Virus Cleanup Steps

How To: Virus Cleanup steps for Windows PC's.  Generals steps that work for almost all infections.

Over the years I have written many articles on how to cleanup specific viruses but the articles become dated and are less useful when other viruses take their place.  This article generalizes the steps I take for all infections.  Although time-consuming, the results are almost always good.

When cleaning viruses, it is best to boot from a non-infected virus-cleaning disk -- usually a bootable CD.  Because you are booting from a guaranteed, non-infected operating system, and because it has full-control of the hard drive, there are no locked or in-use files and the software gets complete access to the disk.  Because of this, it can clean the most stubborn infections

Microsoft and other vendors now have free, bootable CD's.  To do the job right, you will have to run multiple products, from multiple vendors.  This will take time. 



In General:

Build the bootable CD's from a non-infected machine
You will be building multiple CD's, from multiple vendors
You can build bootable CD's or bootable USB sticks; I prefer CD's
Build the disks on the day they are needed -- they become obsolete within a few days

Important: If you have a laptop, running Windows 8.x or 10.x, see below for concerns about UEFI disks***.


Build the CD's

From a non-infected computer

Download Windows Defender Offline

This is a bootable CD* that runs Microsoft's virus cleaning utility.
http://windows.microsoft.com/en-us/windows/what-is-windows-defender-offline


- You must use Microsoft's Internet Explorer to download
- Always download and use the latest version
- It will download a stub program, msstools.exe.  Run this stub.
- It will build the CD automatically; follow the on-screen prompts or see the steps below.
- Most Windows 8, 7 and Vista users should choose the 64-bit version.


Download Kaspersky Rescue Disk

This is a bootable CD that is downloaded as an .iso file.  Use the .iso to build the CD


http://support.kaspersky.com/us/viruses/rescuedisk#downloads
Click "Distributive" to download the ISO

- Click the Download Kaspersky Rescue Disk link.
- This will write an ISO file, which is a CD disk image.
- From Windows 7, 8 or 10, follow these steps to write the ISO file to a CD.


Download AVG Rescue CD

This may be overkill, but a third vendor may find things that the others miss.
 http://www.avg.com/us-en/avg-rescue-cd

- Click the AVG Rescue CD Free Download link; download the ISO version.
- See these keyliner steps to write the ISO file to a CD.



Begin the Cleanup

Once the Bootable CD's have been built and labeled, do the following:


0.  Malware Bytes

If your machine is healthy enough to run other software, from the infected machine, download and run this program, from MalwareBytes.org.  This is my favorite anti-virus program.
https://www.malwarebytes.org/mwb-download/

If the machine is not healthy enough, download the installation from another computer and burn it to a CD.  Then, disconnect the network cable from your infected computer, or disable the Wireless.  Then run this program; it will probably succeed.  Because it is not on the wire, it won't be able to update its definition files; cancel the update and let it run a full-scan with the version you downloaded. 

- Select the Free Download
- Decline the offer to install the 30-day trial
- If possible, allow the program to update its definition / dictionary files
- Allow the program to do a full-system scan
- It will take hours to run.  It runs unattended

Once it is complete, continue with the next bootable CD

If you cannot get MalwareBytes to install or run, continue with the next CD.


1.  Kaspersky First

Have your network cable plugged in or your wireless enabled.  Boot the computer with this CD and follow the on-screen prompts.

- Insert the Kaspersky CD into your drive and boot the computer.
- Hopefully, you are prompted "Press any key to boot from the CD"
- If you do not see this prompt, see below on how to change your BIOS boot Order**

Allow the program to do a full-system scan.  The program is a little weird.  Click the big red (or green) button in the upper-left corner to begin the process.  On the current version as of this writing, the button looks like a bunch of LED' in a circle and it is not clear this is a button.

The scan will take hours and can run unattended.


2.  MSE Second

Boot the Microsoft CD and instruct it to do a full (not quick) scan.


3.  AVG - Optionally Third

Consider booting the AVG disk if you want to be even more thorough.  Personally, I have not actually done this, but if you have the time, it is worth the effort.  It may find something the others missed.


