Best way to clean malware, rootkits, trojans and virusses (I call it malware from now on) is to backup your data, scan your data with another computer, remove your partition, reinstall Windows, install a virusscanner, update your Windows and put you data back. This is the safest method and I allways recommend this to people.
But if you don’t want to reinstall everything you can follow this steps to get a infected pc clean.
Install the TDSSKiller software, scan the pc and remove the rootkits. It is almost impossible to clean a rootkit with a standard virusscanner. And because of some rootkits you can’t install drivers so you can’t load an antivirus real time protection.
Update your Windows true windows update (and turn automatic updates ON!), update your browser, update Java and Flash or remove it.
Now your pc is clean of almost any type of malware and ready to protect it for new malware. All steps together takes almost 6 hours of scanning. So maybe reinstall your operating system is always the best option
This steps helped me to clean a very bad infected laptop that had not any antivirus realtime protection installed. If this steps also helps you to fix a infected pc please leave a comment below or buy me a beer (see widget on the right).
By default the Roaming profile is only accessible for the owner (end-user) and the system account. I found a post on the internet with a workaround to access the profile without problems to the end user.
Using two tools, the first is SubInAcl.exe available from Microsoft (download), and the second is cacls.exe which you should already have by default in Windows.
These first two commands will give the local administrators group ownership of the user’s folder and everything underneath. NOTE: This will not change any existing permissions.
1. Extract Bootable USB-Drive
2. Open Config_SourcePath.cmd
3. REM set SourcePath=”..\BartPE”
4. set SourceCD=G: where G: the cd-rom drive is with the BartPE CD
5. Start BOOTABLE_USB-DRIVE.cmd
6. Format and create the USB drive
7. Close the utillity en extract de WinUSB_FULL Patcher
8. Run the patcher on the USB drive (root)
The patcher patch the ntdetect.com file. When you don’t run the patcher you will get a 0x0000007b BSOD when you boot from the BartPE USB.
Sometimes you need a proxy server and you don’t want to install some software. Then you can download and run Proxomitron (zip package). The only thing you must change is the IP address who can connect the proxy.