Defeating Trojan, Virus, Worm, Harmful Scripts effectively

A. Symptoms of a computer virus
If you suspect or confirm that your computer is infected with a computer virus, obtain the current antivirus software. The following are some primary indicators that a computer may be infected:

• The computer runs slower than usual.
• The computer stops responding, or it locks up frequently.
• The computer crashes, and then it restarts every few minutes.
• The computer restarts on its own. Additionally, the computer does not run as usual.
• Applications on the computer do not work correctly.
• Disks or disk drives are inaccessible.
• You cannot print items correctly.
• You see unusual error messages.
• You see distorted menus and dialog boxes.
• There is a double extension on an attachment that you recently opened, such as a .jpg, .vbs, .gif, or .exe. extension.
• An antivirus program is disabled for no reason. Additionally, the antivirus program cannot be restarted.
• An antivirus program cannot be installed on the computer, or the antivirus program will not run.
• New icons appear on the desktop that you did not put there, or the icons are not associated with any recently installed programs.
• Strange sounds or music plays from the speakers unexpectedly.
• A program disappears from the computer even though you did not intentionally remove the program.

B. Softwares needed:

1. Trend Micro Antivirus

• > Sysclean Package X.XMB - Download
  
• > lptXXX.zip (AS/400, S/390, Windows) XX.XMB - Download
  
• Ssapiptn.da5 Pattern File: ssapiptnXXX.zip X.XMB - Download
  

Note: After downloading these files, make a new folder{sysclean} and place/extract those download files inside. There should be files named sysclean.com, lpt$vpn.xxx, and ssapiptn.da5 in the folder.

2. Process Explorer - Download

3.Trend Micro HijackThis - Download

4. Remove Restriction Tool - Download

C . Instructions on how to remove:

1. Turn on Computer / Restart Computer and go to Safe Mode.

• To get to Safe mode, press the F8 key when Windows starts to boot. You have to do this BEFORE you see the first "Windows" screen. You can start tapping away as soon as you get by the BIOS startup screen or the manufacturer's splash screen.

2. Run Trend Micro Antivirus

• Open sysclean folder.
• Double click sysclean.com to run the antivirus.
• Be sure that "Automatically Clean Infected Files" and "Enable Spyware Scan" are checked.
• Click Scan to begin scanning the computer.
• NOTE the path and file name of all files detected.
• Close Trend Micro Antivirus.
  

3. Run Process Explorer

• On the Process Explorer window, locate file(s) detected earlier by the Antivirus.
• Right-click one of the detected files, then click /Kill Process Tree/.
• Do the same for all detected harmful files in the list of running processes.
• Close Process Explorer.
  

4. Run Trend Micro HijackThis

• On the Trend Micro HijackThis window, look for entries with suspicious file names or file(s) detected earlier by the Antivirus.
  
• Or highlight the entry(s) that are not their for a specific reason that you know about and click "AnalyzeThis" button to let Trend Micro analyse it for you.
• Check the box of those infected entries and click "Fix checked" button.
• Close Trend HijackThis.

5. Restart Computer.
6. Check if RegistryTools, TaskManager, Folder Options are Disabled.
7. Run Remove Restriction Tool to Enable them.

• Note: Anti - virus programs may consider this tool as harmful file and will try to move it to the vault or delete it.
• Let the anti - virus program ignore this file.

8. If you have no Anti-virus installed on your system, download any free anti-virus out there and install to have a real time protection against viruses.

• Recommended anti-virus (AVG Free Edition)