Steps to a clean home/personal computer

Preface - All of the below programs are free (unless specifically noted). There is no reason you should
have to spend money on a seedy program that claims it may clean your computer. If during the cleaning
process the noted free programs as asking for money, most likely you are severely infected. Said bad-
ware program may actually further infect your machine & you will never get a refund. Just follow these
steps and you should be able to clean your computer and keep it clean in the future.

A quick test - http://www.confickerworkinggroup.org/infection_test/cfeyechart.html will usually show
you if you have an infection that will block security websites such as below. In that case you will have to
acquire your tools on another computer and run them on the infected computer in safe mode.

1) If you suspect you might be the victim of a virus or spyware and think your current
antivirus/antispyware product is not protecting you can run an online antivirus/antispyware scan. The
following list is a group of well known/reputable web-based or non-realtime (runs a scan at that time,
but does not remain in the background to detect after the scan) antivirus scanners. Keep in mind that
these are run-time only scanners; they do not provide background protection. They are only there to
assist in your cleanup of your computer, not to keep it clean. These do not depend on any brand/version
of your currently installed antivirus/antispyware and will not interfere with one another. It might seem
counter intuitive, but some of these webbased tools only run in IE.

Kaspersky Non-realtime scan & free offline bootable cd- http://www.kaspersky.com/virusscanner
ESET (NOD) Online Antivirus Scanner Free - http://www.eset.com/onlinescan/
eTrust (CA) - http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Mcafee freescan - http://us.mcafee.com/root/mfs/default.asp
BitDefender Free Online Virus Scan - http://www.bitdefender.com/scan8/ie.html
Trendmicro - http://housecall.trendmicro.com/
Symantec virus and security scan - http://security.symantec.com/sscv6/home.asp
Panda - http://www.pandasecurity.com/homeusers/solutions/activescan/
F-Secure Online Virus Scanner - http://www.f-secure.com/en_EMEA/security/security-lab/tools-and-
services/online-scanner/index.html
Microsoft - http://safety.live.com

With this step, as with any of the others, you may have to drop into safe-mode (reboot, hit F8 and
choose safe mode with networking) in order for the cleaner to work. Keep that in mind with all of the
other steps.

2) Get your current (or new) reputable antivirus up to date. When it comes to these programs there are
usually 2 parts that you really have to care about. One is the program version itself, such as Norton
antivirus 2005. A version of antivirus that is that old will not be able to protect you as it does not
understand how to protect against current types of threats. That is true even if number two, the
definitions (list of virus/malware signatures), are up to date. These are usually updated daily, sometimes
multiple times a day depending on the vendor. You can usually check this by opening the main window
of your antivirus program and seeing what it says the latest definitions are. If they are out of date by
more than a week you may have a problem on your hands. In short you need to make sure both the
program version and definitions are always updated in order to help protect you. Below is a list of free
reputable antivirus programs you can use if your retail ones are out of date and you do not want to pay
to update them

a) Avira Antivir Personal Free antivirus - download it at http://www.free-
av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html - at the end of
the install it will ask you to update the program & run a scan - go ahead & let it do so, it will
probably take awhile to scan your computer, at the end just let it delete everything it finds.
b) AVG Antivirus Free Edition - download it from here http://free.avg.com/us-en/free-antivirus-
download - (you only need to buy the premium edition if you want) at the end of the install it
will ask you to update the program & run a scan - go ahead & let it do so, it will probably take
awhile to scan your computer
c) Microsoft Security Essentials - Microsoft recently came out with a antivirus/antispyware suite
that is free to use. You can get the download here -
http://www.microsoft.com/Security_Essentials/ - just click the big blue "Download Now"
button, start download, and once downloaded the installer is pretty much
next/next/validate/install/finish. Run an update for the definitions, then run a full scan. If the
virus you have does not allow you to update the definitions, download them from here and
manually install them http://support.microsoft.com/kb/971606.

Most of the other vendors have 30 day full featured demos you can download and use as well.

3) Same as #2, but with antispyware products. Some antivirus products do come with antispyware
products built into them, but it benefits you to run these as well, since no one product catches 100% of
everything out there. Below are some suggestions of reputable antispyware tools

a) Malwarebytes Antimalware - click "download free version" here -
http://www.malwarebytes.org/mbam.php - Once downloaded install the program, run the
updater, then run a complete scan. It will probably take quite some time to scan your computer,
at the end just let it delete everything it finds.

b) Ad-Aware - click where it says "download free" - http://www.lavasoftusa.com/ - Once it is
downloaded, install it, it is basically a next/next/next install. At the end of the install it will ask
you to update the program & run a scan - go ahead & let it do so, it will probably take awhile to
scan your computer, at the end just let it delete everything it finds. If it is unable to clean
everything off it may ask to run on next reboot, tell it yes & then reboot, then rerun the scan. If
your machine is clean it should come up with negligible objects for what it finds.

