analyzing shall we?
0: Would be good to start your computer in Safe-mode, although you can try without it since it works for me most of the times.
0.5: Close all programs that you will not be using.
1: Install spybot, ad-aware and AVG, update them and start scanning with them. Take notes on what they find, if it's stuff like cookies you can ignore it for now. But adware, spyware and viruses should be noted (locations and such). Delete all the malicious files that you find.
2: Now start Process explorer and check for suspicious stuff, especially stuff that are directly linked to the stuff that your scans found to be malicious, kill the processes if you can. If you find processes that you are unsure what to do with you can Google it (google is your friend) and click on the first one you see, usually "http://fileinfo.prevx.com" or "http://www.liutilities.com", for example if you search for "upd34.exe" you will find stuff in "fileinfo" that tells you that it is malicious and should be disposed off, which is entirely correct. Now note all the processes that you killed (google them before you kill them) even the ones that you could not kill. Also make sure to check the file paths (the folder where the process file is located in).
A normal list could look something like this (usual system processes plus some of my programs, note that just because you don't have the same programs as i have doesn't mean you should delete it)
3: Now press "Start" then "Run" and then write "regedit" go to the addresses "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" and "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" to check for the processes that you just took note of (make sure you check all the suspicious files on google to determine if they are safe or not) if you find any malicious entries then delete them.
could look something like this (my list)
4: Goto the control panel and then "Administration tools" and then Services, check the list for stuff related to the notes that you have taken (9/10 times i don't find anything here), make sure to read the description for all the services as well as the manufacturer so that you don't turn of anything important.
Normal list could look like this (my list, only the "started" services on pic)
5: Now run Hijackthis that you downloaded. Click "Do system scan only", now check the list very carefully after the things that you took notes of (also take more notes of new suspicious objects and check them on google), you need to check everything a few times to that you didn't miss anything, now all the malicious stuff that you found, place a mark to the left of them and press "Fix checked"
Could look something like this (my list)
6: Now you run spybot, ad-aware and AVG once again and delete whats left. Then restart your computer and do a scan again to see if it worked.
If it didn't work then please notify me so that i can improve my guide.