4.  Last Step

If you were unable to run MalwareBytes in Step 0, allow the computer to boot normally (without a bootable CD).  Install MalwareBytes and allow it to run.


In my experience, these steps have almost always fixed the computer, with one notable exception.

RANSOMWARE Viruses

If you detect a Ransomware virus, the programs above will remove the virus but they will not be able to save the data and many programs.  It will render your computer useless.  It is repairable, but your data will be lost. 

(Ransom viruses encrypt all of your data files, such as Word, WordPerfect, Excel, PPT, photos, etc., and invite you to pay a fee of $100-$500 for the decryption key.  The fee is usually paid in bitcoins, which are untraceable.  Under no circumstances should you pay.  To begin, they will take your money and may not give a decryption key.  They may give the key, which will restore your data files, but will like re-encrypt in the future and charge ransom again.  This is truly a lost-cause.)

The only way I have found to 'recover' from this type of attack is to build your system recovery CD's (from your hardware vendor - usually a menu to build "recovery disks", or contact the vendor to have one shipped), format the hard disk and start over.  This will save the hardware, but all data will be lost.  Recover data from your backups.

Other Notes:

**BIOS Boot Order

Your PC may not allow booting from a CD.  Follow these rough steps, which vary by each computer model.

A.  Cold boot the PC
B.  At the hardware banner screen, press F10, or F12 or F2, to enter the BIOS Setup or Boot Setup menu.  Sadly, this varies.
C.  If you arrive at at UEFI Secure Boot screen, see the note below* before going further
D.  Enter the BIOS Setup (sometimes called simply "Setup").
E.  In the top BOOT menu, look for a choice that shows boot order.  Arrange the order so the CD is first to boot, then the Hard Disk.
F.  Most BIOS screens use a bottom-menu F10 to SAVE your changes.
G. Allow the PC to reboot.  Watch the screen for a Press any key to boot from CD


***UEFI Disks

Very new laptops, with Windows 8.x or 10.x have a UEFI encryption, which prevents viruses from writing boot-sector changes.  Unfortunately, this also blocks bootable CD's from seeing the disk (UEFI is actually a very good security feature -- it just stops some of these tools).  If your vendor has signed drivers, they can boot, but as of this writing, I have not found a vendor who can do this.

For example, if you have a UEFI disk, Microsoft's MSE claims to be able to boot and clean the disk, but I have not yet got this to work.  I am still researching this.

If you have a UEFI disk, I do not know how to use these bootable CD's.  Your only hope will be MalwareBytes.

Your comments are welcome.

Burn ISO Image menu missing from Windows

Problem:  The "Burn ISO Image" menu is missing from File Explorer's context menu.  This article describes the solution.

To burn an ISO file to disk, follow these normal steps:

A.  With File Explorer, locate the .ISO file.
B.  "Other mouse click" the file, choose "Burn disk image". 

If the menu, "Burn Disk Image" is missing, another program has taken control of the ISO file extension.  Use these steps to return control to the default settings.

These steps work for Windows 7 and above:

1.  Open the Windows Control Panel
 
2.  In the Programs category, click "Default Programs"
 
3.  Click "Set your default programs"
 
4.  In the left-nav, select "Windows Disk Image Burner"
 
5.  On the bottom, click "Set this program as default"

This sets the Windows program
"Windows Disk Image Burner"  (C:\Windows\System32\isoBurn.exe)
as the default program for ISO and IMG files.

Why is the menu missing?  Likely, another CD-burner (such as Nero, Roxio, or other CD software provided by your hardware manufacturer) intercepted the menu.

Related documents:
Keyliner: Burning an ISO Image in Windows - Step-by-step with other hints
Keyliner:  Burned Audio CD's do not play in car or stereo

Pandora - Server not found on Sony Bravia TV

Solution: On a Sony Bravia TV, Pandora displays an error on launch - "Server not found".  Previously, Pandora opened and was registered correctly, but now displays an all black screen with this ~ message.

