Cleaning an Infected Windows PC. Part 3
The next thing to do is to uninstall all the crap on your PC.
It is horrible what users do to their computers, they install all which is possible, behave like kids in a candy store when it comes to applications. “Wow, let me try this, and this, this, this, and let me try this!” It is not only that the applications they are installing are viruses, but the point is that they can just cause problems. I have told you about this. It does not have to be the virus that crashes a system, this could be poorly written software.
So, a lot of people have got this. They have downloaded Java games and get a whole bunch of crap on their computers. You need to uninstall all this crap: free games, Weather Bug, Weather Dog – I just do not know what the name is.
So, uninstall all that free garbage. If your client is going to use this in the future, he can reinstall this, but, as long as you are going to clean up the PC, get rid of this. Keep Office, Photoshop, keep all of that. But if you are suspicious, get rid of this. The client can reinstall that in the future.
The next thing, upon uninstalling all this crapware – not just crapware, not just toolbars – again, make sure you get rid of all of these toolbars, which are horrible species of malware. Basically, they do redirection for Internet Explorer, they can just cause a whole bunch of problems. But, on the other hand, I want you to uninstall all your security software.
Security software is much like condoms. One is good, but two, three, four, five actually make it worse. You kind of need to think about security software the way you think about contraception. So, one condom and one woman on the peel, that is the benefit, that works, that looks like you do not have to be papa of the kids. Having two or three condoms – that’s just going to be a mess, no one is going to be happy, nobody will want to sleep with you again.
What I want you to do is uninstall all the security software that your client has probably put on their computer. The first thing you need to realize is that every piece of security software can cause problems itself. Firewall software can be horrible, it can shut down ports, cause a lot of problems, misconfigure antivirus software – can cause a whole bunch of issues.
As I have told to everybody, Norton Internet Security Suite – ugh, it is just painful…horrible. I have made so much money out of removing the Internet Security Suite, it is just horrible. So, you need to uninstall all of that: McAfee, AVG, Microsoft Security Essentials, Spy Sweeper, tune-up software. They get, you know, two or three pieces of tune-up software, get rid of all of that. The reason is that all of this software is going to be trying to do changes to the configuration of your PC, and those may or may not be good. Just because the client has spent 80 bucks on a piece of tune-up software does not mean that piece of tune-up software is worth that, does not mean it does not cause problems.
Another thing to note there are multiple pieces of antispyware software on computers: you should not have multiple pieces of AV software on your computer. So, you should never have Norton and McAfee, McAfee and AVG, or Norton and Kaspersky, or Kaspersky and AVG.
Never have two pieces of antivirus software on your PC. The reason is very, very simple. There is something called heuristic testing. In antivirus world, AV software used to simply look for specific files, so it would look for file called virus.d. If it saw that, it would delete virus.d.
Now, heuristic detection looks for overall patterns that look like the virus. So, as files get deleted, renamed or changed automatically, that looks like a virus. That’s also what AV software does when it quarantines files, when it finds viruses. So, you can have it that McAffee will be scanning your computer and then Norton will be doing something, so McAffee will think Norton is a virus. Norton will think that McAffee is a virus, so they just bump and mess up all things.
Which security software to use is up to you and out of the scope of this class, but you should always use one: only use Norton, only use McAfee, only Kaspersky, or Panda, or Microsoft Security Essentials. Make sure that there is only one piece of antivirus software on your computer.
Many times you will find that antivirus software will not uninstall cleanly. I have seen that a lot with Norton, a little bit with McAfee, even less with Kaspersky. So, even if you uninstall the security software, you may still be having problems with specific configuration that has not been removed from the computer.
That is, for instance, you have uninstalled Norton from your computer, but you still have firewall settings stuck on the computer and you still cannot do things that you need. There are specific antivirus software removal tools. If you remove Norton and you’re still having problems on your computer, google “Norton removal tool”. For McAfee – “McAfee removal tool”, “relevant Kaspersky removal tool”, “Panda removal tool”, etc.
So, if you uninstall security software out of the computer, and there are still problems e.g. connecting to the Internet, getting updates from Windows, other problems that look like a virus, in many cases these are but the settings that stuck on the computer after AV software. So, all you have to do is if you are to uninstall your Norton or McAffee or whatever, download the removal tool for the software from the manufacturer and that will rip out all that extra service.
Again, I have seen that with Norton that when you try to run an Uninstall and that fails for some reason, or just has gone half way through only – well, Norton is crap anyway, so basically you can just use a removal tool that will basically rip it out.
