If you want to try take a shot at fixing your virus and spyware problems yourself (at your own risk) try the methods mentioned below. To download directly you need to join the forum that you will be taken to when you click download. If not click on the "homepage" links and download from there.

Preparation
If your having trouble connecting to the Internet try running the WinSockFix utility to repair your connection:
WinsockXPFix for Windows XP/2000/NT
Winsock2Fix for Windows 98/98SE/ME

CleanUp! - Download - Homepage
CleanUp!, is a quick and easy way to delete temporary files from your system. Simply deleting these temp files may clear some infections, and will make running the following scans faster.

• Install and run. Click on the button labeled CleanUp!.
   
• When it finishes it will prompt you to restart Windows - there will be one or two files it cannot delete when Windows is running - however, they will be deleted next time Windows starts up.

Step One: Scan for Spyware/Adware
Ad-aware SE - Download - Home Page

• Install the program and launch it. If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.
• First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we will configure Ad-Aware to perform a full scan. In the Ad-Aware main window, click on the gear icon at the top of the screen to open the preferences window. In the General window, make sure the following options are selected:
1) Automatically save log-file
2) Automatically quarantine objects prior to removal
3) Safe Mode (always request confirmation)

Click the Scanning button on the left-hand side and make sure the following options are selected:
1) Scan within archives
2) Scan active processes
3) Scan registry
4) Deep scan registry
4) Scan my IE Favorites for banned URLs
5) Scan my Hosts file

Please also click on Select drives & folders to scan and select your hard drive(s). Then click the Advanced button on the left-hand side and make sure all the options under Log-file Detail Level are selected. Next, click the Tweak button on the left-hand side. Click on Scanning Engine and make sure the following options are selected:
1) Unload recognized processes & modules during scanning
2) Obtain command line of scanned processes
3) Scan registry for all users instead of current user only

Click on Cleaning Engine and make sure the following options are selected:
1) Always try to unload modules before deletion
2) During removal, unload Explorer and IE if necessary
3) Let Windows remove files in use at next reboot
4) Delete quarantined objects after restoring

Finally, click on Safety Settings and make sure the following options are selected:
1) Automatically select problematic objects in results lists
2) Write-protect system files after repair (Hosts file, etc)

• Click on Proceed to save the preferences. Then please click the Start button on the bottom right side to begin a scan. Select Use custom scanning options and then click Next. Ad-Aware will then scan for malware.
   
• Save the log file when it asks and then click Finish. Do not post the Ad-aware log in this forum unless requested.
   
• When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).
   
• If you wish assistance with an Ad-Aware SE log file, please post your log here for analysis by Ad-Aware experts.
• Trouble? Lavasoft Support Forum

CWShredder - Download - Homepage
Run the program. Click the Fix button to remove any malicious programs found.

Spybot S&D - Download - Homepage - DSO Exploit Fix
Install Spybot and the DSO Exploit Fix. Start Spybot and select Update, Search For Updates, check the box next to each update and then select Download Updates. Next, select Search and Destroy, Check for problems and after scanning is complete, Fix selected problems. Finally, select Immunize and then the Immunize button to block common Spyware programs from installing.

No single program removes every threat. A multi-prong approach is best.

Rogue/Suspect Anti-Spyware Products & Web Sites. Unfortunately, many companies have chosen to exploit the spyware problem by releasing questionable software. These programs may be ripoffs of existing free programs, produce false positives to entice you to buy the full version, leave actual Spyware installed, or at the very worst even install Spyware. Use the link above to see if you have installed any of these programs on your system. Uninstall any found.

Step Two: Viruses/Trojans
Even the best antispyware programs are only able to remove about 70% of infections. Also, the line between spyware and trojans is getting blurred. You can never be too careful with these, we recommend at least one online scan.

Ewido Security Suite for Windows 2000 and XP only - Free Version (14 day trial) - Homepage

Ewido has been very effective at helping remove some of the more difficult infections.

1. After installed, there should be a icon for ewido on your desktop. Double-click to run it.
2. Update ewido:
   From the main ewido screen, click on update in the left menu, then click the Start update button.
3. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a cup of coffee...
4. If ewido finds anything, it will pop up a notification. You can select clean and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
5. When the scan finishes, click on Save Report. This will create a text file. Please then paste the contents of the text file, and post it with your HijackThis log.

