I find that reformatting is usually not necessary.
Here's how I clean up a machine.
1) Download autoruns, check 'hide microsoft signed entries', refresh,
and go through line by line, writing down the file names of obvious
viral infections, such as c:\windows\system32\qalskj.dll
2) If you have a rootkit or think you do, use Icesword to detect.
3) Don't even think about using safe mode. This stuff still loads in
safe mode. You must use a boot disk.
4) Boot off a CD of some sort. Some linux disks may work, but I use the
Windows install disc and go into the command line/recovery mode and
delete the files. You need access to the windows partition to delete files.
5) Boot normally, run autoruns again and delete the entries.
6) Use an online scanner like the ones mentioned previously to clean up
any residual, but if you've deleted all the files, you won't have an
active infection. I find that using any sort of program to remove an
active infection is fairly useless these days.
System should be clean if you've carefully deleted every file that
doesn't belong.
|