c) Spybot search & destroy - this one has a few more steps, but it isnt that bad - click where it says
"download" on the left side of - http://spybot.info/en/index.html - Once it is downloaded,
install it, it is basically a next/next/next install. After the install finishes, open up the program &
update it. Go to update/download updates, then run a scan (search & destroy/check for
problems) - it will probably take awhile to scan your computer, at the end just let it delete
everything it finds.

d) Ccleaner (slim) - http://www.ccleaner.com/ - this one is not specifically an
antivirus/antispyware program, however it will clean out the temporary files & directories of
your computer where some virus/spyware will hide files. Make sure to go to options/advanced,
check hide warning messages and uncheck all other options listed here. Then go back to
Cleaner and check all options under windows (except wipe free space) and all options under
applications. To enhance this product with even more options add CCleaner enhancer -
http://singularlabs.com/software/ccenhancer/ which will add quite a few more categories.

e) Javacool SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html This will
enhance IE & Firefox by adding known bad sites into a blacklist, as well as to the windows hosts
file.

4) If all of the above, even run in safe mode does not clean you up, you will want to run an additional
battery of tools. I will break this into two options, online scanners (running from within the OS, either
regularly or safe mode) or offline (using a bootable CD or usbkey).

Online mode options
a) Combofix - http://www.bleepingcomputer.com/combofix/how-to-use-combofix This one is a
real heavy hitter. I cannot distill the instructions to a simpler form than what is on the website. It
is updated fairly regularly & if you use an out of date version it will usually tell you. So if you
keep this file in your toolbox, update it regularly.
b) Rkill Comes in multiple forms because malware will actually seek this program out & prevent
it from running, because it is a great anti-malware tool. Download it from
http://www.bleepingcomputer.com/download/anti-virus/rkill. If one source/file type does not
allow you to download or run it, try another.
c) Kaspersky Anti-Rootkit utility - http://support.kaspersky.com/faq/?qid=208283363 Check all
additional options.

Offline mode options You can make a bootable cd or if you prefer USBkey with the YUMI tool
(http://www.pendrivelinux.com/yumi-multiboot-usb-creator/).
a) Kaspersky Live cd - http://www.howtogeek.com/howto/36403/how-to-use-the-kaspersky-
rescue-disk-to-clean-your-infected-pc/ - This will boot a Linux OS, download the latest virus
definition updates (if the computer has a common NIC) and allow you to run a scan.
b) Avira Rescue CD - http://www.howtogeek.com/howto/38889/how-to-use-the-avira-rescue-cd-
to-clean-your-infected-pc/ This will boot a Linux OS, download the latest virus definition updates
(if the computer has a common NIC) and allow you to run a scan.
c) Microsoft Windows defender bootable CD - http://www.howtogeek.com/100289/how-to-
create-a-bootable-offline-version-of-windows-defender/ This will boot a PE environment,
download the latest virus definition updates (if the computer has a common NIC) and allow you
to run a scan.
d) There are other companies that put out LiveCDs as well such as
a. AVG - http://www.avg.com/us-en/download-file-cd-arl-iso
b. BitDefender - http://download.bitdefender.com/rescue_cd/bitdefender-rescue-cd.iso
c. F-secure - http://www.f-secure.com/v-descs/tools/rescue-cd-3.14-44905.iso
d. Panda - http://www.pandasecurity.com/resources/tools/SafeCD.iso
e. Just keep with reputable companies, downloading such security related files from
torrent websites or any other website other than the vendors own (or recommended
by the vendor) will usually yield malware infested tools.





5) Other issues/symptoms you may see

a) Hosts or DNS hijacking. Some malware will attempt to prevent you from even downloading
cleanup tools, or windows updates by constantly redirecting you to other sites. Check the
c:\windows\system32\drivers\etc\hosts file. Usually this should have 127.0.0.1 localhost and
that is about it (if you used tools like spybot or spywareblaster you will see other 127.0.0.1
badwebsite.tld entries, usually denoted that they were inserted by said programs. If you see
other entries they were most likely put there by spyware. You may also need to temporarily
disable the windows DNS Client temporarily while working on these problems. Once done run
ipconfig /flushdns and nbtstat R to clear the computers dns/netbios cache. Just remember
to re-enable the DNS Client service once complete.
b) Running any executable shows a fake antivirus warning you will want to follow this guide -
http://www.bleepingcomputer.com/virus-removal/remove-win-7-security-2012 - The fixncr.reg
will get you back up & running, but you will want to follow the rest of the guide. This guide
incorporates a few tools we have already covered.
c) Hijack This - http://free.antivirus.com/us/#cleanup-and-prevention
d)


6) Once you are clean you should be able to run Windows update
http://windowsupdate.microsoft.com Spyware/viruses will sometimes prevent you from getting the
security updates windows requires, so even if you have your windows update set to automatic, re-run
windows update manually to double check. Once there update to the latest version if needed, then run
a custom scan. Run all the updates, reboot when finished, rerun it again to triple check after
rebooting. Then go into start/settings/control panel/ and verify automatic updates (or windows
updates, depending on your version of windows) is set to download and install automatically. If you still
receive some sort of error that prevents windows updates from running properly then you most likely
are still infected by something.

