Advanced Virus and Spyware Removal
Now we come to the trickiest part: Fixing security threats after it's too late to prevent them. This can be ridiculously easy, or painstakingly hard. After you've read this, it shouldn't be too hard ever again.
The first thing to worry about is the symptoms. What's wrong with the computer? Is it slow? Has it been getting lots of popups? Is it doing strange things? Are programs not running properly? Depending on what's wrong, the problem can be completely unrelated to viruses, spyware, and attackers.
If a system without antivirus protection or spyware protection is in use, then first install and run an anti-virus program and a spyware removal program. A simple Ad-Aware or AVG scan, I've found, will take care of most or all problems on systems that have neither. If the system has decent AV and Spyware protection, proceed. Also note that much of this assumes a Windows 2000/XP-based machine is in use.
- Embedded Viruses and Spyware Programs
The first thing you should do when you suspect something is wrong is to open up Task Manager by pressing Ctrl + Alt + Del. The first thing I look at is the number of processes - fewer than twenty is a well-run system. Over twenty can mean there are just lots of programs running, or it can mean there are lots of bad, useless, unnecessary, or harmful programs running. Over 30 usually means the computer is bogged down with viruses, spyware, unnecessary programs, or any combination of the three.
Use a router for improved security - How much?
When I see over 20, the first thing I do is open up the Microsoft System Configuration Utility (Start > Run > msconfig). Windows 2000 systems don't have it installed by default, but you can either copy it over from XP or Windows 9x, or you can download HijackThis, which will double over as msconfig. You're likely to use HijackThis anyway, so you might as well get it.
Once in msconfig, go over to the Startup tab. The number of entries checked is indicative of how bogged-down the system is. What the entries are is indicative of whether or not the system is infected. At this point, you'll need to figure out what everything is. The best method is to use IANAG's "File Help" section which allows you to search for file names and work out if they are good or bad. You need to do the same with the processes in Task Manager. Sometimes this can be easy, an entry like atievxx.exe isn't too hard to figure out if you're using an ATI video card (BTW, it's unnecessary so you can and should remove it). VPtray in D:\Program Files\Symantec_client_security\symantec antivirus\ is obviously used by Symantec.
How fast this part goes takes experience. I can look and almost immediately tell if something is a start-up virus/spyware program. You might need to do some digging around. I'd suggest you look at stuff coming form the Windows folder or stuff coming from no where. For example, there is an unticked process on the msconfig screenshot of my friend's once-bogged-down Gateway. It turned out to be a non-essential process for keyboard functionality, but I've found many viruses that, like it, didn't have a full directory listed. Anyway, any useless entries should be unticked. Any suspected threats should be unticked, then found and deleted from the hard drive. Processes found in Task Manager should also be ended, then deleted from the hard drive. If something in msconfig won't delete, then you try ending its process in task manager and then deleting it. If it's not there or won't end, you have a new problem.