Remove Virus Without Installing Antivirus Software

Remove Virus Without

Antivirus Software
(Using a FREE Tools/Software)

I hate virus....

By: Shahdan bin Kamarudin

DISCLAIMER: The author, will in no way be responsible, in financial or any other

terms, for damages (either consequential or incidental) resulting from the use or
from following instruction in this ebook. Use the tools or follow the instruction at
your own risk

ABOUT ME: Hi, I'm Shahdan from Malaysia. I'm a first year student of 'Bachelor in
Information Technology' at Cosmopoint International University College. Because of
I cannot afford to pay for commercial software, I choose to use FREE software for
my computer. FREE, here can be a FREEWARE, Free for personal use or FREE &
Open source software. Do give me a feedback if you find the information is useful
or it's just a bad idea to write this ebook.
Email me: rudinshah@gmail.com

FREE software for my PC..

Remove Virus Without Installing Antivirus Software

Introduction

This free ebook is for Non-Technical user of Windows XP(or other windows version where
the tools can be use). The purpose of this ebook is just to share with you(the reader) an
information of a FREE application/software that can be use to clean your system from virus.

The author hope this ebook will be helpful if you somehow face a doom situation. This
ebook cannot be use as your guideline rather than just to give you ideas to solve the problem
by yourself. Please consult your computer security advisor if you don't want to do this by
yourself. Sorry for my (not good) English...

Here are some of the FREE software that I use;

OpenOffice.org - Office Suite

XMPlay - Audio Player
jetToolBar
7-Zip
Foxit Reader - PDF Reader
FreshUI
Treepad Lite
Firefox
PDFCreator
Avast! Home Antivirus
AVG Free Antivirus
IrfanView - Picture Viewer, I like this software very much :)
RegSeeker
ProcessExplorerNT
DriverGrabber
Startup Control Panel
rjhExtensions - Used to encrypt/decrypt file
Audacity
Sunbird(PortableSunbird)
SUPER v1.811
Disk Cleaner
COMODO Firewall Pro
AthanBasic - Muslim's prayer time reminder

A website that I will usually surf for a FREE software;

http://www.portablefreeware.com/
http://www.portableapps.com/
http://www.sourceforge.net/

FREE software for my PC..

Remove Virus Without Installing Antivirus Software

Other FREE utilities that I use:

A Knoppix Live CD (http://www.knoppix.com/)

- I use this Live CD to LEARN about Linux OS and as a backup utilitiy if somehow I cannot
login to my Windows system. It can read/write the FAT and NTFS file system.

Some Intro

I had experience this with a viruses Eg; SVVCHSOT.exe, Trojen Horse, .vbs, etc
- the virus start automatically on windows startup. It copy itself at windows folder.
- It start with the shell command(something like that),
- It will copy to your pendrive(maybe any removable storage), hide itself in a 'layer' that we
cannot see even when we enable the ' Show hidden file' command.
- It will alter the 'Autorun.inf' file of your pendrive/removable storage
- It will disabled the 'Task Manager' and 'Folder Option' command
- It will disabled the registry editing capability(we cannot edit the registry)

If somehow your system infected and your antivirus cannot detect/delete the virus, here is
some tools that may help you eliminate it.

The Tools

I use this tools to delete the virus manually after I format my PC. The antivirus are installed
but because the virus database are not updated, it cannot detect the virus.

1. First of all, disconnect your Internet connection and make backup of your important
documents(file/folder)

2. Startup Control Panel (http://www.mlin.net/)

- To check programs that start when windows login
- Disable any suspicious program
- No installation needed

3. ProcessExplorerNT (http://www.sysinternals.com/)
- To check current windows process and kill any suspicious process if Task Manager is
disabled(by virus)
- No installation needed
- 'He' is one of Windows© family now

4. RegSeeker (http://www.hoverdesk.net/freeware.htm)
- To check the registry/startup entry of viruses, disabled it if required to do so
- Startup entries
- No installation needed

FREE software for my PC..

Remove Virus Without Installing Antivirus Software

5. ExplorerXP (http://www.explorerxp.com/)
- To View all hidden file and folder that might being used by virus
* Used to view any hidden file/folder that cannot be viewed even after the ' Show hidden file'
command enabled
- Folders that can be view: Recycler, FOUND.000..., MSOCache, Folder Settings, _Restore,
System Volume Information, ........
- Need to install, but you can copy the installation folder to your pendrive to make it portable

6. FreshUI (http://www.freshdevices.com/)
- Windows tweaking tools
- To enable the Folder Option in Tools menu in Windows Explorer if disabled by virus
- Windows Interface - Explorer Interface Settings - Explorer Menu Options - Show 'Folder
Option' commands - yes
- To enable the Task Manager if disabled by virus
- Windows System - Other - Ctrl-Alt-Del Option - Allow user to run Task Manager - yes
- To enable Regedit application(open/edit)
- Applications - Regedit - Disable Regedit - Enable Regedit Application
- Require free registration after 11 days of use

7. Regedit (C:\WINDOWS)
- check any possible key(virus) in registry and delete/edit the key
- Edit - Find... (type a virus name plus extension - e.g.:SVVCHSOT.exe)
- Not recommended for unexperienced user(modify it at your own risk)
- A small mistake can lead to disaster...