Trend Housecall - Homepage
Even if you do have antivirus software it can be compromised and corrupted by many forms of malware, so an online scan is a good idea.

Run the free online virus scan (tick the "Auto Clean" checkbox).

Here's another free online scan: Panda Activescan

AVG - Download - Homepage
If you don't have any antivirus software on your system, or if your subscription to definition updates has lapsed, install AVG's very good free version of antivirus. This comprehensive package includes real-time protection, scheduled scans, automatic definition updates, and email scanning. More free antivirus tools here.

NOTE: DO NOT install more than one antivirus program. They will conflict, and provide less protection, not more.

TDS-3 - Download - Homepage
One of the best anti-trojan programs available. Free download and updates.

Step Three: Windows Updates
Windows Update - Homepage - Download SP1a
An unprotected, unpatched Windows XP installation will get infected within minutes of connecting to the Internet. Because of this, we'll require you to do install critical updates before providing assistance in our forums. If not, we're both just wasting our time.

SP2 NOTE: Windows XP Service Pack 2 (SP2) has terrific security features, and we highly recommend everyone install it, however it should not be installed until your system is free from malware. Installing SP2 with malware present can cause many compatibility problems, or even prevent your computer from restarting. If your system has a malware infection, or if you're unsure, use the SP1a download link above.

Step Four: Reboot - Test
The tools above will completely clear malware from the majority of systems. Test your system to see how it's working.

If you're still having problems, continue to the next step. Otherwise, check out this article on how to prevent future Spyware/Hijack attacks.

Step Five: Posting a Hijack This Log
Hijack This - Download - Homepage
Automated tools are not always successful at removing malware from your system. Some infections may generate random files names, are too new, or use other tricks to avoid detection.

HijackThis examines certain key areas of the Registry and Hard Drive and lists their contents. These are areas which are used by both legitimate programmers and hijackers. Some items are perfectly fine. You should not remove them. Never remove everything. Doing that could leave you with missing items needed to run legitimate programs and add-ins.

This section is designed to help you produce a log, post the log into the Forum and finally remove the items as directed by the Member helping you. This involves no analysis of the list contents by you. That will be done by the Geeks to Go Staff.

If you have anything disabled by MSConfig or any other startup manager, please re-enable it before scanning to post.

If you have run and fixed anything with Spybot Search and Destroy, Ad-Aware, or any spyware program please reboot before scanning.

Save HijackThis in its own folder (i.e. C:\HJT). DO NOT run it from within a zip manager (Winzip), as no backups will be saved.


This is how HijackThis looks when it first opened.

You do not have to change any settings at this point.
Notice the empty section in the middle. This is where the scan results will be listed later.
Examine the two sets of buttons. To start the scan, Click the Scan button on the left.


HijackThis after the scan.

The Scan Button has a new Caption. Save Log. Click the Save Log button to create a file named Hijackthis.log. A dialog box will pop up. Use it to select the location where you will save the log. Close the program.

Return to the Forum and reply to your original post. Open the Log in Notepad. Highlight the entire contents. Copy and paste the contents of the HijackThis log into your post. Wait for help.

Additional Copy and Paste Instructions
Having problems with cut and paste? Open the text file. Go to the Toolbar of your text editor, Notepad for example and click Edit. Move the mouse down to Select All and click on Select All to highlight the text. Go back to Edit again and move the mouse down to Copy. Click Copy. Go to the Forum and reply to your original post. When the page opens, click on an empty space in the reply window with your mouse to set focus for the paste operation. Finally, hold down the Ctrl button and click the letter v on the keyboard to paste the text into your post.

Mark Items for Removal
Once you have received advice on what should be removed, reopen HijackThis. Scan again. You have changed nothing and this scan result will be the same as the first. Place a check-mark in the box in front of each item you plan to remove. In this example, there are three items marked for removal.

Click the Fix checked button.
A confirmation box will appear. Click Yes. HijackThis will now remove the checked items.

Click Here to Download HijackThis
(NOTE: You must register and be logged in to download files.)