How to Kill it With Fire: Scootareader's Virus Removal Guide · 6:39pm Oct 19th, 2014
First of all, my credentials. I went to school for about 2 1/2 years to learn troubleshooting and repair for PCs and networks for Windows operating systems, and for the entirety of the time I put into it, I came out with a few certifications: A+, Network+, Microsoft Certified Technology Specialist (MCTS), Microsoft Certified Information Technology Professional (MCITP), and Microsoft Certified Solutions Associate (MSCA).
Not a single one of those taught me how to remove viruses myself.
The guide below is how I learned to remove viruses by wingin' it. I've gotten a handful of viruses before--two or three--and also gotten to work on viruses that other people got, and have probably removed about a dozen or so using this method now. I can only remember breaking a computer once by doing this, and it was one of the first.
It should be said that if you don't have a general sense of how computers work, you should probably find someone who has a better handle on how computers work. This guide is for tech-savvy-sorta people, like those who understand what folders are and how to double-click (mostly just everyone who's not my step-mom).
Before you start: Go to Control Panel > Folder Options > View > Hidden files and folders and mark it to “Show hidden files, folders, and drives.” A little further down, unmark the checkbox for “Hide protected operating system files (Recommended).” Most virus creators will mark their viruses with the Hidden attribute, making it far more difficult for the average user to find the malware. A smaller number are smart enough to mark them as operating system files, which are also most commonly hidden files. Two quick fixes to let you see everything.
1. Disconnect yourself from any and all networks. If it is a physical cable, unplug it. If it is WiFi, shut the antenna off. Most viruses will replace missing pieces of themselves through frequent checks, and they will replace these parts most often using online databases.
2. From a Run line (Hold the Windows key and press R, or just type into the search bar for Windows 7), type “msconfig” and press Enter. This will open a System Configuration tool. Go into your Startup tab and find any startup items that you do not immediately recognize as trusted software. Disable them. Most viruses use Startup services to start working as soon as a computer is started, so disabling suspect services is a good early step to take.
3. For these suspect Startup items, look in the “Command” column and check the file paths. If they lead to trusted software, they are likely trusted software that you installed and didn’t know the name of. They are not necessarily safe and do merit looking into. Now, follow these file paths and see what you come across. If they’re files or folders you don’t recognize, delete them. Seriously. Unless you verify that it is tried and true software, then chances are the name is trying to hide something and is probably what gave you the virus. And DO NOT forget the names of any of these. It will be incredibly helpful having names written down of these things for later. Also make sure that, if you’re not 100% confident it’s a bad thing, that you check inside the files and folders and check out what’s inside. If it sounds like Windows will break if you remove it, keep it.
4. Now, search both Program Files and Program Files (x86) (or just Program Files if you don’t have both) and look for anything suspicious-sounding that you may have missed from hunting Startup items. Be similarly scrutinizing of anything that doesn’t sound explicitly safe. If you leave a single tiny piece of the virus somewhere, it will all come back. After that, also search Common Files (if you have it) for anything that isn’t, like, Intel or Nvidia or an obvious reliable software developer, then just delete them.
5. Now go to Users > [username] > AppData (should be a hidden folder) > Roaming and do the same thing you’ve done the last few times for this folder. Go back up a folder and do the same for Local. LocalLow shouldn’t have anything potentially bad (the Low means it’s low security access), but it can merit a check.
6. This is only recommended for those who have a knack for knowing if something is important or not, because you’ll be editing the registry. From the Run line, put in “regedit” and press Enter. Now, take the list of suspect files (the things you either didn’t know you had or never got in the first place) and start searching the registry (ctrl+F) for any strings containing the names you don’t want. Then, delete the folders containing those registry strings. It’s not that difficult to delete an important string, so it is helpful to look at the parent folders holding the registry and make sure they’re not Microsoft folders or anything. It’s good to do mock-searches of the registry using trusted files and see what a good file looks like in the registry, so you’re not going in completely blind and deleting important keys that will prevent your computer from starting up again. Since editing the registry isn’t a crucial step, backing up your Windows install before you do this step (in theory, the virus may be gone) is wise to do until you’re more confident in your registry navigation.
