I love it when people bring in their virus-laden machines for me to look at. They always come up with some silly excuse for why it’s not working or how it’s broken: “I let [insert name of child here] play on it the other day and now it’s running slow” or “I haven’t been able to use email for the last few months but thought nothing of it until the computer started deleting my files and randomly rebooting”. GOLD!
I’m usually pretty good at getting rid of a virus if it’s in the early stages. Adware, malware, popups, backdoor trojans, they’re all pretty easy to dispose of. Some of the hijack programs that take over the homepage for IE are pretty tough though.
The steps I go through are usually the same:
1.) MSconfig and remove all non-microsoft programs
2.) Install nod32 and kick the crap out of whatever was installed
Although a lot of times I’m not able to run any commands. Recently I couldn’t open any EXE files on a system. It kept looking for rundll32.exe and not finding it (windows\system32\rundll32.exe). So then msconfig, add remove programs (control appwiz.cpl), and even the system information (windows key + pause/break) didn’t work. I couldn’t even open cmd.exe without problems – lucky for me it was an associated filetype for exe files.
So then, with the command line open:
1.) Download The EXE Registry Fix and import it into your registry
2.) SFC /scannow (this requires either the i386 folder or the windows installation media to check and see if all the required microsoft files are in place)
3.) MRT (microsoft’s malicious removal tool)
4.) msconfig and uncheck any non-microsoft related items
Someone also told me that the exe file associated could have broken this computer. I didn’t try it since I only imported the registry key and it worked. But here’s the steps to do that too:
1.) CMD
2.) assoc.exe=exefile