EPTIntroduction:
Since being temp banned for 2 days in TL, I was thinking of making something productive or a way that would help out people, since the only skill that I currently have is of a technical support that tries to manual remove malicious file why not make a guide on how to do it, amirite? So here we will all be discussing on how to manually check for malwares using folder options and other tools in the internet.
Having a hard time with your computer? It’s not working or functioning like it should? Getting a lot of pop-up windows from different websites like gambling, porn and the likes? The amount of slow down is making you crazy and all the stuff that will make you say “FFFFFFUUUUU…….”
Then no need to worry folks, I’m here to provide step-by-step instructions on how you can check your computer for malwares aka viruses, spywares and stuff that makes your computer shamalaydingdong!
First part: File Arrangement
For us to manually check for malicious files in your each folder we need to arrange them in order. So the first thing we need to do is open any folder in your Windows.
Here is a screenshot and instructions of how to do it:
Go to tools > folder options > view tab >
![[image loading]](http://i31.tinypic.com/16lfif9.jpg)
Now on the View Tab, untick or select the following in the list:
Select: Show Hidden Files and Folders
Uncheck: Hide extension for Known File Types.
Uncheck: Hide protected operating systems (just say yes when a message comes up)
Uncheck: Use Simple File Sharing
Note: Simple File Sharing: this will add new tabs in a file such as security and for folders it will be share/security tabs. We will need this to remove the viruses manually, also note that some files are fucking persistent that it’s really frustrating to remove. We will discuss that later.
So there you go and it’s very simple right? The malwares which are hidden in system32 will show itself naked and desperate to be raped Jae Dong Style. But be wary, in my days of tech supporting some malwares we call rootkits are as hard as “going man to man sex” to remove or show itself. (We will also discuss on how to remove this rootkits in a different area or later)
This part right now is arranging so that it will be very simple to remove all the malwares in your system32, windows or %temp% folders, or other folders that is potentially infected by the crazy-ass malware.
You open system32, windows or which ever folder the malware is hiding. (Viruses can virtually hider anywhere in your computer which is a bitch to handle at times) Click on Views which is circled in the screenshot and click on “Details”
Details: It will show you the date that a file was created or modified, meaning, if a virus hit your computer in August 1, 2009. Then there’s an exact file that will say created/modified in August 1, 2009 which will be the malware itself.
Next is right click > Arrange Icons By > Modified
Then do this again and click on “Show in Groups”
Here is what your system32 or windows folder will exactly look like:
![[image loading]](http://i25.tinypic.com/vg7f68.jpg)
Isn’t great that you have arranged the files for easy disposal? Check it out, and you’d find that all the files created today, last week and last month are in arrange per category. This is very vital in removing all those nasty whinny malwares made by those assholes somewhere in their basement.
Part 2: What does a Malicious Software/File aka Malware look like?
You’re going balling and chicks dig how awesomely arranged the files in your computer are. I mean you must be one of the people who have psychotic tendencies since you’ve become an e-clean freak. Kidding aside, if you don’t know how a malware looks like let me help you with that.
Identifying a Malicious File.
![[image loading]](http://i26.tinypic.com/v6kw88.jpg)
1) It doesn’t have a Version or a Manufacturer -> Yes sir when you check out a certain file (.exe, .dll or extensions usually used by malwares) then there is a big possibility that it’s a MOFO! But, If your not quite sure if you really want to remove it then ask help for Google. (Now it sounds like noob advice, but the thing here is we are going to ask help for each websites) So for example, you found a file in your system32 called “CanNoWoopass.dll” notice the amount of maliciousity it has in its name. Now, if you check it in google and it provides you a “No Matches Found or No Documents found containing “CanNoWhoopass.dll” then you can happily remove it . Then also there is another part in which there are thousand of search results, and basically you don’t know who to listen to since one website says it’s a mofo then the other website tells you that “it’s perfectly safe”. Well, if one website say’s that it’s perfectly safe then don’t remove it! It’s plausible that the file is being used by a legit program, therefore if you remove it then big chance of fail.
Recommended websites that will tell you if it’s legit or not
• Prevx
• BleepingComputers
• Processlibrary
• And a whole lot more
Note: Sorry if I’m not specific with the websites but just read through how to check them out and you’ll be fine.
2) Easiest way of checking out for malwares: If there are multiples lets say a thousand or hundreds of them. Then check this out:
Check out this screenshot:
![[image loading]](http://i25.tinypic.com/14kxmqq.jpg)
![[image loading]](http://i27.tinypic.com/20k4uaq.jpg)
As you can see, when you highlight a certain file it should come up with a version and manufacturer. But right now, we can all say that this motherfucker has gots to go since: 1) doesn’t have a manufacturer 2) ambiguous name and 3) looks like it’s the viruses that got me on the date that I was getting a lot of pop up from IE.
Usually, there will all stay and hatch themselves in the system32, but there are lots of malwares that stick themselves in different areas of your computer.
