No no no no no....NO! 
Let me clue you in on a few "secrets" the BestBuy Geek Squad boys do not want you to know. There are plenty of free tools you can use to clean even the most infected operating system. All it takes is:
- A little bit of your time
- Access to an uninfected PC with a CD burner
- A bit of technical know-how (you do not need to be a PC tech). You should be comfortable with using CDROM burning software. Familiarity with getting into and changing the BIOS setup of a PC may also come in handy.
The process I will detail below is what I do when a neighbor / family member / friend brings me an infected system to clean. I've been using this process for years and it has rarely failed to remove all viruses from even the most heavily infected PC. As a sidenote, I used to do this for free, but now have so many people come to me to fix PCs I charge a nominal fee for my time and run a very small side business which supports my home cockpit / flight sim hobby.
Step One - You have to start from the outside looking in..Understand that attempting to repair an infected operating system by first booting INTO said infected operating system (
yes...even in safe mode) and running an anti-virus program WITHIN the infected operating system is a VERY. BAD. IDEA. Why?
- Many new viruses are sophisticated enough to disable, fool or worse replace an installed antivirus program.
- A good number of viruses use registry tricks to lock out executable files (e.g. .exe and .msi files).
- Even if you are lucky enough to be infected by a virus that doesn't do these things, most viruses will pull down other viruses from the internet to maintain the lock of the operating system...so guess what...you will likely end up with a virus that does!Best starting approach is to download a bootable antivirus rescue CD image and burn it to a blank CD-R or DVD-R. You will want to perform this task on another PC that is NOT infected.
DO NOT ATTEMPT TO DO THIS ON THE INFECTED PC.There are a number of open-source / free and commercial-but-free CD images out there. Here are some of my favorites.
1.) AVG Rescue CD -
http://www.avg.com/us-en/avg-rescue-cd2.) BitDefender Rescue CD -
http://www.bitdefender.com/support/how-to-create-a-bitdefender-rescue-cd-627.html NOTE: Takes a long time to boot and update.
3.) Dr.Web -
http://www.raymond.cc/blog/download/?did=1318You will need to download one of these CD images (AVG is my first choice), burn it to blank CD-R or DVD-R media. If you do not know how to burn a .iso image to a CD or lack CD burning software (e.g. Nero)the following link may be of help to you:
http://www.imgburn.com/.
*Once you have downloaded the image and burnt it to CD, the next step is to "boot" the inflected PC from the CD
**. Also make sure the PC is connected to the Internet. If the PC uses wireless to connect to the Internet, it is best for you to "hard wire" the PC or laptop into your router using a network cable rather than use wireless (just trust me on this). You need to be connected to the Internet in order for the antivirus software on the CD to download the latest virus definitions. If you can't connect the PC to the Internet there is a chance the virus(es) on the PC may not get cleaned, especially if its a new virus.
Insert the CD and turn on the PC. You should see the CD spin and the Windows Startup will not display. You may get lots of text scrolling across the screen. This is normal...almost all of the free bootable CDROM tools run using the Linux operating system...so in essence you are starting your PC using Linux. Note this does
not replace your Windows operating system installation....it simply bypasses the installed operating system and runs the Linux operating system on the CD.
At this point I will assume you using the AVG CD. If you are using one of the other tools the sequence or choices may very.
1.) Once you have successfully booted, you should be presented with a menu of options. If you have the PC connected to the Internet, Choose the Update menu option. This will Update the antivirus software. Once you have successfully updated the software, run a scan by choosing Scan on the menu. It may take a while for the Scan to complete.
2.) Once the Scan is complete, choose Scan Results. This will show you what was detected and give you the option to clean the detected infections.
3.) Once the detected infections are cleaned, go back to the menu and choose Shutdown to shutdown the PC.
Step Two - Taking the fight inside (the operating system that is)....Time to see if you've cleaned enough of the infection to boot Windows.
1.) Time to download some additional tools from the
uninfected PC. DO NOT ATEMPT TO DOWNLOAD ANYTHING TO THE PC THAT WAS/IS INFECTED. Until the PC is confirmed clean, anything done on this PC must be considered suspect.
You will want to copy these files to a CD or a USB flash drive after you download them. The download links are:
- Malwarebytes AntiMalware:
http://www.malwarebytes.org/products/malwarebytes_free/ - Spybot 2 -
http://www.safer-networking.org/spybot2-own-mirror-1/- ClamWin Portable -
http://portableapps.com/apps/security/clamwin_portableBe sure to choose the "Free" versions for Malwarebytes and Spybot, not the pay versions.
2.) Unhook your PC from the Internet completely. If you have or use wireless, either turn off the wireless on the PC or unplug your router for now. The reason you are doing this is to make sure any remnant of the infection Windows it does not pull down additional viruses and reinfect the PC. If the Internet connection is down, the virus should have limited reinfection options. Do not reconnect the PC until I instruct you to do so later.
3.) Power on the PC and let it boot into Windows - Be sure to remove the antivirus boot CD from Step One or you will be back in Linux.
4.) Sign into Windows and navigate around. If all went well, the system is likely more responsive and may no longer show outward signs of an infection (i.e. functions locked out, menus messed up, etc). If this is the case its a very good sign...but we are not finished.
5.) Insert the CD or USB flash drive containing the three tools above. Copy the tools to your desktop.
6.) Reconnect the PC to your router / internet connection.
7.) Run the Spybot install. Once installed, run the update to make sure you have the latest definitions then run a FULL scan of your system.
8.) Once the scan is complete, reboot the PC and log back in...if everything seems OK, move on to #9.
9.) Install and run Malwarebytes Antimalware - Once installed run the tool - update the definitions- Run a full scan, once complete, move to #10
10.) At this stage, unless the scan results still showing malware infections, you are likely OK.
11. (optional)) Run ClamWin Portable, let it update its virus definitions and run a full scan.
That should do it. If the system is clean, please make sure the operating system has an up-to-date antivirus software installed and running. If you don't, I suggest and personally use AVG (
http://www.avg.com) for years with zero problems. AVG also has a fairly small CPU utilization footprint, which is great for gamers....unlike McAfee or Norton which, IMHO, are bloated software cows. The FreeAVG version is fine for most, but do consider using the paid version and support these fine professionals.
If the system is still infected, you will unfortunately need to take the system to a professional.
Honestly, this should rarely be the case.
Hope this jumbled mess helps.
Fulcrum * You can also use the images to create a bootable USB flash drive. I advise against this, however, for the following reasons:
- Some older PCs won't boot from USB, while almost all PCs built in the past 8-10 years will boot up from a bootable CD.
- Creating bootable USB sticks is a bit more complicated and involves the use of additional tools like UNETBOOTIN (http://unetbootin.sourceforge.net/.** Many PCs are automatically set up to boot from a CD if the CD is bootable, others require that you press a Function Key at startup (usually F10 or F12) to go to a "Boot Selection Menu", finally some PCs may be able to boot from CD but the boot media preference order is not right i.e. the PC is setup to boot from a Hard Drive first, a floppy (ye gods, who uses those damn things these days) second, a USB stick, the CDROM forth, etc). If the PC does not boot from the CD and there is no mention of a "Hit F12 for Boot Selection Menu" at startup you will likely have to go into the BIOS/Setup and change the boot order. Most PCs require you hit the Delete, F1 or F2 buttons at startup to get into the BIOS setup. Once in, you will have to look for a "Boot" menu and follow whatever instructions are presented once you find the Boot Media Order menu. Unfortunately I cannot be more specific as the BIOS can very depending on PC and BIOS manufacturer.
