It is best to have the windows xp computer in "Safe Mode with Networking"
before doing the Free Online Virus Scan by pressing "F8" when
turning on the computer and selecting:
"Safe Mode with Networking".
1.
Click Here to run Norton Antivirus Free Online Scan
2. To install support.exe click here and then click RUN
3. To install support2.exe click here and then click RUN
4. Install UltraVNC
5.
Install Crossloop
6.
Click here to print Technical Help Document for customer
7.
Click here to print Work Order for customer
8. Website Services.doc
Website Services - Back.doc
Best websites to look up a file to see if it is needed or not:
http://www.bleepingcomputer.com
| MalwareBytes AntiMalware | Good at removing Trojan.FakeAlert, WindAntivirusXP WinAntivirus Pro | http://www.malwarebytes.org/ | http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html |
|---|---|---|---|
| Dr Web CureIt | Good at search redirects in Internet Explorer. Good at removing rootkit Bakcdoor.TDSS on sys32\drivers\atapi.sys. | http://www.freedrweb.com/cureit/?lng=en | http://majorgeeks.com/Dr.Web_CureIT_d4783.html |
| TDSSKiller by Kaspersky | Another TDSS Remover for browser redirects | http://support.kaspersky.com/viruses/solutions?qid=208280684 | |
| Kaspersky Virus Removal Tool | Stand Alone virus scanner | >http://avptool.virusinfo.info/en/ | |
| ComboFix | Installs Windows Recovery Console and removes some malware and spyware | http://www.combofix.org/ | http://www.bleepingcomputer.com/combofix/how-to-use-combofix |
| SmitFraud Fix | Removes some rogue anti-spyware with fake taskbar security alerts and changed backgrounds to scare you into buying. | http://siri.geekstogo.com/SmitfraudFix.php | http://www.bleepingcomputer.com/files/smitfraudfix.php |
| LSP-Fix | Fixes Network Winsock2 registry due to Internet not working after removal of NewDotNet and other spyware | http://www.cexx.org/lspfix.htm | http://www.bleepingcomputer.com/files/lspfix.php |
| ATF Cleaner | Cleans TEMP folder and TEMPORY INTERNET folder and other temp files, including java cache, history and cookies | http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25 | |
| Gmer | Detects and removes some rootkits. (Hidden processes and files) | http://www.gmer.net/ |
Microsoft: Regedit - Load Hive
Microsoft: Recovery Registry from System Restore Point
folder is not accessible. Access is denied
OUTPUT batch results and errors:
delvirus.bat > results.txt 2>&1
Explain: test.bat 1> results.txt --> outputs results (dont need 1)
Explain: test.bat 2> errors.txt --> outputs errors
Get Product Key of Office and Windows
ShareWatch - See who is using what shares on your computer
CurrProcess - List all current processes and their DLLs
Winlister - List all windows that are open and their programs
View all open files and which process opened it. Close so you can delete the file if needed.
Reg Scanner - Open reg key by key name. Search for all results at once instead of pressing F3
InjectedDLLs - View DLLS that may be trojans
TestDisk - Recover Lost Partitions, Fix FAT Tables, Undelte Files
Aida32 - Detect System Devices
Use MSINFO32 to Print out (printout) Startup (MsCONFIG) items:
Clcik on Software Environment -> Software Programs.
Then click on File -> Export. Type in a filename such as "startup".
The startup items are saved as a text file so you can print them.
To Sea Breeze Computers Main Page These two start a scan but don't download active x first: http://security.symantec.com/sscv6/vc_scan.asp?pdisc=1&vc_prescan=1&ax=1&vc_scanstate=2&langid=ie&venid=sym&plfid=23&pkj=XVWFLSIVFWMFKPXKBQW http://security.symantec.com/sscv6/vc_scan.asp?pdisc=1&vc_prescan=1&ax=1&vc_scanstate=2&langid=ie&venid=sym&plfid=23&pkj=IOYFPJUIYCZRWEJGSSK This one starts a neat scan in Europe (does it do activex?) http://security.symantec.com/ssc/vc_scan.asp?langid=in&venid=sym&plfid=23&pkj=XFYFPJUIYCZRWEJGSSK This one does the US scan and downloads activex: http://security.symantec.com/sscv6/vc_prescan.asp?langid=ie&venid=sym&plfid=23&pkj=JMIFESLHFEPGEVVSDUX&vc_scanstate=2