Why the risk of editing the registry? Well, it contains strings and values that connect everything to everything in your computer. File extensions, like .exe and .sys, are connected to the Windows shell through here and can be broken if you delete their associated strings, preventing you from launching the most basic stuff. If you are deleting all the strings that contain the name of a virus or a program, it’s basically breaking every connection that they have made to your operating system. If you do this properly, there will no longer be Startup items for the strings you deleted in System Configuration and anything else the virus may have been trying to get ahold of is now ended, done and over. This is typically mop-up work to erase every remaining trace of the virus and ensure it’s completely gone.
7. Now, restart your computer. Do NOT reconnect it to the network yet. After the restart, re-check every single thing you did. There should be no more Startup items for the items you removed, no folders or files you deleted, and no strings in your registry, and you should have booted just fine.
8. Now, reconnect your computer to the network. Re-check all of your folders for replacements of deleted items. If you find replacements, disconnect again and do a more thorough scrubbing. If you don’t see any replications, restart your computer and do one more check. If you still didn’t get any replications, you’re virus-free!
Yeah, it’s a lot of checking and re-checking, because that’s exactly what viruses do. They’ll come back in the moment your back is turned, so catch them in the act. It can never hurt to re-check the folders you did 5 minutes ago and see if they tried to replace their missing files.
If you think I'm doing something wrong or that my guide can be improved (more screenshots, maybe?), feel free to let me know. I enjoy learning and sophisticating what I've learned, then helping others learn. 
I thought it was pretty sexy, but then, I love going through the registry myself whenever there's a problem with my computers.
2543534
Also an extremely useful tool when it comes to destroying viruses and their ability to do anything in relation to anything.
The registry is one of the most powerful tools available to an administrator.
2543541
And for getting rid of programs that stubbornly refuse to uninstall.
2543543
I always check Programs and Features for "installed" programs that I never installed and sound fishy too.
Aaaaand you just reminded me of a step I missed.
I'll try to remember to screenshot that and add it to this when I get home. I can't screenshot most things on my work computer because confidential information and whatnot.
2543546
Aw, but I like confidential information.
I can testify that percussive service -- banging on the machine until it starts functioning properly -- does not work in this case.
Just once, I want to hear about a convicted virus writer being dispatched to Tartarus.
What sorcery is this?! Scootareader being serious with legitimate computer advice? What happened to the gadfly I knew and loved?!
2543612
I was asked to provide a guide on virus removal, and I have technical knowledge. I thought I'd do those few people who follow me a service.
You are a saint, thank you so much man. I now know a lot more than I used to about this.
Why don't you just delete System32? That always seems to work.
2544054
mylittlefacewhen.com/media/f/rsz/mlfw1590_small.png
actually, there is a quicker way of doing this.
1. go to debian/arch/whatever website and download iso
2. make a bootable usb
3. boot and overwrite windows
2544083
Ironically, I am currently running Linux on my home machine. Sadly, most end users are too thoroughly entrenched in Windows to make the switch. If you want to be able to fix the computers of friends and family (and make some side job money, mayhaps), you gotta learn Windows architecture. It's just what most people run on home computers.
2544085 photoshop, 3ds max and all that shit runs only on windows. i am stuck
2544088
Wine, dude. I run Windows games regularly on Wine. I even installed Steam on Wine so I could run my Windows-only Steam games over Wine. It's some pretty awesome stuff.
I can go into more detail on how Wine works in PM, if you like.
2544097 i doubt it will be able to use cpu/gpu efficiently for video rendering or raytracing.
2544146
According to an online forum, this is what you're looking for if you're talking about running 3DS Max over Wine.
Other things of note said in the forum:
PlayOnLinux, by the way, is a database of Wine presets that you can download to get applications to run on Wine without having to do any configuration yourself. It works really well.
EDIT: Also, I learned how to edit pictures in Photoshop, but I like GIMP a lot now. It's not that much of a stretch to learn a new application, and it does everything Photoshop can do. Plus, it's free without having to steal. Feels pretty nice knowing I can't get sued for several thousand dollars.
2544189 i use max for a reason
blender is for masochists
also i have been using gimp for years, in the end switched for photoshop. gimp simply sucks for painting. ;_;
edit: there is also video editing. pretty sure that area is completely unexplored on linux.