Symptoms:
Pandora had worked before; the TV was registered with Pandora, and the program loaded correctly. Then, with presumably no changes, the program refused to load, displaying a black screen with the above message.  The message included a link to Pandora support, but the link was not useful.

Uninstalling and re-installing Pandora did not resolve the problem.
Cold-booting the TV (disconnecting power) did not resolve the issue.

Suspicions:

The unsubstantiated belief is the TV acquired a new DHCP IP address from my home network and Pandora became confused.  The application provides no means to re-register.  I suspect de-installing from the main app screen does not really uninstall the program; it just removes it from the main menu.

Solution:

I followed these steps to recover.  These steps assume your TV has already logged in to the Internet at least one time and performed its default firmware update.

1.  Perform a factory-reset on the TV (essentially a re-format, returning the TV to original factory settings).  Steps vary by brand and model.  Search the Internet for your exact instructions. 

For my TV, a Sony Bravia KDL-60W630B,

a.  Turn on the TV.  Wait 1 minute for the Operating System to completely load.
b.  On the TV remote, press and hold the up-arrow.
c.  While holding the up-arrow, reach around the back of the TV and press the POWER button on the back control-panel; this is not the remote's power button.

2.  Allow the TV to restart.  Re-register and re-set-up the TV, setting region preferences, time-zones, etc., following the TV's normal first-time-start.

Note: The TV will not have to re-download the Firmware update, this was already applied when first installed and a factory reset does not undo this operation.

3.  Important change:  For the Network connection, set manually, using the Advanced menu.  You will need to set a fixed IP Address, not a router-assigned DHCP address.  Do this by selecting the Advanced Network Setup menu, with detailed steps, below.

When picking an IP address, pick one outside of your normal DHCP address range.  For 99% of all routers, set the IP address's last octect to 130 or 150.  Avoid numbers below (120) as these probably conflict with the DCHP broadcast range.

For example, I set my TV to this IP address:
192.168.100.150

All other IP settings, subnet masks, etc., should stay at their defaults.  Your prefix address range (192.168) may be different. 

Typical IP Addresses:
IP Address:  192.168.100.150
Subnet: 255.255.2550.0
Default Gateway: 192.168.100.1

Detailed Steps:
Press the remote's [Home] button.
Then, from the TV's top-menu bar, select [Settings]

Select:
[Network Setup]
[Setup Network Connection]
[Advanced] -- Set a manual IP Address in a range, as suggested above.

4.  From the [Network Setup] menus, select [Refresh Internet Content].

This updates the software and applications and your TV's step may be labeled differently.  It will take several minutes to complete.   

5.  If the Pandora tile is installed on the My Favorites (App Screen), highlight the Pandora tile.  Select Options, and remove.

6.  On the App Menu, click the "+" tile, re-install Pandora.  I actually launched the "Opera Store" and found Pandora from there, but I do not believe this was a significant difference.

Pandora should be working correctly.

HDMI Cable does not broadcast sound to the Stereo Receiver

Solution: On a new TV, connected to a stereo Receiver, sound does not broadcast to the stereo.  TV sound only works through the TV's internal speakers.  This article discusses the solution.

Symptoms:
No sound is heard from an HDMI-connected TV/Stereo.
The Receiver is older than apx 2012 / 2011, the TV is new.
When the TV's internal speakers are used, sound works properly.
Other devices, such as an HDMI-connected DVD player or Game Console do play sound through the stereo.

Issue:
Even relatively new stereos may not support the "ARC" HDMI standard (Audio Return Channel - Sony branded "ASC").  ARC/ASC allows audio data to be transmitted down to the stereo, from the TV's inbound HDMI cable.

Because of this, you will have to use a secondary audio-output cable, usually an optical cable, to route sound outbound from the TV to the receiver's inbound ports.  Thus, there will be two cables running from the TV to the Receiver.  If your receiver does not have optical ports, you could reluctantly use old-style RCA jacks.


