Advanced Virus and Spyware Removal (cont.)
The first thing you should do is open up Services.msc (Start > Run > Services.msc). Look around in here and I'd suggest you look at http://www.blackviper.com to see if any services aren't part of Windows.
Now it's up to you to figure out whether it's part of a legitimate program, or if it's a virus embedded as a Windows service. This can be tricky, so how fast it goes also takes experience. I once found one called "Network Security Service." The name was quite the misnomer, as it was a virus add-on preventing me from deleting a startup executable of the virus. Things like that are what you're looking for. If you find one, first right-click on it and click "properties" on the context menu. Then, disable it. Finally, stop it. This should be done regardless of whether or not you find a virus in msconfig and/or Task Manager. If you can't get all of the suspected processes turned off and deleted, it's time for a new option.
Use a router for improved security - How much?
Memorize, write down, or put in a text file the locations of the files needing deletion. Restart the computer and get into Safe Mode by pressing F8 before the machine starts to boot into Windows. Once in Safe Mode, you should be able to delete the offending files. After you're sure you've deleted everything and removed all of the services and msconfig entries, restart again and go back into normal mode. If you still have the symptoms, the process, the service, the startup entry, or any combination of those, then things get more complicated.
The next step is to get a Windows XP or 2000 CD. You'll need to restart the computer and boot to the CD. Eventually, you'll get to the screen shown in the picture. Choose the option with the red square around it. The Recovery Console will ask you to log in to an installation. In most cases, the correct choice will be C:\WINNT or C:\Windows and then you will then be asked for the Administrator password and if you are running XP Home edition, it should be blank. If you're running XP Pro, 2000 Pro, 2000 Server, or 2003 Server, you better know what it is.
After you're in, you should type "listsvc" without quotes and press enter. This will begin to list the services installed, just like services.msc. Unlike services.msc, this won't allow any of them to be hidden, so even the virus' service(s) will be shown. The complicated part is figuring out what is what. The best way to do it is to compare the list to an unaffected computer's services list and figure out what is likely a virus. After you've figured out which one it is, you'll need to type "disable [service name]" to disable the service. If you've followed these steps and haven't screwed up, the machine should be rid of any pesky viruses.