"There's this security software that keeps popping up and I can't use my computer."
Say goodbye to several hours of your life should you decide to help.
But I've got this great malware removal guide from Maximum PC, and I've been doing tech support since the mid-1990s - no problem right?
Oh, the pain. I'm going to try mitigate others' potential suffering by sharing what helped me.
The Maximum PC Guide for removing malware contains some great comprehensive steps. Here are a few things that can be done to supplement the guide.
Booting the operating system that has the problem can slow you down at first.
1. Erase a spare USB Key and use UNetbootin to create a bootable Kaspersky Rescue Disk. Use this tool to remove some of the less resilient threats.
2. Boot in safe mode and run the following from a CMD prompt to delete Temp & "Temporary Internet Files" directories for all user Profiles(assumes XP install w/profiles on C: drive ):
C:\> for /f "usebackq" %a in (`dir /b /a "c:\documents and settings"`) do rd /s /q "c:\documents and settings\%a\Local Settings\Temp"
C:\> for /f "usebackq" %a in (`dir /b /a "c:\documents and settings"`) do rd /s /q "c:\documents and settings\%a\Local Settings\Temporary Internet Files"
3. Defrag. Auslogics has a good free defragmenter, or you can use the built-in defragmenter.
4. Autoruns
from Mark Russinovich and Bryce Cogswell(Don't use this unless you feel very familiar with windows services) - Click the Options menu, Check the Boxes for "Hide Microsoft and Windows Entries" and "Verify Code Signatures" as shown in this screenshot:
Push the Escape key, then hit F5 to refresh in Autoruns. Now inspect the list and right-click the odd looking entries. You can choose to "Delete" the offender or "Jump To..." to open up a Window with the startup location referencing the item - usually in the registry.
5. Run CCleaner. Cut Deep - but remember to be nice - some users like their Internet History kept intact, and I like to keep my Start >> Run history while troubleshooting.
6. At this point you can go ahead and step through the Maximum PC guide. What follows is the snag I ran into in removing a piece of malware called AV Security Suite and how to get around that snag thanks to some specific posts from chaslang at MajorGeeks and other posts from BleepingComputer.
After running SuperAntiSpyware and Malwarebytes Anti-Malware, and subsequently running Panda's Activescan 2.0, it looked like the machine was clean. I then started ComboFix and received the following error, but ran ComboFix anyway:
Panda FAIL. AV Security Suite was supposed to be gone. Panda said the box was clean! Why, Panda, why? The ComboFix log displayed the following AV Security Suite GUID:
AE716D16-40FE-4cb9-8FD2-2975088F55B2
Googling that GUID resulted in a lifesaver post by chaslang, which stated there was a Browser Helper Object(BHO) that sill needed to be deleted. I skipped the first suggestion in chaslang's post to run MGTOOLS\analyse.exe, but followed his other instructions.
HijackThis found the offender.
I was able to click Fix and afterward run ComboFix according to chaslang’s instructions without ComboFix detecting the AV Security Suite. Chaslang, I owe you... something. Thank you!
When rebuilding or updating a home machine connected to the internet, I strongly suggest using the automated, toolbar-free installers created by http://ninite.com/ Makes it easy to install Microsoft Security Essentials, Flash, FireFox, Foxit Reader, Auslogics Disk Defrag, and several other apps.
Ninite will save you a lot of time.
Another troubleshooting suggestion is to boot Windows off a CD or USB key(WinBuilder and Boot Land can help you create a bootable version of windows, but these are deep waters that will take some time to navigate for first-timers) and thereby work on the infected system in a safer environment.
