Numerous times you used to help your friends and people when their PCs fell to onslaught of malware. So did we. But we got pretty sick and tired of all that and pulled out a trump card by instead compiling a full guide that you can just hand off to the injured party and thus guarantee your non-involvement. Take it and put it to good use!
Tip one. What can we do with the help of Live CD
using emergency repair discs from antivirus companies
Antivirus Live CDs can be used to recover your system once it is rendered unusable by computer viruses. Almost every antivirus company offers this product for free.
The CD is most often a Linux-based boot drive containing scanning and disinfecting utilities along with Linux components. These Live CDs also typically contain additional software tools (registry editing and recovery utilities, disk partition editing utilities, network configuration utilities, etc.).
See chart 1 for a brief description of Live CDs from the most popular Russian antivirus providers.
The selected Live CD image can be written either on a disc (CD or DVD) or on a memory card. If you're using Windows 7, the image can be written using the bundled software. You just have to right-click the icon, choose "Open with", then "Windows disc image burner". Older versions required special software to write disc images, e.g. Nero Burning ROM or its free counterparts like Img Burn or Ashampoo Burning Studio.
To write a boot image to a memory card you can use the special utilities supplied by antivirus software providers along with Live CD or WinSetupFromUSB. Select the correct USB memory card and the image file, check "Auto format it with FBinst" and then start the process.
If your PC or laptop is a little behind the times and didn't come pre-installed with Win 8 or higher, then system booting using a boot drive is as easy as 1-2-3. Enter BIOS setup (boot the PC and when the firmware starts running press "Del" or "F2"), change the boot source priority to CD-ROM or USB-memory card (except not all PCs support booting from USB) and wait for it to boot up.
If your PC has Win 8 or higher, you might face certain problems in UEFI mode (in the vast majority of cases). You might find it difficult to enter BIOS setup, and you will have to disable Secure Boot in order to boot from Live CD.
What is Secure Boot
Secure Boot is a UEFI option meant to protect PCs from bootkits, low-level exploits and rootkits. The UEFI boot manager in Secure Boot mode will only run code verified in its own database by a digital certificate.
You can use msinfo32.exe to find out the status of this option. Or rather you can simply read the note in the bottom right corner of the display:
How to disable Secure Boot
This all depends on your brand of laptop or motherboard, although for the most part the process doesn't differ much. The Secure Boot option can be found either in Security, System Configuration or Boot; you will have to check "Disabled" once you locate it. Then you will have to enable OS compatibility mode. Different manufacturers assign it different names: Launch CSM, CMS Boot, UEFI and Legacy OS or CMS OS. It can be found under "Advanced" in the main menu, then "BOOT MODE" or "OS Mode Selection". Don't forget to save the changes.
After you manage to boot your computer, you can scan and clean it. Usually this occurs without any prompting. Some Live CDs contain registry editing utilities. This is extremely helpful for analyzing registry autorun legs (most malware uses registries to autorun when the system is booting) or to revise some of the system parameters manipulated by the malware.
Some registry locations malware prefer
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
Browser Helper Objects
In order to prevent debunking, certain types of malware change the registry to disable the task manager, command prompt and registry editor. It's also possible there might be unauthorized UAC.
- 0 – enable registry editor;
- 1 – disable registry editor;
- 0 – enable task manager;
- 1- disable task manager;
- 0 – enable UAC;
- 1 – disable UAC.
- 0 – enable command prompt;
- 1 – disable command prompt;
- 2 – enable scripts run.
Tip two. The right way to ask for help
calling on the collective mind of virusinfo.info