How to disinfect -almost- any infected computer using Hiren’s BootCD.
As the volume of malware programs is growing extremely fast in the last years, it is difficult for antivirus programs to deal with them. This happens because every antivirus program must update its database with the new virus signature (first) in order to disinfect an infected system or to prevent a system from being infected.To be able to clean your infected system, first of all you need a clean bootable media CD (or USB) image in order to start your computer in a clean environment and then disinfect it from malware. For that reason, in this guide, I use the Hirens BootCD media, because it contains a clean bootable image integrated with some amazing free antimalware and cleaning utilities that can help you easily disinfect your computer from any malware.
How to disinfect an infected computer using Hiren’s BootCD.
Step 1. Download Hiren’s BootCD
1. Download Hiren’s BootCD to your computer.*Scroll the page down and click on “Hirens.BootCD.15.2.zip” )
2. When the Download is complete, right-click on “Hirens.BootCD.15.2.zip” file to extract it.
Step 2: Burn Hirens BootCD into an optical disk.
Note: If you don’t have a CD/DVD drive on your computer (e.g. if you own a netbook) then follow this guide: How to put Hirens BootCD into a USB stick.Step 3: Boot the infected computer with Hirens.BootCD.
1. First, make sure that your DVD/CDROM Drive is selected as first boot device in BIOS (CMOS) Setup. To do that:- Power On your computer and press “DEL” or “F1” or “F2” or “F10” to enter BIOS (CMOS) setup utility.
(The way to enter into BIOS Settings depends on the computer manufacturer). - Inside BIOS menu, find the “Boot Order” setting.
(This setting is commonly found inside “Advanced BIOS Features” menu). - At “Boot Order” setting, set the CD-ROM drive as first boot device.
- Save and exit from BIOS settings.
3. When the “Hiren’s BootCD” menu appears on your screen, use your keyboard arrows keys to highlight the “Mini Windows Xp” option and then press “ENTER”
Step 4. Delete Temporary files.
In this step we proceed to delete all contents from infected system’s temporary folders: “Temp” & “Temporary Internet Files”.* Note: “Temp” & “Temporary Internet files” folders are created and used by Windows to store temporary files that are created by Windows services or other software programs (e.g. “Internet Explorer”). These folders are also used by malware programs (viruses, Trojans, adware, rootkits, etc.) to store and execute their malicious files. So, when we delete the contents of these folders, we remove all scrap files and also all potentially malicious files, without affecting computer operation at all!
First let’s find out the main local disk’s drive letter. The main local disk is the disk where Windows are installed on. To do that:
1. From “Mini Windows XP” desktop, double-click at Windows Explorer icon.
When Windows Explorer opens, you should see all the drives that installed on your system. The list includes the Hirens BootCD drives (“RamDrive”, “HBCD 15.2” & “Mini Xp”) and your local disk drive (or drives).
For example in a Windows XP based system with one hard disk installed on it, you should see the following drives:
- (B:) RamDrive
- (C:) Local Disk
- (D:) HBCD 15.2
- (X:) MIni Xp
2. In the above example the main local disk is marked with letter “C”. If you see more than one “Local Disk” listed on your computer, then you have to explore all “Local Disks” contents, until you find in which “Local Disk (Drive Letter)” Windows are installed.
3. When you find out, the main local disk drive’s letter, navigate to the following locations and delete all contents found inside the “TEMP” and “Temporary Internet Files” folders.
Windows XP:
C:\Temp\
C:\Windows\Temp\
C:\Documents and Settings\<USERNAME>\Local Settings\Temp\
C:\Documents and Settings\<USERNAME>\Local Settings\Temporary Internet Files\
C:\Documents and Settings\Default User\Local Settings\Temp\
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\
Windows 8, 7 & Vista
C:\Temp\
C:\Windows\Temp\
C:\Users\<USERNAME>\AppData\Local\Temp\
C:\Users\<USERNAME>\AppData\Local\Microsoft\Windows\Temporary Internet Files\
C:\Users\Default\AppData\Local\Temp\
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\
C:\Users\All Users\TEMP\
4. Also clear the contents of “Temp” & “Temporary Internet files” folders for any other user that using the infected computer.