When you try to remove a malware, a toolbar, etc. (there are a lot of types of toolbars you may have in the windows of Internet Explorer), you will not be able to uninstall these toolbars from the uninstall wizard within Windows. What you can do in many cases to resolve this (these issues are not technically viruses, they are legal) is there will be Uninstaller in the Program Files where the application is stored. So, if you have, like, FreezeBox Toolbar you may not be able to uninstall it from Uninstall in a regular way. But if you go to C folder, Program Files, you go to FreezeBox Toolbar folder, in many cases you will be able to uninstall it from there: you double click that to uninstall the application for you. Basically, they just try to hide from you the way to uninstall, so that is often hidden within the folder that you need to go to find an uninstaller and to use it.
Now, the final thing that you can do as you deal with malware, toolbar, etc. is you can find and rename the folder where the unwanted program is installed. It is important for software to have pointer within referring back to different files that the software uses. If you rename the folder where the application is installed, those pointers will now refer to folders that do not exist.
So, if you just rename FreezeBox Toolbar, you know, to FreezBox Toolbar Folder OLD, it will not be able to find it. That is, there will be only this newly named folder that the application will not be able to find.
The point is that you probably will not be able to do this as you are running out of Safe Mode. That is, the application is running, so you are going to have an error. What you may need to do is go to Safe Mode as we have mentioned before. So, in BIOS keep hitting F8 until you are in Safe Mode that boots the computer with the minimum number of drivers and services, etc., so now you need to go to Program Files and rename the folders for these little pieces of toolbars or security software, etc.
Therefore, second thing that you are going to do is that after you try System Restore, after you do OpenDNS, after resetting Internet Explorer settings, changing the password, then again you just uninstall all these pieces of crapware, all the toolbars, security software, uninstall Notron, McAfee, uninstall any piece of software that you cannot recognize, that might be bad. If your client or you may need it, you may reinstall that later.
Remember, as I have already explained, security software needs to be considered like condoms. One is good, more than one is just a bad thing.
Again, with the antivirus software there are big problems, especially with Norton. It will not come out normally, you cannot uninstall it normally. So you need a Norton removal tool. Just google and you will get it from Norton website.
Once you have uninstalled all of that crapware, antivirus software from your computer, the next thing you are going to do is you are to do very quick tune-up of the computer. Tune-up basically includes cleaning temporary files, disable startup items, and you are to defragment System Registry. You are going to do this with the piece of software called CCleaner. CCleaner is a free piece of software. It can be used with any software you want. But you want to clean up Temporary Files, disable startup items and defragemnt the Registry. The reason to do this is that the rest of the processes go easier.
The next step is to start installing antivirus software, antimalware software, so we are kind of preparing ourselves to doing this. Now, as we have installed security software, AV software, so it runs and scans, it is going to scan every single file on the computer. If you have a bunch of temp files that you do not care about, it still is going to scan those files.
For example, there occur clients with 10, 20 and even 50 Gb of temporary files. If you keep those temp files on the computer, when you run a virus scan, it is going to scan all those files, even though you do not care about them. So, you may as well delete them now.
That is, you need to get CCleaner from www.piriform.com/ccleaner, or whatever piece of software that you want to use. The first thing to do is to clean all temporary files so that when antivirus runs it does not need to scan files that you do not need to scan.
The next thing to do is so called defragment in the Registry. The Registry is the database on Windows computer. It contains most of the configuration for the computer system and most of the software configuration on your computer. The problem is that in the Windows world for unknown reason, even with Windows 7, the system does not clean up Registry very well. That is, as you uninstall software it keeps part of that software in the Registry. By defragmenting the Registry you clean up all the crap that is within it. This makes your computer run better in general and, since we have done all these virus scans, that will just make your life easier.
The final thing is to disable Startup items that you do not need to have running when your computer boots up. As stated before, we do not know whether that software is just dirty little software or whether it is doing something, but also brining in viruses, malware. So you consider evil everything you cannot recognize. The only things you do not disable are printer software and security software.
The things to disable are up to your decision, but you need to disable as many startup items as possible to make your PC run quicker in general. Again, if there is some little piece of malware that you have missed, you will be able to make sure it does not start when the rest of the computer starts.
So, the next things you should be doing are, again:
– cleanup temp files
– defragemnt the Registry
– disable the StartUp items
There is a piece of software called CCleaner for registry defragmentation, but there are many pieces of software out there, you can use whatever you like.
Posted in: KnowledgeBaseLeave a Comment (0) ↓