Pres-requisites:

a.  Confirm the TV is not set to Mute
 
b.  Confirm the TV's internal speaker settings are set to "Stereo" (or the non-internal speakers).  This is controlled by the TV's setup menus.
 
c.  From the Receiver's side, confirm the TV's HDMI cable is connected to the HDMI Output port (Important:  This is not a normal HDMI input port).

d.  Confirm the other end of the HDMI cable is connected to the TV's INPUT HDMI port.  On my TV, this is labeled "ARC".  Use this port even if you do not have an ARC-compatible receiver.


Solution 1:

1.  Replace the stereo with an ARC-compatible stereo receiver.  I did not try this solution, but am tempted.

Although expensive, there is one minor benefit:  The TV's remote will control the stereo's volume up/down.  Without this, you need one remote for the TV and a second for the stereo.  The stereo's remote will be used mainly for the volume, and little else.  You could substitute a universal remote and program-around this. 

Solution 2:

1.  Run an optical cable from the TV's optical-out port to the receiver's TV Input port.  This is what I did and I used a RocketFish branded cable.

Learning from my experience, a 4-foot (1.3M) optical cable was not long enough to comfortably reach the cabinetry directly below the TV.  Save yourself a second trip to the store and by a 6' or 8' (2M) cable.


(If you do not have an optical port, use a red-and-white RCA connection, but with this option, your equipment is probably too old and you should consider a new receiver.  You will be missing out on other HDMI benefits.)

Solution 3:

By a Sound-bar and bypass/discard the receiver.  I did not try this option.


Comments:

Most people chose a simpler design and route all equipment directly to the TV, allowing the TV to be the central hub.  I did not do this because of the cable-mess behind the TV.  Instead, I recommend routing all connections through the stereo receiver.  With this design, the TV needs  3 cables:  1 HDMI, 1 power, and unfortunately in my case, 1 optical -- a fourth cable if you are using a wired Cat-5 cable.  If I had a slightly more modern receiver, I could dump the optical.


In my case, the optical cable still did not work.  I discovered the Receiver's TV optical was bad and I had to route the cable to the Receiver's DVD port (my Receiver has 4 inbound Optical ports).  With this, even though I was using the TV's functions, I had to set the Receiver to "DVD."  As long as the DVD player is off*, this works perfectly well.

If you find the optical cable does not work, as in my case, try a different port on the receiver.  If this still fails, consider the possibility the TV's port is bad.  Some have suggested a can of compressed air may fix bad ports.


*With an HDMI-connected DVD/BlueRay player, the very act of turning on the DVD player's power is enough to automatically switch the TV's INPUT to the DVD.  This happens even though a stereo receiver was in the middle.  How cool is that?  You may not be impressed, but just last week, I retired a 30-year-old TV with RCA connectors.  My friends have welcomed me to the modern age.

Easy Disable Cellphone Crapware - Android

How to: Disable cell phone "crapware" (unneeded or unwanted programs) from your Android phone, without rooting - Easy steps, highly recommended.  Does not require software.  This article has been modified and improved, 2015.06. 

 

My AT&T (ATT) phone ships with dozens of add-on programs that I do not need or want and I am sure your phone has the same problem.  These programs run in the background, occupying memory and they pester for updates.

Short of rooting the phone, the programs cannot be uninstalled, but some can be disabled.  With these steps, many apps can be permanently disabled and the steps are reversible.  Here are the benefits:

• They do not occupy memory
• They will quit checking for updates
• They will quit notifying you
• They will not appear in the All Apps menu

Steps:
Illustrated - an HTC One M8 from AT&T, running Android 4.4.2 (and Lollipop 5.01).
Your Android phone may look different, but the steps should be similar.

1.  Open the Settings Screen, choose Apps. 
(Version Galaxy S4 shows "Application Settings")

 
2.  In the Apps screen, scroll (horizontally), changing from the "Downloaded" screen to the "Running" screen. On my phone, switch between the menus by flicking horizontally on the top ribbon-bar area. 

Review the Running apps; these are programs running and occupying memory.

3.  Important! 

Continue Scrolling to the "ALL" Apps screen (illustrated above).
The next steps can only be done from the ALL screen.

