NOTICE: You Do NOT Have the Right to Reprint or Resell this Handbook. COPYRIGHT© 2010-2014 TekTime IT Consulting LLC - All Rights Reserved

Disclaimer:

While every attempt has been made to verify the information provided in this publication, neither the author nor the Publisher assumes any responsibility for errors, omissions, or contrary interpretation of the subject matter herein. This publication is not intended for use as a source of legal advice. The information contained herein may be subject to varying state and/or local laws or regulations. The Purchaser or Reader of this publication assumes responsibility for the use of these materials and information. Adherence to all applicable laws and regulations, federal, state, and local, governing professional licensing, business practices, advertising, and all other aspects of doing business in the United States or any other jurisdiction is the sole responsibility of the Purchaser or Reader. The Author and Publisher assume no responsibility or liability whatsoever on the behalf of any Purchaser or Reader of these materials. Any perceived slights of specific people or organizations are unintentional. Any unauthorized selling, sharing, or use of this manual, is prohibited by law without expressed, written consent from the author.

PREFACE

First, I would like to thank you for purchasing volume III of the PC Technician’s Virus Removal Manual.

Without loyal readers such as yourself, the strategies, “secrets” and knowledge used to create this

publication would have been shared in vain.

If you own a computer—which I’m sure you do—you have at least HEARD of a computer virus, unless

you’re in a third world country. I’m sure you understand well; viruses are never created to spread

wealth and happiness to unsuspecting users!

Viruses are and will continue to be a problem in the digital world, due to the sheer amount of viruses

being written daily—to the tune of 35,000 new threats released daily—and they become more complex

with each passing year, making them more difficult to remove. Not only that, but malware is not limited

to just computer users per se; it affect servers, websites, entire networks and so much more in this era.

That being said, this eBook will serve as the perfect reference guide, in which to remove viruses, trojans

and other threats from a computer successfully and thoroughly. Regardless of that computer’s function,

from server to datacenter to home-level computer— the solution is right here.

This handbook is not an ordinary eBook, and is definitely not “fun” to read, as a non-fiction novel or

other genre book may be. Unfortunately, I won’t get into my background here, spilling the beans about

where I came from, my expertise, hobbies and habits. I decided to save that for my website! This manual

is strictly for helping others learn the methods and tools that I and various technicians have used, and

use, to become successful in defeating malware.

The strategies shared in this book are listed sequentially or “step by step,” and ideally, for beginners,

should be performed on a computer in the EXACT order and fashion as described in this book, with little

to no deviation, in order to achieve the desired end-goal.

However, it is possible for advanced computer users and technicians to skim through the book to utilize

the software links, or search for information that will enhance their acquired skill sets and increase their

knowledge banks.

If you are a beginner or a novice in virus removal and various technical modalities, you’ll benefit highly

from following each page from beginning to end, unless instructed otherwise within the manual. Have

any questions? Feel free to ask here!

Many of the techniques and software used in removing viruses from a computer are universal; in other words the various techniques are known amongst thousands if not millions of computer technicians.

Please do not misunderstand the purpose of this book, in hopes of stumbling across the “holy grail” of virus removal; there are no “secrets being shared here.” What makes this book extremely valuable is the easy to follow, step-by-step, illustrated instructions combined with hyperlinks to FREE software and UNLIMITED technical support. The techniques and tools highlighted in this book are the exact same techniques and tools used by our technicians on a daily basis, for the purpose of removing malware from computers and networks.

TekTime IT Consulting has a malware removal success rate of 99%. In other words, 99 out of 100 computer viruses are successfully removed without data loss or the need to re-format and reinstall the Operating System!

Beyond that, we successfully remove malware from other networked devices, servers and websites while enhancing security and preventing/minimizing future incidents. Keep in mind that data loss resulting from malware infection may or may not be reversed; this fact needs to be communicated with the customer or client before beginning any work to eradicate the threat.

OUR success equals YOUR success— as long as you use the strategies and techniques written in this book. There are many approaches possible when diagnosing, cleaning and preventing malware, but the approaches used in this book may differ from what others may recommend.

For example, many technicians use a “Rescue disk” or CD-Rom/DVD-Rom that contains anti-virus software and utilities. These disks are used to diagnose/clean malware before the computer boots into its Operating System, and most contain bootable utilities to remove viruses that prevent booting successfully.

NOTE: We will not use the Rescue disk approach in this book due to our strict policy of backing up data prior to performing any cleaning, to avoid data loss and liability.

