TweakTown
Tech content trusted by users in North America and around the world
5,669 Reviews & Articles | 36,040 News Posts

PC Security Guide - Protection from Viruses, Attacks and Spyware - Advanced Virus and Spyware Removal (cont.)

Patrick Tilsen better known as "Yawgm0th" from our forums has just completed his first guide, which looks deep into PC security in terms of protection and removal. He covers the basics from preventing viruses, cracker attacks, and spyware from becoming part of your life through to the basic and complex methods of removing the threats. This is a must-read guide for beginner to intermediate users and even beyond.

| Guides | Posted: Sep 15, 2005 4:00 am

Advanced Virus and Spyware Removal (cont.)

 

The first thing you should do is open up Services.msc (Start > Run > Services.msc). Look around in here and I'd suggest you look at http://www.blackviper.com to see if any services aren't part of Windows.

 

 

Now it's up to you to figure out whether it's part of a legitimate program, or if it's a virus embedded as a Windows service. This can be tricky, so how fast it goes also takes experience. I once found one called "Network Security Service." The name was quite the misnomer, as it was a virus add-on preventing me from deleting a startup executable of the virus. Things like that are what you're looking for. If you find one, first right-click on it and click "properties" on the context menu. Then, disable it. Finally, stop it. This should be done regardless of whether or not you find a virus in msconfig and/or Task Manager. If you can't get all of the suspected processes turned off and deleted, it's time for a new option.

 

Use a router for improved security - How much?

 

NetGear DG834G Wireless Router

 

Memorize, write down, or put in a text file the locations of the files needing deletion. Restart the computer and get into Safe Mode by pressing F8 before the machine starts to boot into Windows. Once in Safe Mode, you should be able to delete the offending files. After you're sure you've deleted everything and removed all of the services and msconfig entries, restart again and go back into normal mode. If you still have the symptoms, the process, the service, the startup entry, or any combination of those, then things get more complicated.

 

The next step is to get a Windows XP or 2000 CD. You'll need to restart the computer and boot to the CD. Eventually, you'll get to the screen shown in the picture. Choose the option with the red square around it. The Recovery Console will ask you to log in to an installation. In most cases, the correct choice will be C:\WINNT or C:\Windows and then you will then be asked for the Administrator password and if you are running XP Home edition, it should be blank. If you're running XP Pro, 2000 Pro, 2000 Server, or 2003 Server, you better know what it is.

 

 

After you're in, you should type "listsvc" without quotes and press enter. This will begin to list the services installed, just like services.msc. Unlike services.msc, this won't allow any of them to be hidden, so even the virus' service(s) will be shown. The complicated part is figuring out what is what. The best way to do it is to compare the list to an unaffected computer's services list and figure out what is likely a virus. After you've figured out which one it is, you'll need to type "disable [service name]" to disable the service. If you've followed these steps and haven't screwed up, the machine should be rid of any pesky viruses.

 

Further Reading: Read and find more Guides content at our Guides reviews, guides and articles index page.

Do you get our RSS feed? Get It!

Post a Comment about this content

Latest Tech News Posts

View More News Posts

Latest Downloads

View More Latest Downloads

TweakTown Web Poll

Question: Did EA kill the Battlefield franchise with the terrible BF4 issues?

Yes, Battlefield is doomed

No, Battlefield will live on strong

I'm not sure, but I know EA needs to improve its game

or View the Results

View More Polls

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases
Get TweakTown updates via Facebook!
Just click the "Like" button below