4.  Choose an unwanted application.

If the app allows, and many do, disable the app by:
a)  Uncheck "Show Notifications"
b)  Click Disable
c)  Click Force Stop.  It will prompt for confirmation.

(Verizon has slightly different prompts, same steps; see below)

A Verizon Galaxy S4 screen looks like this:
Verizon Galaxy Steps, in this order, for each app:
* Uncheck "Show Notifications"
* Click Turn Off
* Click Force Stop

Important notes:

• You must be in the "All" screen to make these changes.
   
• Choose with care which programs to disable.  Do not disable Android OS-looking apps.
   
• Some applications cannot be stopped in this manner.  For example, HTC Blinkfeed did not allow these choices and it would not allow me to chose "Disable".  If you can't chose "Disable", it is pointless to attempt anything else; it will come back no matter what your choice.
   
• Some applications may be chained or called by other applications and you will see this by examining the app in the "Running" applications.  Start with the master, or top-level app.  With this said, I have left the chained applications alone.  A good example would be ATT Hotspots.
   
• These steps "Disable" the application - but sadly does not un-install.  But with these steps, at least they do not occupy system RAM and they will quit bugging you for updates.
   

I disabled these applications:

I disabled these apps because I was either offended they were installed or because I had never used them or because I could care-less about things like moving wallpapers.  Your choices may be different.

Amazon Kindle
Android Live Wallpapers
AT&T Address book
AT&T FamilyMap  (my children were horrified at the very thought)
AT&T Hotspots (never use)
AT&T Live
AT&T Locker
AT&T Mobile Locate (I use Google's service)
AT&T Navigator (I use Google Maps)
AT&T Ready2Go
Browser Bar  (what a horrible program, what a horrible idea)
Bubbles Live wallpaper
Car
City ID (a subscription service installed on all ATT and Verizon phones)
Data Dashboard Widgit
DropBox for HTC Sense
Frisbee Contacts
Famigo
Facebook
Google+ for HTC Sense
Games (W Games -- all require money.  Why can't I play snakes?)
Holo Spiral Live Wallpaper
HTC Account
HTC Recommend (wow, you can recommend your favorite app)
Internet (Browser) shipped with HTC; I use Chrome
Keeper (who wants to type a password to lookup other passwords?)
Market Feedback Agent  (I'm sure I don't want this)
Mobile Data Widgit
Mobile TV
Music Visualization Live Wallpapers  (my screen goes blank after 30 seconds...)
MyGoogleDrive (HTC)
Polaris Office 5
Phase Beam Live Wallpaper (arg!  Another live wallpaper...)
Power dashboard widgit
Ringtone Trimmer
Twitter for HTC Sense
Uber
Wifi Hotspot Widgit
Wallet
YP (Yip)
Zoe

Anything that you stop, can be restarted by reversing the steps and then rebooting the phone (many of these are services).


Dear AT and T,
Please let me uninstall this stuff.  It makes me so angry that I have to fight this and all I want is control.  A Motorola Nexus / Android One phone is looking better and better.
 

Android Checklist - Reset Factory Defaults

A few months ago, after my HTC One M8 installed Lollipop version 5.02, I occasionally noticed the stock keyboard would quit working.  After researching, the best-first-step solution seemed to be a factory reset.  This article outlines the recommended steps.

Expect to spend about two hours.

Steps:

Starting with a fully-charged phone, or with the phone on power, follow these steps. Several reboots will be needed.

1.  Backup all downloads, photos and music to a PC or cloud.  Be aware that game scores, and other program settings will be lost.

2.  Backup or confirm the Address Book.

If all addresses / contacts are stored in Google's Address Book, you have nothing to worry about.  Everything will work perfectly.

If the addresses are stored on the phone, export them or they will be lost.  See this extensive Keyliner article for recommended steps:  Android Phone Address Book Imports.  There are some issues with the export and import, outlined in the article.  For example, on re-import, whether a number is an Office, Home or Mobile, may be lost. 

