I mostly agree with FiresHell.
Here's what I do at work:
(note that I left out "safe mode" because a lot of people can mess their computer up to death in safemode. If it works with out safe mode, try to clean it out of safe mode first.)
(Added)
Extra first step:
If your windowsupdate page isn't working or you cannot do an in-browser scan because of messed up active-X controls, open your "Internet Options" and select the "Programs" tab then click "reset web settings" and this should fix the problem. You also need to run windows update and in-browser virus scanners using Internet Explorer. Yes, silly activeX controls reasons. If reseting the web settings does not fix the activeX problem, download and run all the other mentioned scanning programs first.
Download and install/run (all of the following are completely legitimate and functional programs we use to clean up computers daily at my jorb):
AIMfix.exeMSAS -Microsoft Anti-Spyware (formerly Giant anti-spyware)AVG anti-virus (make sure you
disable or
remove NORTON before you install/run this, or you will have a crash when both Norton and AVG anti-virus try to scan the same file)
Stinger.exeAd-Aware SE PersonalSpybot Search & Destroy(If your computer cannot connect to the internet but was before, you may have something infecting your Winsock Configuration... so you will need to run the tool
lspfix.exe after transferring it to your machine by use of flashkey, CD, floppy, etc. type media.)
Visit the website and run the virusscanner:
HousecallBelow are suggestions that require extreem caution and research before diving in to changes in your system.
Carefully use the MSCONFIG by going to:
Start > Run.. >
(type in):
msconfig
<press enter>
Here you can disable specific servies you know to be bad... never disable something unless you research it first (google works well for researching.)
If none of those work, visst this site:
sysinternalsand download some of their monitoring tools.
I use the following to monitor programs running as well as startup files started:
processexplorer -shows your current running aps; helpful in finding programs that are hidden and should not be running.
filemon -shows all of the files being accessed in real time; can help determine what spyware/virii may be trying to reinstall themselfes.
regmon -shows the current registy action in real time; can help determine if you have a spyware/virus/etc attempting to regenerate itself and tell you where from (if you know how to figure that out.)
tcpview -monitor network connection attempts; can help determine if you have a virus trying to spread itself.
autoruns -allows you to disable specific services from autorunning on startup; these may include malware/spyware/virii.
Finally... after all the above, if you still have problems... use this highly dangerous tool (if you misuse it, your computer will be dead):
HijackThis! This program should be used with extreme care. Use google to search for questionable entries and processes. Do not delete/fix anything unless you
know it is bad. Check with google, or zip your log and post it to this thread. I may not be checking back, but some one with know-how probably will; take all of their advise with caution.
You should be careful in using these tools, however, because some of them can cause your computer to no longer boot. I reccomend that you post a zip of the log(s) to your next post as well for us to look at. If you are unsure of any thing in the process explorer or hijackthis, then do a google search for the name of the process.
Example of a google process search result result:
pronomgr.exe(only trust info from sites such as wintaskspro related sites for process information, however.)
If you do not find the process on the internet, do not remove it until you get a second opinion. Several computer manufactures have their own special tools running which may not be found with a google search.
If you are not feeling confident with doing all of this crazy stuff, use System Restore to a date before you had the crazy virii. Any application changes will be lost but all of your other documents will still be there. To be extra careful, I reccomend you back up anything you care about first.
Peace.