How Do I Get Malware Off My PC Once and for All?
Q. My PC caught a spyware infection that replicates itself even after I've deleted it from the Windows Registry. I've tried all the spyware-removal tools I could find, but I am still unable to get rid of it.
Myron Oglesby, Rockaway, New Jersey
A. If scanning with multiple antispyware programs doesn't remove it, try using Windows' System Restore feature (note that Windows 2000 lacks System Restore). Select Start, Programs (or All Programs), Accessories, System Tools, System Restore. Choose Restore my computer to an earlier time, click Next, pick the earliest Restore Point available on the displayed calendar, and follow the prompts.
Should System Restore fail to solve the problem, your next steps are to reboot your PC and press <F8> before your monitor switches resolution as Windows loads. At the resulting menu, select Safe Mode with a Command Prompt, and then pick your operating system. At the command prompt, type C:\windows\system32\restore\rstrui.exe, press <Enter>, and try running System Restore from there.
If your PC is still infected after this, I must make like Dear Abby and recommend that you seek the assistance of a professional. Contact the support desks of your various security software vendors, one of which may have the solution.
For the community approach to support, download the free HijackThis and run it to create a very technical report on your system's suspicious Windows behavior (see FIGURE 1
If all else fails, back up your data folders and get ready to reformat the PC's hard drive and restore your system from a full backup. If you don't have an image backup of your drive, you'll have to reinstall Windows, install and update your malware protection, and restore your data from the backup. See "Move All of Your Valuable Data to a New Partition" for a list of the folders that likely contain your data. Instead of moving the folders (as that tip suggests), copy them to CDs, DVDs, or an external hard drive.
Of course, reformatting and restoring your drive is easiest if you've been using a backup program with good disaster recovery features. Image backup programs such as Acronis's $50 True Image and Symantec's $70 Norton Save & Restore (which replaces the company's venerable Ghost utility) are particularly adept at drive restoration, allowing you to restore the entire drive from a preinfection backup.
If you don't have a good system backup, reinstall Windows using the restore disc or Windows CD that came with your system, selecting an option that will destroy everything on your hard drive (a good idea in this particular case). You'll also have to reset your Internet connection, and reinstall your hardware drivers and applications. You can view our video tip, on reinstalling Windows XP.
Once you have Windows and your programs back in place, you'll have to update all of your security utilities, and then scan the backup of your data folders with your antivirus program before moving the files back to your hard drive.