Wednesday, 26 January 2011

How do I remove common viruses - System Tool 2011, Internet Security 2011, Smart Defragmenter, Internet Defender?

There are a few viruses doing the rounds at the moment, which seem to be bypassing the anti-virus programmes out there.

They have names such as System Tool 2011, Personal Internet Security 2011, Anti-Virus 2011, System Defragmenter, SystemDefragmenter, Internet Defender, etc. These viruses pose as anti-virus programmes and ask you to go to a web site to pay for a licence to enable the software to remove the viruses it claims to have discovered.

To get rid of one these viruses completely isn't that simple if you aren't a computer geek - the best option is to call us and we can do this for you :)

Otherwise you can try to follow these instructions (given without any warranty or guarantees at all!). What you are about to do could damage your computer, so if you are at all uncomfortable you should seek professional help (for the computer, I mean!)

1. Backup all of your data. Twice. Check the backup worked.

2. Boot the computer into "Safe Mode" by clicking the F8 key on the keyboard continuously whilst booting the PC. You get to a black screen with various options - one of which is Safe Mode. (If you get all the way through to Windows then you weren't clicking F8 early enough. Try again.)

3. Open My Computer (Windows XP) or Computer (Vista, Windows 7). Click "Tools / Folder Options" or "Organize / Folder and Search Options". Click the "View" tab. Click "Show Hidden Folders, Files and Drives" and un-check "Hide protected Operating System files". (This is followed by a warning not to do this.)

4. Browse "My Computer" for C:\Documents and Settings\All Users\Application Data\ (in Windows XP) or C:\ProgramData (in Windows Vista or 7). In one of these locations is a folder with a random collection of characters (Something like "lMaPeFb01808" or "kEhIa03601"). Take a note of the name then rename this folder or file, by adding "old" to the end of the name. Reboot the PC normally. If the virus doesn't appear then you renamed the right folder or file, so continue. If it is still there then rename that folder back to what it was and start again. If the virus has gone then delete the folder you renamed.

5. Open the Registry by clicking the "Start" button, click "Run" and type in the Run box "Regedit". (This is a dangerous step and any mistake could stop your computer working. Only do this is you are confident that you have a good backup.) Backup the Registry by clicking "File / Export"

6. Click Once on the word "Computer" at the top of the Registry list. Click "Edit / Find..." and enter the virus file name from Step 4. Delete any reference to that file, then press F3 key on the keyboard. It will continue searching the Registry for more instances. (You did back that Registry up, didn't you?)

7. Back to the top of the Registry, highlight the word "Computer" and do a Find for "Tool2011" Delete any references.

8. Still with us? The Hosts file may have been changed. Instructions on resetting this are at http://support.microsoft.com/kb/972034 Windows XP has a different Hosts file to Vista or 7.

9. Turn off System Restore. Instructions on this are at http://support.microsoft.com/kb/310405 for Windows XP, or http://windows.microsoft.com/en-US/windows-vista/Turn-System-Restore-on-or-off for Vista or Windows 7.

10. Reboot the computer and turn System Restore back on.

11. Undo the changes made in Step 3 and hide the system files again.

12. Empty the Recycle Bin.

That should be it, although the DNS Server and other settings may have also changed. The full list is beyond the scope of this Blog, but you could try downloading our CheckList for removing viruses at goo.gl/TTmCY for more suggestions of things to check.

If the virus still exists then contact us to ask if we can help, as the virus may have damaged the PC further. http://www.the-it-dept.co.uk/contact.html

____________________________________________________
If you enjoyed this blog please consider donating £1.00!







Sign up for our Monthly Newsletter
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2011