7) Download, install, and run the thorough Secunia Personal Software Inspector (PSI). Think of this as
windows update for all the rest of your programs, as virus/spyware not only attack windows itself, but
out of date programs as well. You may get it here -
http://secunia.com/vulnerability_scanning/personal/. Click download now, let it connect and start
scanning, click advanced in the upper right hand corner to change the interface from simple to
advanced, then click back to the scan tab. Once it finishes it will switch to the insecure tab to show you
what software you have that is insecure. If you expand the program(s) it mentions (+), it will then
provide you with a download solution, click that to update to the latest version. The only drawback to
this program is that it does not automatically download and install the latest versions, however if left
running in the task tray it will notify you periodically of out of date programs.

8) Practice safe computing - http://www.sophos.com/security/best-practice/, consider change web
browsers from Internet Explorer to Firefox, Opera, or Chrome. Consider changing email applications
from outlook/outlook express to Thunderbird or Google mail. As with any program though, you need to
keep them up-to-date in order for them to be secure. One great enhancement personal/home browsing
security is OpenDNS. This is a free service for home use that will pre-filter out bad websites before your
computer can even get to them. The website is http://www.opendns.com/, go there and it will walk you
through configuring your home network for use with this free bad-website blocking service
(adware/phishing/etc), as well as being able to block other types of sites. This is especially handy for
parents who have trouble keeping kids off those kind of websites. Another great website to help you
keep your kids safe is http://www.packet-level.com/kids/. This is Laura Chappels site covering Internet
Safety for Kids training, for parents & kids. Real interesting things covered on predators and their
methods, along with other very useful information.



9) Additional tools and advice to help clean up your computer and keep it clean
- McAfee AVERT Stinger http://vil.nai.com/vil/stinger/
- Avast Free antivirus - http://www.avast.com/eng/programs.html
- NOD32 antivirus - http://www.eset.com/index.php
- F-prot antivirus - http://www.f-prot.com/
- Microsoft Malicious Software Removal Tool (or MSRT) -
http://www.microsoft.com/security/malwareremove/default.mspx
- Sophos - http://www.sophos.com/en-us/products/free-tools/virus-removal-tool.aspx
- http://www.gmer.net/
- Paypal/ebay security key - https://www.paypal.com/cgi-
bin/webscr?cmd=xpt/Marketing_CommandDriven/securitycenter/PayPalSecurityKey-outside - If you do
any amount of ebay/paypal, then this $30 security key will help keep your accounts secure.
- Like above, change other websites/services to two-factor authentication. Google (gmail), dropbox &
others support this.
Google.com - http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html

- Additional guides - http://www.freenode-windows.org/resources/antimalware includes videos
- Consider disabling autorun completely some spyware/virus spread automatically from an infected
USB key (thumbdrive/jumpdrive) if autorun is enabled.
- If you do not have one already, you should consider buying a firewall/router. Even if you only have one
computer at home, putting it behind the firewall/router will give you another layer of protection. Having
your computer naked (directly connected) on the internet is very inviting to
spyware/malware/hackers.
- If you find yourself unable to install/update/run antivirus/antispyware programs then most likely you
are infected, you may need to run the tools from step 1) in safemode with networking to really clean
off the offending culprit.
- Note that most of the free versions of these programs are discouraged for corporate use. They might
be free for home/personal use, but they usually have a for charge version for corporate use (that
usually has centralized management, etc).
- If your computer has been compromised then I would highly recommend you change all eBay/online
banking/etc account passwords, as well as making sure all the accounts on your local computer have
passwords (for example HP shipped some Pavilion home computers with an HP_administrator account
that had no password) that are sufficiently complex and not easily guessable. A tool that might be useful
is www.lastpass.com which is free, will generate random passwords for you, etc.
- There might be times where you just cannot clean the machine. At that point you will need to reinstall
fresh. Verify you have a backup (you should always keep a backup of your personal data no matter
what) and reinstall according to the computers user manual. In a corporate world, usually if the
machine is infested past the point of spending a few minutes to clean it up reimage it.

In conclusion - The above should help, it might take awhile, but it should clear up your problems. If you
are still having problems after that, let your system administrator know and they might be able to give
additional advice on that particular issue.



This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.