8. Dr.Web Cure It Antivirus (http://www.freedrweb.com/cureit/)

- Can be use to eliminate certain virus without installing it
- Try use this standalone antivirus to remove the virus before you do it manually
- A Standalone/Portable antivirus (quite good)

9. Autorun.inf
- Simply a text file(Setup Information file) that sometime we have in our portable storage or
in autorun CD. It's OK to delete it
- To rewrite the autorun file that being changed by virus, you have to make your own
Autorun.inf file
- open Notepad, type [Autorun] and save it as Autorun.inf
- Copy and paste the file in your portable storage - Overwrite existing file

10. Group Policy

- To access the Group Policy, you can type gpedit.msc in the command prompt
- Here you can enable the Registry Editor, Folder Option menu and many more
- To enable the Registry Editor(Regedit)
- User Configuration - Administrative Templates - System - Prevent access to registry
editing tools - Disabled
- To enable the Folder Option
- User Configuration - Administrative Templates - Windows Components - Windows
Explorer - Removes the Folder Option menu item from the Tools menu - Disabled

FREE software for my PC..

Remove Virus Without Installing Antivirus Software

Some Information in using the Tools(Steps)

- Disconnet Internet connection/network and make backup

- Use process explorer to monitor and kill any suspicious process
- Disable the suspicious in startup entry using Startup Control Panel or regseeker
- Enable the Regedit, Folder Option, Task Manager using either FreshUI(need installation) or
using gpedit.msc command.
- Use CureIt DrWeb to scan the computer
- Use the ExplorerXP to check any hidden folder/file in harddisk/portable storage and delete
it if necessary
- check any suspicious .exe file in windows folder and delete it(if any)
- Use the created Autorun file to overwrite the existing(modified by virus) Autorun file if
suppose you cannot delete it when using ExplorerXP.
- Use the regedit to delete any entry that refer to the virus(to know the name of the virus
filename is needed. Eg; Flash.10.exe). Type full filename plus it extension and search the
registry. For any virus entry found, modify or delete the key. BUT, you have to know when
what to delete or what to modify. Search until the message box 'Finished searching through
the registry' appear. Start a new search for other virus files. After finish with the registry,
restart you computer.
* It is NOT recommanded for you modify the registry by yourself if you don't know what
you are doing!!!!

- The step may not like follow the above, it's depend on the situation

Some virus/Trojan may infect your pendrive and duplicate itself in every folder you have in
your pendrive, (e.g. \document) there will be a file called 'document.exe' in the folder. It will
use a yellow folder icon. But if you have a file that have the same name as it folder, there is
maybe no virus in the folder except in 'Folder Settings' folder if any.

It is good to have the softwares in your pendrive/portable storage as an emergency tools

If somehow, the virus corrupt your windows system, you can use Knoppix Live CD to
backup all your important documents.

FREE security software

Here are some of the FREE security software that can be use to protect your computer from
virus and it family.

Antivirus
Avast! Home (http://www.avast.com/)
- Free antivirus
- Require free registration (for home version) in 60 days after installation for one year of
personal license. Can be renewed after that without cost.

FREE software for my PC..

Remove Virus Without Installing Antivirus Software

AVG Free Antivirus (http://www.free.grisoft.com/)

- Free antivirus

I install both the Avast! Home and AVG to protect my system from virus. It works great
without conflict. From my experience, this two free antivirus should be installed together (if
you are using any of this FREE antivirus) because there are some virus Avast cannot detect
but AVG detect it and vice versa.. The update process takes less time.

The standalone Dr.Web CureIt! antivirus is a great tool if you want to scan your system
without installing it, but don't expect it to detect all viruses(if any).

FreeDrWeb Antivirus (http://www.freedrweb.com/cureit/)

- Can be use to eliminate certain virus without installing it
- Standalone executable file

Firewall
COMODO Firewall Pro (http://www.personalfirewall.comodo.com/)
- A FREE firewall
- COMODO has many FREE security software; Antivirus, Firewall, Anti-Malware, etc.

* If you are using Mozilla Firefox internet browser or any other browser, it is a good to
install a security plugin..

For an emergency purpose, I do have a folder in my pendrive that include all the
tolls/software above.. Most of the tools can be run directly from removable storage except the
FreshUI, Avast! Home and AVG Free antivirus, COMODO Firewall, and of course the
Regedit.exe....

- This is a free information, share it with others if you find it useful.

FREE software for my PC..