2544216
>painting
>on a computer
stuffpoint.com/my-little-pony-friendship-is-magic/image/101461-my-little-pony-friendship-is-magic-rd-wat.jpg
2544221 ???
http://en.wikipedia.org/wiki/Digital_painting
2544225
>digital painting
>on a computer
img1.wikia.nocookie.net/__cb20120305171424/mlp/images/d/db/Iron_Will_thumbs-up_S2E19.png
2544238
i do not even know how to draw traditionally .-.
2544240
Neither do I. I have drawn several pictures traditionally without any knowledge of how to draw, though.
lh6.googleusercontent.com/-rv1O02595bg/U9P4qwqFdwI/AAAAAAAAAKg/H0HMSnqPJtk/w1125-h844-no/20140726_114731.jpg
lh5.googleusercontent.com/--AHJhqHTAvE/U9PulzNK7-I/AAAAAAAAAKM/KfyUasVVzEs/w1125-h844-no/20140726_110230.jpg
lh6.googleusercontent.com/-9KkNcuQqxFw/VBz2UUE3YWI/AAAAAAAACAw/PbaKnBs0Jz0/w633-h844-no/20140919_203622.jpg
Unrelated picture of my cat:
lh3.googleusercontent.com/-VrQY-Kr3Oq4/U_wrxJMiYwI/AAAAAAAABuo/d7bQuPwf0w0/w1125-h844-no/20140825_233943.jpg
2544251 the very last pic was pretty good, i can sure see some progress.
2544253
I have a few other hand-drawn pictures hidden away in my room. I may take pictures of those and share them with you, if you're interested. 
Actually, those are in reverse order of when I drew them.
I sucked a lot when I first started drawing. I got the proportions all wrong and gave the ponies either melon heads or flat faces. I studied the faces pretty closely and now I can draw a pony without having to base a picture off of it. Liam Neeson pony and the pineapple pony are both examples of me wingin' it.
2544253
Oh, I should also point out that the ones with the emo pony and pineapple pony were both done completely in pen. They were all one take, no mistakes.
2544253
That's not nice.
Hey, wait a minute.
2544263 you drew the cat first? impressive!
...
2544251 These are glorious. Can you illustrate my trollfics?
2544085
Windows is the OS that all non Apple computers come with when they buy them so they have no reason to switch.
2544939
Oh jeez. A request? I may just have to do that.
2545651
Granted, buying a pre-built (as basically all laptops are pre-built and most end-users don't need a desktop) would mean you don't have to choose an OS. Windows does dominate the end-user market.
2545733
I meant desktops too.
2545908
Pre-built desktops come with Windows too, yeah. I'd imagine that, with modular components, it's easier to get Linux to run on a desktop, therefore the OS usage of alternatives is higher on desktops (still less than 2%, so I'd say negligible), but that would be a complete guess, as:
For most users, the word "customizability" is a direct contrast to "user-friendly;" in Linux's case, this is partially true. I have a list of things that I should probably run about weekly, but it wouldn't matter even if I could because one of my partitions is too small for me to update my base Linux installation and it keeps yelling at me that I need another 11MB on my partition labeled "boot." I guess that's a shining example of letting the OS make the decisions for me and the OS choosing wrong. Then again, I get plenty of issues with Windows; the really sad part is that, when Windows dominates ~95% of the OS market, I still can't find reliable solutions to my problems, whereas the less than 2% Linux community has not once told me I'm on my own. There are solutions to every problem.
Now that I know what I did wrong and how to properly set up a drive with Linux, maybe I'll tell Ubuntu to get in the back seat and I'll partition my drive properly myself.
I tried when I first installed, but I guess coming in with no knowledge and trying to puzzle out (or google, more commonly) solutions is a great way to learn things about my computer. I guess, if you're afraid of learning, that's a bad thing, but problems with Windows often require paying a technician to tell you you're boned, whereas problems with Linux are incredibly well-documented.
Seriously, Ubuntu 14.04 feels almost exactly like my old Windows installation. I get error pop-ups telling me I'm stupid, just like Windows used to do, but this time I know what's causing them and intend to fix said issues.
2545970
I have no idea what you are talking about.