Since viruses become more and more complex as the years go by, virus removal software can work perfectly fine today, yet fail to detect the threats of tomorrow. For this reason, virus software authors are ALWAYS busy creating new application which will prove to be effective against the onslaught of current viruses. That leads us to the next point….

THIS MANUAL IS UPDATED REGULARLY. Since you have purchased this manual, you will receive an updated copy—FREE OF CHARGE—whenever an update is released!!

Updates to this book will be released periodically as:

New virus removal software tools and utilities are released

New techniques in malware removal are discovered by our team

Revised methods of diagnosis/cleaning are learned by our team

New operating systems are released and information relevant to diagnosis/removal on the new Operating System are needed

Any other information is discovered by TekTime IT Consulting that will prove helpful in removing and preventing viruses.

The author decides to offer more tips, tricks and solutions to your technician’s arsenal, and to provide more value than you paid for!

Computer technicians getting into virus removal will find that this eBook will pay for itself hundreds if

not thousands of times over, just by utilizing the methods described when cleaning your clients’

(or future clients’) computers.

Remember, we provide full technical support to the purchasers of this manual, so feel free to contact us

if you come across any issues while removing malware, or if you would like assistance. We will respond

to your inquiry within 0-3 hours! See you on the other side!

TABLE OF CONTENTS

Chapter I: What’s A Computer Virus & What Are Symptoms of Infection?

Defines computer viruses and lists many common symptoms associated with computer infection.

Chapter II: Preparing For Virus Scanning & Removal

Details on the preparations needed to prepare a computer for virus scanning, including the precautions necessary to protect the user’s original data, from becoming corrupt or deleted.

Chapter III: Scanning For Threats

Learn which antivirus programs are available for free, where to download them, which ones we recommend as most effective, and the steps necessary in scanning for malware.

Learn how to accurately scan a computer, to avoid the chance of not detecting malware that resides on a computer. Also, learn how to avoid “false positives” when scanning for malware, to prevent deleting critical system files or other precious data.

Chapter IV: Reversing Malware-Changed Settings

Learn how to search for malware in common places, as well as how to locate hidden malware. Learn the various settings that malware typically changes, which affect a computer’s reliability and ability to operate. Learn how to revert back to the original “healthy” settings.

Chapter V: Removing Malware That “Kills” Software

Learn the behavior and characteristics of malware, and how many types can be eradicated using manual techniques and software tools. Learn which software tools can be used to kill malicious processes while they are running, even when they resist killing, renaming or deletion. Learn how to discover and remove malware that “clones” or “copies” itself.

Chapter VI: Rootkits - How to Detect & Remove Them

Learn how to identify rootkits by using specialized software to locate hidden files and processes, that wouldn’t otherwise be detectable using conventional, consumer-grade software products. Learn how to identify if a rootkit is actually harmful as some pose no threat at all.

Chapter VII: Confirming Full Removal of Malware within a Computer

Learn how to check a computer to ensure that malware has been removed, and all traces of viruses, trojans, spyware, rootkits are eradicated and cause no harm to an otherwise “healthy” user experience.

Chapter VIII: Safeguards to Prevent Malware Infection & Compromise

Learn methods to secure a Windows computer from malware infections, external exploits, and how to minimize or prevent malicious behavior in the event an infection occurs. Learn how to prevent malware and other threats from executing real-time changes on a computer.

Chapter IX: How to Scan Networks for Malware & Hacker Activity

Learn how to scan individual computers and networked computers for incoming and outgoing threats with harmful intent. Obtain details on scanning an entire network for malware, and safeguarding against infection across a network of computers and devices.

Chapter X: Locating & Removing Malware on Servers & Websites

Learn methods to scan for malware on various types of servers, and how to locate malware or malicious code located within a website. Learn how to secure a website immediately after it has been infected; how to scan for hidden code and encoded script located within web pages and directories, and how to safeguard against future incidents.

I. What’s a computer virus & what are the symptoms?

A computer virus is a computer program that can, for the most part, copy itself and “infect” a

computer. The word “malware” is used as a general term usually, to describe many types of

infections which can and will compromise a computer and its data; these include viruses,

worms, Trojan horses, rootkits, spyware, adware, scripts and more.

Malware—usually spread by unsuspecting computer users who: click on a link, open an email,

transfer media from one computer to another using an external drive; or do to exploits used by

hackers and external threats to compromise a computer. Malware may corrupt or delete the

data on a computer or use the internet to spread to other computers via email, peer to peer

software, websites, code injection, etc.