3.  All applications which require a login/password (other than Google's), or programs with internal preferences, will lose their settings.  Record the user-id's and passwords you will need.  Examples might be your banking apps, VMWare app-authentication, Skype, etc.

4.  Email Accounts:  Record all of your POP and Imap email account information:

For POP-3/Imap email, record these settings:
SMTP Server Name
Encryption Type:  Typically SSL/TLS
Port

Outgoing SMTP Server Name
Encryption Type: Typically SSL/TLS
Port


5.  If you use a corporate two-factor authentication program, such as DUO, be sure to get your configuration steps (from your corporate helpdesk) prior to the reset, or you will not be able to login to your corporate network until re-installed and re-authenticated.  With my company, they send a specific email/text message to the device.

6.  If you are using Google's two-factor authentication, consider printing your emergency access codes (a list of 10 backup codes) or you can have Google send a text message when you first re-login to the phone.  Either option will work well, just mentally prepare yourself.

7.  I found it was pointless to write down an inventory of my installed applications.  When the phone rebooted, it re-installed all of my applications.  I was pleasantly surprised.  (This is because I was arriving back on the same device.  If you are moving to a new phone, some programs may not automatically install.)

8.  Power off the phone.

9.  Boot the phone into the Hard-Reset recovery screens.

Various manufacturers have different steps for the hardware menus.  For the HTC, press and hold the volume-down, then press and hold the power-button.  For Samsung, use volume-up and power.

10.  From the DOS-like menu, use the volume buttons to select "Recovery", then "Wipe Cache Partition".

This clears a cache that is separate from your application cache.  Select reboot and allow the phone to reboot normally.  This menu is safe to select any time; it does not damage your installed programs or data.  This can fix a variety of odd problems, but this did not help with my keyboard problem.  It is wise to clear this cache for other reasons.

11.  Shutdown the phone again, return to the Hard-Reset/recovery screen shown above.

12.  Select Factory Reset.  This will erase all programs and data on the device.

13.  Allow the phone to reboot.  This may take several minutes.  When it reboots, it will apply a large number of updates. e.g. patch 1 of 236, or some-such number (these are operating system patches).

14.  When finished, the desktop displays.  Open the App Store, select menu "My Apps" and marvel at how many are re-installing.  This will take time.  Make dinner or something.

Note: During the install, the phone will probably prompt to reboot.  Ignore this and let all other applications update.

15.  If any expected apps are missing, install from the app store as you would normally.  On my phone, all apps arrived correctly.

Re-Configuring

Once the app store finishes, do the following:

A.  In Settings

Confirm you are connected to your wifi network

Confirm Mobile Networks is enabled (by default it will be turned off, which will later show as "data network not available" when you leave the house or office

In Security, set a screen-lock PIN or other security

B.  Add program icons to the desktop, by clicking the center-9-dot menu and dragging icons to the Home Screen Pages (desktop)

C.  Open each app, setting preferences and logins as needed.

D.  If you have other email accounts, use your email reader (or Gmail) to add those accounts to the email program.  If you have this well-documented, this is easy.  If not, it is a pain.

E.  Re-import your exported address book.  (If you are using Google to store your addresses, this step is not needed).  See this Keyliner article:  Android Phone Address Book Imports. 

F.  If you are using Google Two-Factor Authentication, or Microsoft's Account Manager, launch these applications and re-configure them (details needed).

G  For your corporate two-factor (e.g. DUO), follow your corporate instructions.

H.  Pair your bluetooth headset or other devices.  See this Keyliner article for a Plantronics Headset.

I.  Setup Android Device Manager to help you locate or erase lost phones.  See this Keyliner article:  Android Device Manager can locate a lost phone. 

J.  If desired, re-copy the backed-up pictures to the phone's DCIM.  If you are using Google to backup your photos, they will automatically arrive on the device shortly after the apps are installed; be aware they are not stored locally.  A re-copy locally is recommended. 

K.  Consider disabling some of the phone's unneeded crapware.  See this Keyliner article: Disable Cellphone Crapware.

Your comments are welcome.