Check some of the following directories for double checking or we can use autoruns by windows to detect .exe or .dll files being used by the virus:
%temp% <- type these in the run command
System32
Windows
Windows/Temp
Program Files
Documents and Settings\All Users\Application Data
Note: Again, if I missed out with some of the folders that the malware can be hiding please provide. Then again, malwares can also make their own folders so watch out.
Also, they are really nasty creatures that lurk anywhere in your computer.
Part 3: Removing the Malwares in your computer:
Now that you know how to check them out in your computer, I am going to suggest sometime for you to meditate because this is the worst and most tedious job in all the parts. It’s like the battle between good and evil, one versus a thousand, it’s frustrating at times but if you’ve done the 2nd part correctly in which you know where the little mofo’s are coming from, then it will be very easy and smooth.
First of All, you have to disable all services of windows, in order to simplify that, you just need to go to safe mode. Safe Mode, all services and some exe files will not run this mode. Usually, this is the best time to remove these malwares in your computer. Of course, this tutorial is not about removing them through scanning with an Anti-Virus program, but with your own skills and wit. (I know for a fact that Anti-Viruses sometimes fail big time in removing all the malwares in your computer)
So here we go:
You found one malicious file in system32 and when you try deleting it in safe mode it just shows you “access denied”. So it’s using resources in the computer that’s why it’s so darn slow. Then, you had an epiphany, what is no-one can run these damns files. You try it out if it via means of the following:
Right-click on the file > go to properties > then click on security tab:
![[image loading]](http://i27.tinypic.com/2s7wh74.jpg)
Click on Advance then untick the “Inherit from parent the permission entries… blah blah blah..” and click remove > ok then ok again.
![[image loading]](http://i26.tinypic.com/28u1q3c.jpg)
Then after doing that you will that there are no more accounts that is using the file, restart the computer again in safe mode then try deleting that file. If that doesn’t work the first time try doing this:
Go and right-click on the file > go to properties again then click on security tab and click on add button. Type there administrator (or which ever account you are using) then click add, ok and ok again. After that put a tick mark on Full Control on administrator, then try deleting the persistent a-hole and that should work.
Well, unfortunately you really have to do this all over and over until you have removed all the malicious files in your computer. After that, you can just say bye bye to those bitches and be a happy starcraft player once again.
The tools of the trade:
The Nuke:
![[image loading]](http://img.bleepingcomputer.com/combofix/en/cf-icon.jpg){kind=icon}
Combofix: why the hell, I’m calling this the nuke because you use it under your on discretion. Man, there were times that after using it’s awesome tigerness, the computer works like it was a new born baby, then again if this thing also makes you crazy at times since it does damage the system when the update is fucked. (usually the file has a database of malicious files that needs to be removed) well, some people usually update the wrong file and viola! FUC (Fucked UP Computer). So please, if you’re pretty sure about it then go and blow them with this.
There are also variant’s like noob-killer (I think that’s the name), SDFix and other’s that has the same process in malware removal but this is the big momma of them all.
Note: Combofix is better used in safe mode ^_^
The Scanner:
Autoruns: This is used to check what processes are running in the background of your computer. Meaning, if a malware attack is in progress then Autoruns should be able to pick it up for you. Great thing about using this is that, it actually sees the file and provides information about what manufacturer and version that file is. So, if you see a little fucker with not information about version or manufacturer then go ahead and make its day.
The Observer/Science Vessel
Gmer: This application is used to detect hidden rootkits in your computer. It’s usually used if you are so sure that all the malware’s in the computer are removed but still it runs like it’s being anally tortured or something. So if I were you, better run this first before going through the process of manual checking and removal.
Btw, some malwares can detect the presence of these godly weapons so if incase you can run them. Change them to another name with a different extention like .com rather than .exe aight?
Also, if ever you find a hidden rootkit in your computer (sometimes combofix can find them but sometimes not so much luck, then gmer is the tool to use) just right click the directory in read then click on disable service. That should work awesomely!
Note: if you have other tools that you used in removing malwares please provided to me in this thread and I will gladly put it in OP.
This should be my first ever official contribution to the website; If I ever learn new skills in computers then I’ll try to provide more guides or anything that will entertain you people.
Footnote: Please provide me any feed back if I made a mistake on this and that, or if you want to add up some more steps that will be very beneficial to these threads.
Also, if you have a malware on your machine asked for R1CH not me (because I know deep in my heart my knowledge is nothing more than a speck in his universe)
GG’s everyone!
Edit: just found out this is my 666 post!
Edit2: sorry if there are a lot of grammatical errors, if you can't understand some parts of it let me know so I can changed it. Thank you!
Update:
Provided by DeerDance
1. rule DONT USE IE go for Opera or Firefox
2. use some goddamn antivirus, try avira or avast both are free avast dont got that damn pop up that avira has...
3. never ever ever run any exe that comes from unknown source... for example codec you get when you browse some porn, or some anticheat for some crappy russian CS server...
4. always be ready to reinstall and always have back up of important stuff
Provided by citi.zen
One suggestion is to simply go to view>choose details>tick "company" and "description" to go through the sys32 list faster.
![[image loading]](http://removal-tool.com/wp-content/uploads/2008/10/antivirus2010.png)
