�鶹��Ƶ

Revision as of 12:25, 26 April 2010

Virus, Spyware, Malware or Trojan removal instructions

Running a scan in "Safe Mode"

Abbreviated

Verify that your virus definitions for Symantec Endpoint Protection are current (less than 7 days old).
Disable System Restore.
Reboot in Safe Mode.
Launch the Symantec Endpoint Protection application and run a full scan.
Delete any quarantined files.
Reboot in normal mode.
Turn System Restore back on.
Run Windows Update and apply all the critical updates.
Set your machine to automatically get updates from Microsoft.
Reboot your machine.

Detailed

1. Verify that your virus definitions for Symantec Endpoint Protection are current (less than 7 days old).

Launch the Symantec Endpoint Protection Application and verify the virus definitions are less than 7 days old.

2. Disable System Restore.

Click Start Menu - Control Panels - System. On the System Restore tab - check the Turn Off System Restore box. Click Apply.

3.Reboot in Safe Mode.

Turn off the computer.
Restart the computer. The computer begins processing a set of instructions known as the Basic Input/Output System (BIOS). What is displayed depends on the BIOS manufacturer. Some computers display a progress bar that refers to the word BIOS, while others may not display any indication that this process is happening.
As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.

4. Launch the Symantec Endpoint Protection application and run a full scan.

Launch the Symantec Endpoint Protection application. Click on Scan for threats, then click Run Full Scan.

5. Delete any quarantined files.

Launch the Symantec Endpoint Protection application. Click View Quarantine, select all the files in quarantine, click delete.

In the delete window click delete.

6. Reboot in normal mode.

7. Turn System Restore back on.

Click Start Menu - Control Panels - System. On the System Restore tab - un-check the Turn Off System Restore box. Click Apply.

8. Run Windows Update and apply all the critical updates.

Launch Internet Explorer and visit .
A security warning page may appear.

Click Yes and follow the prompts. You will then see the Windows Update pages:

Select the Express Install option.
The Windows Update server will scan your machine for missing updates. After the scan you will see a screen listing the total updates need.

Click the Install Button.
After Express Install has finished (this may take some time, depending on the number of updates), you will be promopted to reboot.

Click Restart Now. Your machine is now updated with current patches.

9. Set your machine to automatically get updates from Microsoft.

From the Start Menu select Control Panels - Automatic Updates. Make sure Automatic is selected and pick a time and day for the updates to be installed.

10. Reboot your machine.

Running a scan using the Symantec Recovery Tool CD

The Symantec Recovery Tool CD is a boot CD you can borrow from Technology Services that will boot off of the CD and run a scan. This is a useful tool when you computer is so infected that it will no longer boot into Windows. This tool will scan your computer and attempt to remove any infected files.

Note It is important to note that this tool remove any infected files including critical Operating System files. If critical files are infected, a complete re-install of the operating system is the best and possibly only option.

Steps to run a scan

Make sure your computer is connected to the internet so the virus definitions will update properly.
Place the Symantec Recovery Tool CD in your CD drive.
When turning on your computer press the F10 key to get the options to boot from a CD. Depending on your computer model you may have to select another key to boot from a CD. Please refer to your computers documentation for more information.
When the CD completes booting, select "Continue loading Endpoint Recovery Tool."
Select the appropriate language.
Click I agree
Wait for the virus definitions to update and make sure the date in the lower right is current.
Click Scan.
When the scan is complete, boot into Windows normally and run a scan in Symantec Endpoint Protection to make sure the viruses have been removed.

Additional Virus Removal Tools

SUPREantispyware
Malwarebytes
CCleaner
HijackThis
Combofix

I would like someone to show me how

Stop by Olin with your computer. Be sure to set aside enough time in your schedule to stay with your computer while it runs a full scan (30 to 120 minutes). It is also a good idea to bring the power cord if you have a laptop so the battery doesn't die in the middle of trouble-shooting.

@@ Line 69: / Line 69: @@
 The Symantec Recovery Tool CD is a boot CD you can borrow from Technology Services that will boot off of the CD and run a scan.  This is a useful tool when you computer is so infected that it will no longer boot into Windows.  This tool will scan your computer and attempt to remove any infected files.
-'''Note'''  It is important to note that this tool remove any infected files including critical Operating System files.  If this is a the case a complete re-install of the operating system is the best and possibly only option.
+'''Note'''  It is important to note that this tool remove any infected files including critical Operating System files.  If critical files are infected, a complete re-install of the operating system is the best and possibly only option.
 ===Steps to run a scan===