Trojans and worms are usually created for a specific purpose, such as stealing data, controlling

a computer, sending emails to a spam list, tracking a user’s habits, causing “fake alerts”

prompting the user to spend money to clean the infection, and more.

Viruses are created to cause harm to a computer. Deleting files, rendering a hard drive

unbootable, causing a computer to restart constantly; are just some of many examples of

malicious virus activity. Trojans and worms can often be called viruses simultaneously.

Rootkits enable continuous administrative level access to a computer, while hiding or

“cloaking” its presence from the user(s). Rootkits are often extremely difficult to detect and

take a higher level of knowledge to detect, remove and prevent. These will be explained in

more detail later in this book.

There are many symptoms which could indicate a computer is infected by malware; this

includes but is not limited to the following:

Antivirus software indicates a virus infection on the computer/server

The computer restarts randomly and unexpectedly

The computer will not boot into Windows even though no software was installed nor

updates performed

Windows task manager will not open

Windows does not startup, and a message is shown stating: “…system files are missing.”

“Low memory” errors pop up even if there is no memory true memory problem

You get random BSODs (Blue Screen Of Death)

Your computer seems to “move” very slowly, and your task manager may indicate high

CPU usage, even when you are running no programs at all (i.e. 100% CPU usage)

The computer’s starting or loading time to get into Windows takes excessively long.

Constant pop-ups are appearing and/or browser re-directs (being unintentionally

directed to other web sites than those you’ve selected)

People are receiving emails that you don’t recall sending

Your broadband modem is showing traffic activity, when you aren't using the internet

When new programs are installed, they either don’t work or have constant problems

You are suddenly receiving more spam to your email inbox(s)

Programs that are installed are instantly deleted

Documents and files disappear (deleted)

Windows updates will not install successfully

DVD and CD-Rom drives open and close by themselves

Sounds may play randomly, from the computer speakers

Files and folders will not open at all

WINDOWS SECURITY CENTER has been disabled

WINDOWS FIREWALL or other third party firewall software has been disabled

Instead of logging into the desktop with icons after the Windows “splash screen”, the

computer just shows a black screen and cursor.

Windows password(s) have been changed without the user(s) doing so

Software, files, pictures, music, video etc; start to open/run without the user

commanding those actions.

A computer will not boot up after powering on. (rare cases – “Boot virus”)

You get “you are infected” pop-ups, by an “antivirus” program that you never installed.

You get a constant blue screen with the error: IRQL_NOT_LESS_OR_EQUAL

Your desktop icons, folders, files and documents have “disappeared” (hidden)

You see the “hard drive activity” light blinking, but no programs are running at all.

LAST DATE MODIFIED is showing recent dates for software that you haven’t accessed

recently (in your Windows directories).

Changes in file sizes occur for no good reason; for example a 5MB file now reads as 1K.

Your hard drive space diminishes rapidly without anything being downloaded or

installed by the user

The printer is connected properly and operating, but you cannot print

You notice software icons on your desktop that you didn’t install

You are noticing more emails in your inbox related to your interests, however, you

rarely share that email address with anyone.

You receive a call from your ISP (Internet Service Provider) stating they’ve received

complaints stemming from your IP address.

Your website has been hacked, or spyware is found on your website (for instance,

Google often sends alerts to the administrator’s account when this happens)

II. Preparing for virus scanning & removal

Digital data is consisted of “binary codes,” which is essentially 1s and 0s, translated (encoded)

to be “used” by the CPU. Digital data should be treated as highly fragile, or non-existent,

whenever it comes to performing any type of work on a computer that involves the hard disk.

Removing malware should never be attempted without preparation, to ensure that in the event

of a “mistake” or data corruption, the computer can be restored to its original format; this

translates into preservation of settings, documents, files, profiles, databases, etc.

At TekTime IT Consulting, our policy is preservation of data prior to ANY work being performed

on a computer or network. Therefore we use software which allows us to clone: to make an

exact copy of the customer’s hard drive, which will be used for the purpose of restoring, in the

event the computer becomes unbootable or important files are deleted along with the virus.

Here are the tools we gather prior to beginning ANY work on a personal computer:

“SATA or PATA USB Hard Drive Enclosure” (3.5” for desktop drives, 2.5” for laptop drives)

A hard drive to use to store the temporarily backed up/cloned data; 500GB+ preferred

NOTE: An External USB Hard Drive can be used in replacement of the two above.

A “USB to IDE/SATA Adapter,” can be used in replacement of a USB Enclosure.

