internetinspiration logo
             
Home Internet Guides Privacy & Security Must have software Internet Shopping Earn Money Fun & Games Freebies

Privacy & Security
Clean up and repair after a Malicious software infection

Uninstalling any application whether it is legitimate or malware does leave behind files and registry entries, which can impair the usage and stability of your computer, even after your security software has detected and removed malware, there is still a little more to do.

Malware can also deliberately leave behind components, these could still perform some of the malwares functions, repair/replace any damaged or deleted files or simply sit there to be exploited in the future.

Here are instructions and applications to do various clean ups and repairs.


System registry
Invalid or obsolete registry keys are a common cause for system crashes. The registry is a critical part of your computer system so I suggest you use a registry cleaner as opposed to attempting a manual clean up. Ace Utilities and CCleaner will both do this for you, links for both are below,

Temporary files/Internet cache/cookies
CCleaner, is a free application that will quickly and simply run clean up tasks including temporary files, cookies and registry entries .
Ace utilities For a more thorough clean up of empty, unused, invalid temporary files and registry keys. It is easy to use and has a 30 day free trial.
X-Cleaner The Free version of this application has system clean up utilities in addition to a quick scan for malware. The 'paid for' version is a comprehensive suite of System clean up and security applications.

To view and manually clean Temporary Files

System restore, (Windows ME and XP only)
If a restore point was created whilst you had a malware infection, a copy will be held in that restore point. Whist this poses no threat unless you tell your computer to revert to those settings, you may want to consider deleting your restore points. System restore

In most cases, that will be sufficient to complete the removal of malware, but the more advanced programs can change your computers settings, overwrite operating system files or add themselves to areas not monitored by security software. These damaged or remaining bits can result in error messages or the loss of some functions. below is a list of tools/instructions that will help repair the damage to these areas.


Re-set Home page.
Right click the Internet Explorer icon on your desktop, from the Start menu or on your programs list (Start > All programs) and select internet Properties
On the General tab you can enter the address of the web page you wish to use. You can also click the Use Current button to set the page you are currently viewing.

Re-set default Internet settings.
Right click the Internet Explorer icon on your desktop, from the Start menu or on your programs list (Start > All programs) and select internet Properties
On the programs tab, click the reset web settings button. Click Apply then OK.

Layered Service Provider (LSP)
Sequentially numbered registry entries to provide an internet connection. Malware can add an LSP entry so when it is removed it can disrupt or break the numbered sequence and prevent or disrupt connections to the internet. Should this happen, LSP fix is a free application that will remove damaged or corrupt components and re-number the modules to repair the connection sequence,
Download it from here.
Anything displayed in the right panel is a damaged or corrupt LSP entry, clicking the Finish button will remove the offending entry and renumber the remaining ones.

Windows system folders
Can be over written to force the computer to carry out or prevent specific tasks / applications from operating. They are also deliberately put there to hamper detection and removal. The worst offender award for this goes to the wide variety of Cool Web Search malware. If you receive a message saying a Windows file cannot run or is corrupt, you will need to replace the windows file.
Windows has a feature called Windows file protection (WFP) designed to detect changes to Windows SYS, DLL, EXE, and OCX files. Part of this application is a System file checker that will scan protected files for changes against a copy of the original file in a cache or if no cache is available, against the Windows CD. SFC will take into account change made by official Windows updates.
To run a check, start the System file checker by either -
Click Start > All programmes > Accessories >system tools > System information.. In the system information box click tools and select System file checker from the drop down list that appears.
OR
Click Start > Run and type into the box sfc /scannow (note there is a space between the c and the /). Click OK
Then restart the computer, after windows has loaded, a scan will commence, if no cache was made when Windows was first loaded, you will be asked to insert the Windows CD. A report will be shown if any files are found to have changed. For more information on WFP, see here http://support.microsoft.com/?kbid=222193.

Merijn have available copies of Windows files overwritten by Cool Web search, see here.

Trusted/restricted zones
can be used by malware to -
1) Ensure access to their server or website is not blocked.
2) To prevent access to some (usually security related) sites.
This can be achieved in two ways, by adding entries into either the Internet Explorer zones or your Firewalls security settings.
To check Internet explorer.
Right click the Internet Explorer icon on your desktop, from the Start menu or on your programs list and select internet Properties
On the security tab, Click Trusted sites and restricted sites in turn, click the sites button and remove any you do not want in either zone.
To check your Firewall
Open its control panel, navigate to trusted and restricted zones and remove any you do not trust or want.

The HOSTS file
Is being used increasingly to redirect to websites, deliver advertisements or through servers which can monitor your web use. It can also be used to prevent you accessing websites, these are usually Security related sites, for example blocking access to anti-virus vendors sites will prevent your anti-virus software from updating, therefore you will not be able to detect or remove the new virus. Host file entries can remain even after the malicious software has been removed. For information how to check and repair (if necessary) the Hosts file, Click here

Security software.
Malware can prevent Firewalls, anti-virus/trojan/spyware applications from operating normally. The most common way is to stop certain processes relating to security software from running. Once the malware has been removed, those processes should work normally. If however files have been overwritten, deleted or become corrupt, you will need to re-install the software.

Now you have a clean computer, why not download some additional software to prevent Malware installing in the first place, PC Protection

Privacy & Security

Information

E-mail

Viruses

hackers, crackers & firewalls

Trojans

Spyware

Keyloggers

Cookies

BHO's & Hijackers

Drive by downloads

diallers

Scams & Hoaxes

Hijack this-
automatic analysis


Free pest scan

Unwanted processes

How to-Tutorials

Clean up/repair after malware infection

Prevent malware installing

Install Hijackthis

Start in Safe mode

Show hidden files/folders

enable/disable Active X controls

Disable Messenger service pop-ups

Use the Host file

Roguefix -
Removal tool for Rogue spyware removers & Fake Warnings
removal tool


Kill E2Give

Kill MySearch

Kill Sdbot-ADD / lockx.exe

Kill seeve.exe / mediamotors pop ups

Kill Winfixer2005

Kill SysProtect

News/Articles

New Winfixer infection displays fake Blackworm warning

The real cost of Free security software

About us Contact us FAQ Links Privacy Statement Site Map Webmasters
Click here to add this page to your favorites
©Internet Inspiration, 2003.      All registered trademarks are observed and respected.
If you receive advertising pop ups whilst viewing this site, you are infected with an ad-serving parasite, because we don't use pop ups. See our Privacy & security section for help with detection and removal.