Here's a link to "The Security Tango".
http://securitytango.com/tango.php
It's very thorough for cleaning out problems on a windows machine. There are links on the page to the free versions of Ad-Aware and Spybot Search & Destroy which together can ususally get rid of "malware". Be sure to get the free versions. You should also run Stinger the first time to get rid of any viruses that may have disabled your virus protection.
It's a bit tedious the first time but then each week you can update the spyware definition files and run just the two program, Ad-Aware and Spybot.
I also use AVG free antivirus protection and find it very good.
Hope you can get it fixed.
In case you can't get to that page with your browser, I'll paste it below:
=========
Let's Dance!
A step-by-step guide to dancing The Security Tango!
Windows
Step One: Kill the Lurkers
Before we can clean out your system completely, we have to make sure that any of those oh-so-innocent-looking files sitting on your hard drive (that may not show up on anybody's radar) are not secretly lurking in the background, breathlessly waiting for the chance to pounce out of the shadows and reinfect you.
There are several variations on each of these steps, depending on which version of Windows you're running, which version of Internet Explorer you're running, etc. I'll hit the highlights, but your mileage may vary. Pay attention to the prompts and menu choices and you should be okay.
* Delete your Temporary Internet Files
o When a Web browser (e.g., Internet Explorer) goes to a Web site, it saves a copy of each page on your hard drive. This is designed to enhance your browsing experience - the next time you go to that page, your browser checks to see if anything's changed; if not, it uses the old copy on your hard drive. This makes browsing to a site much faster, and cuts down on Internet traffic considerably. This is a great idea, but it means that if you've gone to a Web site with malware, a copy of that malware may well reside in the cache (those temporary Internet files). So let's get rid of 'em.
o In Internet Explorer, click the Tools menu, then click on "Internet Options...," then click the "Delete Files" button in the "Temporary Internet Files" section. If you're using a newer version of Internet Explorer, you'll see a new box with an option to check to delete all stored offline content. You should do that. Click OK. The cursor will turn into the hour glass for a while, then come back. That's really all the indication you have that you've done it.
o In Firefox, click the Tools menu, then click on Options...," then click on Privacy. Click the Clear button next to Cookies.
* Empty the Recycle Bin
* Empty your Temp Files
o In the same way that Internet Explorer saves temporary files on your hard drive, so does Windows itself. Often these are "scratchpad" files used by programs, and sloppy programmers have neglected to delete them. You should do so. Look for folders called TEMP or TMP (upper or lower case) on the C: drive at the root level (the base level of the drive) and empty them. Do the same with folders also named TEMP or TMP inside the Windows folders. Sorry I can't be more specific than that; many manufacturers tweak Windows a bit before they send it out, and one of those tweaks is sometimes to change where the temporary files are kept.
* Reboot
o I don't know that this step is strictly necessary, but I bow to the wisdom of my friend Bill Bateman. At any rate, it can't hurt.
* Turn off System Restore
o System Restore is designed to return the system to a known good state, in case you mess things up a bit. The problem is that many viruses nowadays lurk in the System Restore files, and if you do a Restore, immediately reinfect you!
o Note that dancing this step results in the loss of all previous Restore Points.
o If you really want to, you can turn it back on again afterwards, but you'll just be turning it off again the next time you dance the Tango, so what's the point?
o Windows XP
+ You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed. If you do not know how to log in as Administrator, contact your system administrator (if you are on a network), the computer manufacturer, or installer.
+ Right-click My Computer, and then click Properties from the drop-down list
# (Depending on how your system was set up, you may have to click Start -> Programs -> Accessories -> Windows Explorer to get to My Computer)
+ Click the System Restore tab
+ Check the "Turn off System Restore" or "Turn off System Restore on all drives" check box
+ Click Apply. A warning message appears, reiterating what I said above. Click Yes.
+ Click OK
o Windows ME Why are you still running this???
