{TUT} How to find out if you are infected and clean your PC! - Printable Version +- Support Forums (https://www.supportforums.net) +-- Forum: Categories (https://www.supportforums.net/forumdisplay.php?fid=87) +--- Forum: Virus Protection, Removals, and HJT Team (https://www.supportforums.net/forumdisplay.php?fid=56) +---- Forum: Virus Removal, Hijack This Logs, and Support (https://www.supportforums.net/forumdisplay.php?fid=48) +---- Thread: {TUT} How to find out if you are infected and clean your PC! (/showthread.php?tid=7898) |
{TUT} How to find out if you are infected and clean your PC! - TurB0 - 06-19-2010 Hello SF, Welcome to my Tutorial on how to find out if you are infected. This ways are Basic. If you are infected, I guarantee you to 80% that you will clean your System using this Tutorial. There are 2 ways, Be lazy and reformat your whole PC or be a Smart Guy and get it working without reformating. I will Show you the Smart Way . Index of the Tutorial: Checking the startup Checking the Registry Checking the file Well Let's start with the First step Checking the StartUp 1. Step - Go to "Start" 2. Step - Select/find "Run" 3. Step - Type "msconfig" 4. Step - A window will come up. Go to the Tab "Startup". 5. Step - Now you have the List of all apps starting with Windows . Almost every RAT/Stealer/Keylogger/bot etc. Startsup with the System, we can find it here. Search for some file like "Stub.exe" or "server.exe". This are the Most used names. Uncheck them, click on Save, Close And reboot PC. You have successfully preventes the malware(s) to startup with the System. Checking the Registry The Registry is a datebase, where Most Applications save their Configuration. Of course Malware too. Malware often uses the Registry to startup, and Save the options. 1. Step - Go to Start>Run>regedit.exe 2. Step - Search in HKCU the "Software" Folder. There will Be a List with the programs. If you are infected, there should Be sth like Server or Stub or SpyNet some crap like that. If there is, delete this entry (Right Click>Delete Entry) Checking the File If you are Not sure, if a file is clean or not, don't Open it yet without analyzing. First Look at the Details of the program. Look at the Assembly. Of its something Random like fhjedj792&3 then its mostly a infected file encrypted with a Crypter. If its a File you downloaded from YouTube, or from a Site which Assembly is e.g: Hijack This is Most likely infected too because Crypters fool Antivirusses with a Fake Assembly. You also can Scan the file on many online Scanning Services like: http://www.NoVirusThanks.Org http://www.virustotal.com (Not recommended) http://www.jotti.org And many more... Also you can use a Great tool named "Sandboxie" (http://www.sanboxie.com). Enjoy it and good luck cleaning your PC! And note: This is not the advanced method. It is the basic one. ~ViRuzz RE: {TUT} How to find out if you are infected and clean your PC! - --([-S7N-])-- - 06-21-2010 I wouldn't recommend computer newbies to mess around MS Config or the Registry. Other than that, thank you for sharing. RE: {TUT} How to find out if you are infected and clean your PC! - Pedobear™ - 06-21-2010 Ye, S7N is correct. It's somthing you shouldn't mess around with when you're new. For the advanced computer guys/girls however this is really nice. RE: {TUT} How to find out if you are infected and clean your PC! - Industrialized™ - 06-24-2010 Very nice Infection removal Tutorial, This will defiantly help a lot of people. RE: {TUT} How to find out if you are infected and clean your PC! - BRSteven - 07-01-2010 Nice share |