First, fetch SDFix.exe and use that. It's an advanced tool, however, but it's got a number of built-in utilities for taking down Ad/spyware and viruses.
Then follow up with a decent quality virus scanner. I recommend looking on Amazon for "Symantec Corporate Anti-Virus 10.2". This is the commercial version of Norton that does virus and spyware scanning, with unlimited virus definition updates for free, without all the bloat of the consumer-grade Norton product. It's only $19.99 too. I have my suspicions that it's not supposed to be sold to end consumers, but hey, cheap, and free updates. Can't argue.
The catch is, the core heuristics engine isn't free -- 10.2 is for Vista, but the CD has version 10.1.5.5000 for Windows 2000 and Windows XP, and you're locked at that version level until 10.1.6 or 10.1.7 get out onto CD I believe. I might have to go scour Symantec's site and confirm that, though.
Regardless, however, the heuristics system in 10.1.x is pretty robust, and will catch viruses and spyware for several years to come.
Now, about SDFix. Below is the download URL, and some usage instructions copied off another forums site. Just follow them, and grab some coffee while waiting for SDFix to finish, and you should be able to entirely remove, or at least neutralize the critter.
SDFix.exe download here:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Usage instructions copied (and modified) from
here (my additions are in italics):
Double click SDFix.exe and choose Install to extract it to its
own folder on the C: Drive (C:\SDFix). Please then reboot your computer in Safe Mode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode with Command Prompt, then press Enter.
- When Windows loads, you'll get a black box with a blinking cursor -- this is the command prompt. Type the following commands, pressing enter after each item:
- Type Y to begin the cleanup process.
- It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
SDFix ONLY runs in "Fix" mode from Safe Mode. If you run SDFix in normal mode, you're instead given options to download and run a series of cleaner tools. Do this AFTER the initial scan (i.e., following the above instructions). When you run SDFix after the fix mode is complete, you'll want to start with the Virus scanner, using Option #5. You'll know what I mean when you select it. Then run the first and second tools after that, and you should hopefully have a clean system.
--K