Software with the capability to “clone” hard drives. We currently use Acronis True Home

Image 2012.

Since there are several different brands and types of backup software on the market, we are

unable to illustrate how to create a clone of a hard disk, since all software has different options

and menus. If you would like to know how to make a cloned copy of a hard drive, onto an

external drive please email us at support@time4tech.com, and mention the software you are

using or would like to use. Too lazy or tired to do that? Just click here to email us! We will

provide you step-by-step details within 0-3 hours of receiving your email.

All compliments of TekTime IT Consulting for buying this handbook!

Now that you’ve created a perfect, BOOTABLE backup of your or your client’s data, it’s time to

verify the integrity of the clone copy. Continue reading on the next page

Preferably, the hard drive of the customer’s is the same size drive and type as the backup drive

you are using. If so, you just need to plug in the clone copy, and proceed with the process of

booting into Windows. If it boots successfully with the same exact information and setup as the

client’s computer, the data copy is ready to store in a safe place, in case future use is needed.

Remember to store this drive in a place free of direct sunlight, moisture, shock, and/or any

other threat which could damage a hard drive.

NOTE: Strict data security measures should always be a policy, so ANY data copy made of a

client’s data should be IMMEDIATELY destroyed (drive reformatted) after the computer or

problem is successfully repaired and the customer has “signed off” on the repairs as being

satisfactory.

______________________________________________________________________________

UNDERSTAND THE RISKS OF REMOVING MALWARE!

Removing malware does have a set of risks that should be acknowledged prior to beginning any

virus cleaning, on any computer or network. Since we encourage backing up data stringently,

these risks should cost you nothing in the long run—just time! Several risks are, but aren’t

limited to:

Inability to boot a computer successfully upon removing certain types of malware. Since

many viruses replace critical system files with “infected” files, removing those files will

cause problems with stability or reliability due to important files having been deleted.

Upon successfully removing malware, a computer may become unstable, and could

crash randomly, restart randomly, or have many other symptoms that aren’t considered

“normal” operation. It is always wise to prepare for unusual activity, such as programs

that won’t open or crash unexpectedly, random errors and other problems that can’t be

predicted.

Inability to access the internet and/or the local network. Many types of malware can

and will change: proxy settings of various browsers, change TCP/IP settings, host file

settings, firewall settings, router settings and much more. After removing a virus, you

may find that the computer can no longer access the internet. There are various ways to

troubleshoot a computer that can’t access the internet due to malware [removal], but

we won’t cover all of them in this handbook, to save time and avoid boredom!

Ancient Windows XP computers which were infected with malware may have damaged

WINSOCK files. If you remove viruses on an XP computer and can’t access the internet,

download Winsock Fix by clicking here. That usually does fix the issue; if not contact us!

Inability to access Internet Explorer and/or download Windows updates. So many types

of malware tend to target and infect poor Microsoft’s software. Often enough, Internet

Explorer will display a “Page not found” or similar message when attempting to access

the internet after removing a virus. If you encounter problems accessing Internet

Explorer after removing a virus, feel free to email us at support@time4tech.com. We

will have an answer (or assistance) to your problem within 0-3 hours…totally FREE!

Inability to install software. Many threats also attack the .MSI installer which is needed

for Windows to install and uninstall software. There are also ways to get around this

problem so feel free to contact us if needed at the above address for a quick solution.

________________________________________________________________________

PREPARE FOR SCANNING!

1.) Disconnect from the internet. Malware can connect to the internet, update itself when

needed, and proceed to download more malicious software from the internet; upload

sensitive data to the internet (i.e. sensitive client information and company-critical

database records) and much more. As well, if there is a network present with other

computers attached, those computers could become infected as well. Always

disconnect the internet as a first step to prepare for scanning a computer infected with

malware. If you’ve created a subnet, you can connect an infected PC to the Internet

with less chance of incident. Otherwise, All PCs connected to your network should also

be disconnected.

2.) Create a current Restore Point. Open SYSTEM RESTORE (System Protection in Vista and

Windows 7). Create a restore point for the current day in which the virus is being

removed. A current restore point will aid in restoring the computer to its original state

in the event there are problems encountered during or after the cleaning.

3.) Remove all writable media. Disconnect all memory cards, external USB drives, and

other storage devices from the computer. Viruses tend to spread easily to drives and

media connected to an infected computer, so it’s best to disconnect any to lower the

risk of spreading the infection.

4.) Create a cloned copy of the suspected/infected hard drive.

