Fix 1: Get the computer to boot:

Does the computer boot? If not, what messages (if any) are you getting? If you are getting error messages, Google them; most likely, you are not the first person to experience this problem. Careful where you click, though. Assuming you have eliminated the possibility of hardware failure (and that you have properly backed your important documents up): if the computer doesn’t boot, you could have a boot sector virus. To get rid of these, load the Windows CD and press ‘R’ when prompted to enter the Recovery Console. Type these commands:

• fixmbr
• bootcfg /list
  • If no entries are listed, type bootcfg /rebuild
  • Enter the numerical identifier for your Windows installation (likely the number 1)
  • Type Y or Yes to add installation to boot list
  • Provide a load identifier (e.g. Windows XP)
  • Enter /fastdetect

Fix 2: Finding the culprits:

If it’s possible, hook the infected hard drive up to a different machine and scan it using MalwareBytes, removing any infected objects it finds. Now, knowledge of an approximate time the virus was contracted is REALLY helpful here, though not necessary. If you can’t hook it up to another computer, boot the computer into safe mode (press F8 as the computer is booting) and choose Safe Mode (with Networking).

Whether you have booted to this hard drive or are viewing it from a different computer, take the following actions:

Open My Computer > C:. Go to Tools > Folder Options > View tab > Check “Show hidden files and folders”; uncheck “Hide extensions for known file types”, “Hide protected operating system files” and “Use simple file sharing”. > Change to detail view and sort by Date Modified, more than likely, all of the virus files are going to have the same date in this field. Now is the tedious process of looking (and deleting/renaming), be sure you aren’t deleting important system files by using Google. Here are the important places to look, though they can be anywhere:

• C:\
• C:\WINDOWS\
• C:\Recycler\S-1-{RANDOM}\
• C:\WINDOWS\Tasks
• C:\WINDOWS\system32\
• C:\WINDOWS\system32\drivers\
• C:\Program Files\{ANY RECENT SOFTWARE THAT IS NEW AN YOU DIDN’T CHOOSE TO INSTALL}
• %TEMP% (Start > Run > %TEMP% > OK)
• %USERPROFILE%\Desktop (look for installer files)
• “%USERPROFILE%\Local Settings\Temporary Internet Files\”

Open Windows Firewall through Start > Control Panel > Windows Firewall, click on the Exceptions tab and check for any programs that you didn’t specifically authorize, remove the exception if there are unknown entries.

Fix 3: Stop the rogue processes from loading at startup

Download Autoruns from Sysinternals. Run the program and select the Logon tab. Check for malicious software under the headings listed below, unchecking each malicious item:

• HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
• HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
• C:\Documents and Settings\All Users\Start Menu\Programs\Startup
• C:\Documents and Settings\username\Start Menu\Programs\Startup

Move to the Services tab and look for items where the Publisher is missing, these items are frequently (not always) suspect. Remove malicious services by unchecking them

Select the “Image Hijacks” tab, the only item that should be present is “Your Image File Name Here without a path”. If anything else is present, uncheck it.

Close Autoruns

Cleanup

Download CCleaner, install and run it with the default settings to remove all of your temporary files. If you don’t have a good Firewall and don’t have money to spend, download Comodo or ZoneAlarm. Turn off System Restore by right-clicking My Computer and selecting Properties. Select the System Restore tab and check the Turn off System Restore checkbox > Select Apply (may take a moment or two). Once it is responding again, uncheck the box and it will create a new restore point (that doesn’t have the virus files).

http://mediamemo.allthingsd.com/20090913/home-delivery-the-new-york-times-serves-up-some-malware/

REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=-

REGEDIT4
[HKEY_CLASSES_ROOT\exefile\shell\open\command]@="\"%1\" %*"

@echo off
:: SET_NO_DRIVE_OTORUN
reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDriveTypeAutoRun /t REG_DWORD /d 0x0ff /f

:: GET_DRIVES
for /f "tokens=1 delims=:" %%j in ('reg query hklm\system\mounteddevices ^| findstr \DosDevices\') do (
echo %%j >> drives
)

:: REMOVE_\DosDevices\_PREFIX
for /f "tokens=3 delims=\" %%j in (drives) do (
echo %%j >> drives.txt
)
del /q /f drives > nul

:: REMOVE_SPACE
for /f "tokens=1 delims= " %%j in (drives.txt) do (
echo %%j: >> drives
)
del /q /f drives.txt > nul

:: CHECK_DRIVE_TYPE
for /f %%j in (drives) do (
fsutil fsinfo drivetype %%j | findstr "Fixed " >> fdtype
fsutil fsinfo drivetype %%j | findstr "Removable " >> frtype
)
del /q /f drives > nul

:: GET_FDRIVES
for /f "tokens=1* delims= " %%j in (fdtype frtype) do (
echo %%j >> dtype
)
del /q /f fdtype > nul
del /q /f frtype > nul

:: REMOVE_SPACE1
for /f "tokens=1 delims= " %%j in (dtype) do (
echo %%j >> drives
)
del /q /f dtype > nul

:: DEL_DRIVE_A_FROM_LIST
sort drives >> sort
type sort | findstr "A" > nul
if errorlevel 0 for /f "tokens=1 skip=1" %%j in (sort) do (
echo %%j >> sorted
)
del /q /f drives > nul
del /q /f sort > nul

:: CREATE_OTORUN_FOLDER
for /f %%j in (sorted) do (
md %%j\AUTORUN.INF
attrib +s +h +r /d /s %%j\AUTORUN.INF
)
del /q /f sorted > nul

echo Press any key to close this window..
pause > nul>

1. Use a Firewall

Comodo Firewall is a great firewall and is completely free. Firewalls prevent unauthorized network access from malicious users trying to gain access to your computer.

2. Install Windows Updates

A good portion of the viruses we have cleaned off of computers would have been completely preventable, had the user updated Windows. When hackers find a way to exploit a problem with the operating system, Microsoft sends out updates to keep your computer safe and should be installed as soon as possible. An alarming number of users ignore the messages that their computers need to be updated and leave their computers vulnerable to hackers.

3. Secure your Wireless Network

Don’t leave your network open to access, no matter how safe you think you may be. Enabling encryption on your wireless router is painfully simple and should always be done when you are initially setting up the network (though it can be done at anytime). If your router supports it, use WPA2, as this is the most secure protocol. With an open wireless network, users can easily watch what you are doing online, use your network to access illegal content (which will be tied to your network), and change your wireless settings, effectively locking you out of your own network. Recently, we visited a client whose neighbor had taken over their unsecured wireless network and fixed the issue. Don’t let this happen to you!

4. Use a Limited Privilege Account

If you aren’t installing software everyday, there is really no reason to always use an administrator account. Create a new account on your machine that has limited access (non-administrator) and primarily use this account. If you do somehow download a virus, you will be unable to install it. It is also recommended that you use a guest or non-administrator account for friends and family to use your computer with. Our teenage niece downloaded a nice virus while playing online games that infected every computer on our network and required each one of them to be completely rebuilt.

5. Okay, use a Good Antivirus Program

Microsoft Security Essentials is currently the highest rated antivirus program, and it’s free. There is no reason to pay a lot of money for something that is not the best (especially when the best is free). Not only is it good at removing viruses, it’s really good at finding malware that other programs miss.

Do you use other tools that you think are better? Let us know what you use!