I haven't taken college courses, remember.
2545980
I've never been to college. Just certifications, sir.
Okay, so you use Windows. Under the hood, it can get really, really complicated. I won't get too complicated on this.
Let's just take this at face value. Windows is on a component in your computer called a hard drive. That's just how it works.
pchelpplanet.com/wp-content/uploads/2012/12/hard-drive.jpg
This is what a hard drive looks like. The "HDD" label on it means Hard Disk Drive, which is the full name for it. Everyone calls them hard drives.
fstopacademy.com/wp-content/uploads/2012/07/hard-drive-.jpeg
This is what the inside of a hard drive looks like. That big shiny disc in there is called a platter. It holds Windows and all your files on it. Yes, that big piece of metal. How isn't important.
Now, imagine making cuts on that disc. Like a pie chart.
psdgraphics.com/file/pie-chart-icon.jpg
You can do that. It's called partitioning. You're cutting up that metal disc so only certain information can be put in certain places on the disc--not physically, of course, but to your computer, you're cutting up your space.
Your computer's main storage is your C: drive. It's usually called Local Disk (C:). That's the partition that Windows is on. You took that little slice of pie and put Windows on it.
You can make other partitions; the most common second one is Local Disk (D:), but if something like a DVD drive has already taken that letter, it'll go to Local Disk (E:). If you make another partition, it goes to Local Disk (F:), then Local Disk (G:), etc.
Why not A or B? Something to do with floppy disks and Microsoft being stupid.
Now, imagine, if you will, putting other things than just Windows on those other partitions.
You can do that.
There's no reason why you can't put, say, Linux on Local Disk (D:). You already cut up your drive, it's not like Windows and Linux are going to find each other in the middle and say "Hey, fuck you, this is my hard drive."
Of course, the implementation is a little more complicated than "this partition is Windows and this one is Linux." Windows requires two partitions to install, but it's recommended that you make three for reasons I won't go into. By default, it creates two, because the average user wouldn't know what to use the third partition for.
Linux requires three partitions. It will automagically set up your three partitions for you, but if your main hard drive is some weird new type of hard drive that's super fast and is pretty expensive so you can't afford a big one so you went with a 64GB one because that's all you could afford at the time (mine is exactly that), then Linux isn't the smartest about its pie slices. One of those pie slices is telling me, "You didn't give me a big enough piece of the pie, you dick."
It's like you have three siblings. Their names are Root, Swap, and Boot. You like Root more than either of the others, so you give him more pie than Swap or Boot. Boot, of course, is mad that she didn't get as much pie as Root, so she's going to complain to you about her not getting enough pie. A lot.
That's what's happening with my computer right now.
2546370
I knew that much.
And I am on a laptop so it is solid state drive not a hard disk drive.
And isn't it a better idea to keep your OS on a solid state drive so your computer boots up faster and keep all your data on the hard disk drive?
2546419
Actually...
I have one. I didn't think you knew about solid state drives.
I guess they are fairly well-known by the general populace now.
2546461
Nah.
I just dropped out of hardware sometime after that point because I found out the finals would be building an expensive as fuck computer and I couldn't afford it when I would inevitably fucked up and broke something.
2546623
Paid for what? Anti-virus?
2546669
Maybe you can do it yourself next time! 
Ah, whoops.
2546370
Wait a minute.
How the fuck did you manage to get the certifications if you have never been to college?
2548050
http://www.jobcorps.gov/home.aspx
Yes, every single one of my certifications (also my driver's license and CPR/First Aid certifications) is a direct result of that program.
Windows won't let me delete shit in the program files folder.
2572347
Are you on an administrator account? Guest accounts can't do stuff in program files. Viruses can lock you out of folders... just do what steps you can. A program in program files can't do anything if you remove everything it uses to run.
2573185
I am an administrator.
2573208
Do you have a virus?
2573236
I don't know.
It was Avast that wouldn't let me delete it. It wouldn't uninstall when I tried to.
Testing on Camstudio I can delete it fine.
2573236
2573236
Well I know I have something.
As something keeps trying to use svchost.exe to open Norton files.
2573236
2573236
Well I know I have something.
As something keeps trying to use svchost.exe to open Norton files.