Attach the external USB backup drive to the infected (or suspect) computer. At this

point, you should have your “Cloning Software” as noted earlier, ready to create a

cloned copy of the hard drive in case something “bad” happens during the process. We

won’t cover the cloning process in this eBook, but feel free to email us for FREE

assistance if needed, to complete the cloning process.

NOTE: If you elect NOT to clone the drive, you may be liable for loss data!!

Please remember that due to viruses and other errors, it may be possible that a drive

will not “clone.” In such an instance, manually backing up important data is needed.

NOTE: You MAY need to reference item#5 - below, to create a clone copy of the hard drive, as it is sometimes not possible to “clone” a hard drive via USB, while it is connected to the “source” computer. In that scenario, attach the “backup” drive to a master computer, and then attach the “infected” drive to an additional enclosure, to create a copy. Two USB enclosures (or adapters) will be needed in this situation.

5.) Remove the infected hard drive from the computer.

Carefully remove the infected drive or the drive that you would like to scan, from the

computer. Whether a laptop or desktop, hard drives are very straight forward to

remove, and require a Phillips head screwdriver, anti-static surface and a bit of

patience!

NOTE: It’s best to use a “static free wristband” when working with hardware

components to prevent electrostatic damage, but working on a wooden or non-

conductive surface will help greatly, as well as resisting the urge to work on a computer

in a carpeted room.

Next, attach the hard drive to the USB Hard Drive enclosure. Example enclosures are

shown below for your reference. Notice the differences between a laptop enclosure and

a desktop enclosure.

Desktop Hard Drive Enclosure:

Laptop Hard Drive Enclosure:

Once the hard drive is connected properly and plugged in, the drive is now ready to be

attached to a different computer; that contains the needed scanning software. Now you

have completed the Preparation process.

NOTE: If you do NOT want to use an external USB drive, and you don’t feel comfortable

removing a hard drive from a computer, that is totally understandable. To scan a

computer for viruses that will not allow software to be installed, or that doesn’t boot,

you will need to use a “rescue disk” to boot the computer and scan for malware outside

of the Windows Operating system.

We will discuss rescue disks in an update to this manual - in the near future. In the

meantime, please feel free to email us for any assistance with creating/buying a rescue

disk to scan a PC for malware!

Also, you should perform a “manual backup”, by copying and pasting the files from the

computer you are working on, to an external media such as a CD, flash drive, etc; to

safeguard the client’s important data in case the computer no longer boots during or

after the virus removal.

Performing Manual Backups:

Files that you want to copy and paste include: My Videos, My Music, My Documents,

My Pictures and bookmarks, as shown on the next page.

Next, search for any music, picture, video or documents that may be on the computer

and not saved in the various “MY” folders.

Click on Start on the taskbar, and click Search.

Next, choose from the selection of options (shown on the next page is a picture of the search box in Windows Vista and Windows 7, for reference; XP will appear differently).

Click the first option shown below: Pictures, music, or video

Next, click on all of the boxes as shown below, and then click on Search

Now, you will notice ALL of the pictures, music, and videos on the hard drive will start

showing in Windows Explorer. Allow the computer to scan for ALL of the files until it is

completed. Once it is completed you can Copy and Paste the files onto the USB backup.

Now, repeat the same process as you did when searching for music etc, but choose:

Documents (word processing, spreadsheet, etc.)

Next, allow the computer to search for documents the same as when you searched for

music, video, pictures and other files. Copy and paste what is found onto the USB

backup drive. Repeat this step for ALL FILES AND FOLDERS next, and then you can

manually search for any other data the user may need such as web browser bookmarks,

.exe files, etc. Once you have backed up all of the data manually, you are ready to scan

for viruses!

Please remember that the manual backup method is used as an alternative to using the

external hard drive enclosure and cloning a drive, to preserve data.

IF YOU DON’T NEED TO BACKUP, OR CAN’T BACKUP FILES, AND YOU AREN’T USING AN

EXTERNAL HARD DRIVE, YOU CAN STILL REMOVE MALWARE WITH A VERY LOW

CHANCE OF DATA LOSS. DO NOT PROCESS TO THE NEXT CHAPTER. INSTEAD, CLICK

HERE.

Sorry!

Unfortunately, this is the end of the PC Technician’s Virus Removal Manual – Version 3.1 sample. _________________________________________________________ Click here to purchase the full version!

You’ll have full access the remaining pages, resources, unlimited technical support and unlimited updates that we offer!

Thanks again for taking interest in this handbook. See you on the other side! Sincerely yours,

Jarvis Edwards - Author