5. Close Windows Explorer.
Step 5. Activate Mini Windows XP Network connection.
Now we ‘re going to activate the network connection in order to be able to connect and download files from the Internet.Attention: If you work on a laptop computer, then connect your laptop to network by using an Ethernet cable before you continue to this step. “Network Setup” utility doesn’t recognize properly the Wi-Fi cards,
1. From “Mini Windows XP” desktop double-click at “Network Setup” icon.
2. When “PE Network Manager” starts, drag and leave your mouse on “State” sign to check if your computer is connected (to the network).
3. After that, make sure that your network card has obtained a valid IP Address. To do that click the “Info” button.
4. At “Network DHCP information” window you must see a similar screen:*
* Note: The “IP Address”, “Subnet Mask”, “Default Gateway” and “DNS Server” fields numbers may differ on your computer.
If the “IP Address”, “Subnet Mask”, “Default Gateway” and “DNS Server” fields are empty, then you won’t be able to connect to the network. If this happens, check your cables or specify manually the Network Address settings. **
**In order to manually specify your Network settings, from the main “PE Network Manager” window, click “Obtain an IP address automatically”.
Type manually your “IP”, “Subnet Mask”, “Default Gateway” and “DNS Server” addresses and click “Apply”.
5. Close “PE Network Manager” utility.
Step 5. Disinfect the infected computer with RogueKiller.
1. From Mini Windows XP desktop, double-click at “Internet” browser icon.2. Navigate to “http://www.adlice.com/softwares/roguekiller/” and scroll the page down until you find and click the “RogueKiller” download link. *
* Note: You can also find the “RogueKiller” download page from “www.wintips.org” website (Under “Tools & Resources” section).
3. At the pop-up window, click “Run” to run “RogueKiller.exe” file.
4. When the pre-scan is completed, read and “Accept” the license terms.
5. Press the “Scan” button to scan your computer for malicious threats and malicious startup entries.
6. Finally, when the full scan is completed, press the “Delete” button to remove all malicious items found.
7. Close “RogueKiller” and continue to the next step.
Step 6. Remove Malware with Malwarebytes Anti-Malware.
1. From Mini Windows XP desktop, double-click at “HBCD Menu” icon.2. At Hiren’s BootCD 15.7 – Program Launcher window, go to “Programs” > “Antivirus/Spyware” and click “Malwarebytes’ AntiMalware”.
3. Press any key when the following screen appears.
4. When “Malwarebytes’ Anti-Malware” appears on your screen, select the “Update” tab and click “Check for Updates”.
5. When the update is completed, press “OK” to close the information pop-up window.
6. Now click the “Scanner” tab.
7. Click to activate the “Perform full scan” option and then press the “Scan” button.
8. At the next screen leave only your main local disk drive’s letter selected (e.g. “C” in this example) and unselect all other drives listed. Then press the “Scan” button.
9. Wait until Malwarebytes Anti-Malware scan your computer for malware.*
* Note: When the program finds threat objects, you ‘ll see that “Object detected” field becomes red counting the infected items as the scanning procedure continues.
10. When the scanning is completed, press the “OK” to close the information window and then press the “Show results” button to view and remove the malicious threats.
11. At the “Show Results” window check – using your mouse’s left button- all the infected objects found EXCEPT the following three (3) objects:
- Malware.Packer.Gen | File | X:\I386\System32\keybtray.exe
- Malware.Packer.Gen | Memory Process File | X:\I386\System32\keybtray.exe
- PUM.Hijack.Help | Registry Data | HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp
12. Finally press the “Remove Selected” button to disinfect your computer.
14. When Windows are loaded, ensure that your computer is totally disinfected from malicious programs by following the steps in this guide: Malware Removal Guide to clean your infected computer.
If you want to stay constantly protected from malware threats, existing and future ones, we recommend that you install Malwarebytes Anti-Malware PRO by clicking below (we do earn a commision from sales generated from this link, but at no additional cost to you. We have experience with this software and we recommend it because it is helpful and useful):
No comments:
Post a Comment