I'm infected, Now What??
Depending what you have, this can be quite involved. We recommend you print this page and follow the suggestions shown, then email if you need help.- Download and install the latest virus signatures from your preferred vendor Resources
- Download and install the latest spyware definitions from Ad-Aware, Spybot, etc
- Boot into "safe" mode
Click Start, Turn Off Computer, Choose Restart
As soon as you hear the system beep or when you see the manufacturer's logo, repeatedly hit the F8 key until you see the startup menu
Choose "Safe Mode" to run your computer with minimal programs loaded.
While in "safe" mode:
Be prepared to reboot several times, always back into "Safe Mode" - Run a full virus scan
- Run each of your spyware removal tools repeatedly
Remove "free" adware/spyware applications on your PC. These include (but are not limited to) file sharing programs like Kazaa and add-on search bars for your browser.
Google, Yahoo! and Earthlink search bars are safe. - XP Users: check msconfig for startup programs
Click Start, Run, type msconfig, hit enter
Click the startup tab
Each checked item will automatically launch when Windows starts. Try to identify them
For any you cannot identify, search for them by name at http://www.sysinfo.org
Eliminate (uncheck) those programs you do not need.
If sysinfo.org can not identify them, search Google or http://groups.google.com for more information
Remember, if you uncheck a program, you can always re-check it later if unchecking it causes problems.Advanced Users: Check for startup programs and services in:
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
- Windows 2000 Users: check System Information for startup programs
Click Start, Programs, Accessories, System Tools, System Information
Click the + sign next to Software Environment
Highlight Startup Programs
For any you cannot identify, search for them by name at http://www.sysinfo.org
Eliminate those programs you do not need.
If sysinfo.org can not identify them, search Google or http://groups.google.com for more information
Advanced Users eliminate startup programs in the Windows registry: Check for startup programs and services in:
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
- Check for unwanted browser helper objects
Check for Browser Helper Objects (BHO)
Use Windows Registry Editor to look in
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Copy each ClassID and paste it into the BHO quick search at http://www.sysinfo.org
(A ClassID is a 32 digit number looking something like:
AA58ED58-01DD-4d91-8333-CF10577473F7)
If you're not sure whether you want a particular BHO, simply rename it, perhaps by prefixing the ClassID with xxx. If you don't miss the functionality you can probably live without it.