+ Click Start -> Settings -> Control Panel
+ Double-click the System icon
# If the System icon is not visible, click "View all Control Panel options" to display it
+ On the Performance tab, click the File System button
+ Click the Troubleshooting tab, and then check Disable System Restore
+ Click OK, and click Yes when you are prompted to restart Windows
o NOTE: Not every OS has System Restore; don't get excited if you can't find it - if you're not running XP or ME, you don't have it, so you don't need to disable it!
* Reboot
* Restart in Safe Mode
o No matter what your operating system, repeated tapping on the F8 key as the system reboots will bring up a menu. Somewhere on that menu (it varies by OS), you'll find an option that mentions Safe Mode - pick it
o Actually, this step assumes you've already downloaded the programs we discuss below, since, on most systems, Safe Mode turns off networking. So make certain you have downloaded all the programs below before you do this step
Well! That was quite a first step, wasn't it? (Watch out for that first step - it's a doozy!) And that was just the prep work! Don't worry - the rest of the steps, while time consuming, are not nearly so complex.
Step Two: Download All Necessary Files
Shortly, we'll be rebooting into Safe Mode, which will cut off your Internet access. So first, we'll download all of the software we need to install. You'll find out more about the individual files below, but for now, let's just download them. Of course, if you are still on dial-up, you may prefer to get the Security Tango CD, courtesy of Dave Enright.
* Download the free versions of Ad-aware (
http://www.lavasoftusa.com/) and Spybot Search & Destroy(
http://www.safer-networking.org/). Once you've seen how great they are, you'll want to buy the full versions, but for a first cleanup, you can use the free versions.
* You'll want an antivirus program. If you already have one, great. Update it and scan your entire system right now. If you don't have one, download one of the ones on that menu there on the left (you'll almost definitely have to scroll up to see it). Many you have to pay for; AVG is free for personal use.
* Next, you'll need a firewall. If you have Windows XP with Service Pack 2, you have one. If you'd rather, you can get a great firewall from the list on that infamous menu on the left. Most of The Security Tango is designed to weed out infections that are already on your computer. What's better is to block as many of them as possible before they even reach your computer! Firewalls help do that. They stop traffic from coming into your computer via most of the known malicious backdoors and rarely-open paths. If you have a small network at home, with a home router, it's possible that router includes a firewall, which will protect all of the computers in your network. If, however, you have only one computer, you should run a firewall on it. ZoneAlarm does have a free version, but, again, once you see how great it works, you'll want to get the full version.
* And, just in case you've got the CoolWebSearch browser hijacker, you should download CWShredder(
http://www.trendmicro.com/cwshredder/). Also free, also very cool.
* Last but not least, you should download Stinger(
http://vil.nai.com/vil/stinger/). There are several versions on that page; you only need the first, general one.
Step Three: Reboot into Safe Mode
Now we want to reboot into Safe Mode, where very little stuff is running in the background, and you're off the Internet. Click Start, click "Turn Off Computer" and click Restart. As the system reboots, keep tapping the F8 key until you see a text menu. Select Safe Mode. When the system boots up, it may look VERY different from what you're used to. Don't panic! What's happened is this: Safe Mode loads an extremely minimal set of drivers. One of the drivers it does NOT load is your video driver - it sets the video card into the loweest common video mode: 640x480 and only 16 colors. Don't worry - when you reboot, it'll all be back to the way it was. Now, it's time to start running stuff!
Step Four: Clean Your Machine
* First we run CWShredder.
This only handles the CoolWebSearch virus, but that one is an incredibly persistent and tenacious little bugger.
* Now we run Stinger.
This program, from McAfee is updated only very irregularly, but when it is, it means that a brand new virus has been found that circumvents all the antivirus programs. You should run it every time, even though it's not really necessary every time. It takes very little time to run, and you'll be safer.
* Now we move to your antivirus program. You must run a thorough scan on your system. Every antivirus program installs and runs a tad differently, so read the instructions that come with yours. The important thing to understand is that every antivirus program has two parts. There's the program itself (the "engine"), which searches your hard drive for infections, and there's the virus definitions, which the program uses to identify those viruses. Once we're done here, and reboot to regular Windows mode, you'll want to update your antivirus program again and run it again.
The engine rarely needs updating. But the definitions need to be updated regularly. Running with old definitions is like not running an antivirus program at all! Every antivirus program has a mechanism for updating the definitions. You should familiarize yourself with yours, and make certain that the definitions are updated regularly. Daily is not too often to update. Most days of the week, you won't get anything new, but those times you do will come in really handy!
* Ad-aware is next. It's a spyware remover program. It checks your entire hard drive for files and folders that are evidence of (or infected by) spyware programs. It also checks the most common entries in your Registry. You've already downloaded it, so all you have to do is double-click it to install. Once it's installed, you should see an Ad-aware icon on your desktop. Double-click it to open the program.
Just as antivirus programs have two parts (engine and definitions), so does Ad-aware. Once you've rebooted at the end of this process, you must update its definitions and run it again.
* Spybot Search & Destroy is another anti-spyware program. It complements Ad-aware, in that it doesn't check the hard drive much at all, but does a very deep and thorough scan of your Registry. Running both regularly helps insure that your system is spyware free. Until you load that next little utility you "can't live without." Find that icon you downloaded, and double-click it to run the program.
As always, after you reboot, you'll want to update and run again. You're familiar with this by now: Spybot S&D also has an engine and definitions. Make sure you update the definitions each time before you run it.
* Now it's time to install that firewall. Install the one you downloaded in Step Two, or just use the one that came with Windows XP Service Pack 2 (if you have that).
Step Five: Reboot and Do it Again
Once all of those have been installed and run, and you have gotten your machine as clean as possible, it's time to reboot and do it all over again! The reason for this is that, now that the system is pretty clean and protected, it's time to update all the programs (to make sure you're as protected as possible). Once you've updated them, of course, you'll want to run them again to make sure that you've cleaned out absolutely everything you can.
Reboot, and run the Tango in order:
* CWShredder
* Stinger
* Ad-Aware (update it first)
* Spybot (update it first)
* your antivirus program (update it f... oh, you know)
Step Six: Windows Update
If you're running a newer operating system, Windows Update may well be running in the background, and every once in a while will annoy you by notifying you that updates are ready to be installed. This is a Good Thing?! You should be able to set up automatic updating via your Control Panel - it'll be called either Windows Updates or Automatic Updates.
If you don't have that (e.g. you're running a very old version of Windows), you can still update from Internet Explorer. Click the Tools menu, then select "Windows Update." Always install all Critical patches; others my not suit you - read them carefully.
Yes, it's true that Microsoft has put out one or two updates that killed Windows entirely. You have to weigh the risk of being vulnerable to a known exploit vs. the very slim possibility of having to reinstall your system. You do have backups, don't you?
Going forward, you'll want to do this regularly. For a step-by-step set of instructions on how to keep the Tango running smoothly, email Lori Lynch, who's done a great job of putting together those instructions. PLEASE NOTE: Lori does not answer computer questions. Sending them to her is completely wrong. If you have a question, it should be sent to us through this form instead. Really. Don't email questions to Lori.
Remember: Ad-Aware's, Spybot's, and your antivirus program's definitions must be updated every time you run them!
Additionally, you should regularly check the various pages of our dance partners to assure yourself that you're running the latest "engine" as well as the latest definitions!
Some of this stuff can be potentially damaging to your system - if you're not sure what you're doing, please bring your system to a qualified professional to clean it! Special thanks must be given to my friend Bill Bateman, who suggested the entire first step, as well as improvements to many of the other steps. Not only is he a qualified computer professional, a great teacher, funny, interesting, handsome, and a heck of a musician, he's pretty smart, too!
Bill: Still waiting for my check...
There are a whole lot of other people who have suggested rewrites, changes, additions, deletions, and anatomically impossible things. Thanks to most of you; keep the constructive suggestions coming!
