Windows XP Cleaning Process with Multi_AV

Step 1 – Getting Help

If you are really unsure about using such things as Windows Explorer and running programs from a command line now would be a REALLY good time to call on someone that knows about this stuff. If the information on your computer means a lot to you don’t mess about, turn the computer off and call for professional help. However if you think you understand enough to try and fix things the following steps are designed to help you do this in a tried and tested manner.

Note: Print these steps so you can read them while your computer is rebooting.

Step 2 – Download Offline Scanners

For this step you will have to download a number of files and make them available for the computer when it is in a minimal (safe) state known as Safe Mode. This helps the process because the malware is far less likely to be able to interfere with the cleaning process. To help make this process as simple as possible we can use a tool called the Multi AV Scanning Tool that has been developed by David Lipman.

  1. Download Multi_AV.exe from here. www.ik-cs.com/programs/virtools/Multi_AV.exe
  2. Once you have downloaded this program double click it to run it
  3. At the Open File – Security Warning window, ensure the Name value reads "Multi_AV.exe" and then click Run.
  4. The WinZip Self-Extractor window should now open so click the Unzip button to extract the files to the default path of C:\AV-CLS [Note: you must use this location].
  5. Once the files have been unzipped successfully click OK and then Close to shut down the WinZip program.
  6. Click Start and Run and type in the Open box C:\AV-CLS\StartMenu.bat , press ENTER, you should now see a window that looks like this:

  1. Press the number 1 on your keyboard to start the download of the Sophos scanner.

Note: If you have a firewall installed on your computer (you should have!) you are likely to see a warning from it that a program called WGET.EXE is trying to access the Internet. This is the program that is used to download the scanners so you will be okay to unblock it.

Once WGET.EXE has been unblocked close all open windows and run C:\AV-CLS\StartMenu.bat again. This time you should see the files download successfully after which the following box will appear:

  

  1. Click No as you will perform the scans later when your computer is in Safe Mode.
  2. Back at the blue menu screen press 2 to start the download from Trend Micro.
  3. When the files have downloaded successfully you should see the following:

  1. Click Exit to close the window and download the last scanner.
  2. Back at the Blue Menu press 4 to download the Kaspersky tool.
  3. Once the download has finished DO NOT start the Kaspersky scan, instead close the window and select 5 to close down the menu.
Step 3 – Disable System Restore

Next we need to disable the Windows XP System Restore feature to prevent it from re-infecting your computer after it has been cleaned.

  1. Right click the My Computer icon on your Desktop and click on Properties.
  2. Click the System Restore tab.
  3. Click Turn off System Restore on All Drives so that the window looks like this:

  1. Click OK and when you are prompted to restart the computer click No.
Step 4 – Restart into Safe Mode and Scan

Now you need to restart the computer in Safe Mode to do this follow these steps:

  1. Now back at the desktop, click Start and Run and in the Open box type msconfig.exe. The Microsoft System Configuration Utility will now run.
  2. Click the BOOT.INI tab and click the /SAFEBOOT option so that the screen looks like this:

  1. Click OK, after a short pause a System Configuration window will pop up
  2. Click Restart so that your computer restarts

Note: When you are starting in Safe Mode a lot more text is shown on screen, this is normal as Windows is simply listing the files it is loading to help fault finding if the computer is hanging during the startup routine.

  1. Logon with an account that has local administrator rights and click Yes at the Desktop warning window.
  2. Once at the Safe Mode desktop click Start and Run and then click Browse…and browse to C:\AV-CLS\StartMenu and click Open and OK
  3. The Multi_AV Menu will start, select option 1 to start the Sophos CLS scanner.
  4. Click Yes in the Sophos CLS window.
  5. Click No so that a full scan is performed. This will take some time but you must let it complete.
Step 5 - Check Results and Rescan

At the end of the scan you should see a text report called ScanReport shown in Notepad. Check it to ensure any viruses that may have been found have been successfully cleaned.

  1. Close the report and select option 2 from the Multi AV menu. This will start the Trend Micro Sysclean scanner.
  2. In the scanner window click Scan to start a full scan of the computer.
  3. Once again be prepared for a wait but do let it complete a full scan.
Step 6 – Check Results and Perform Final Scan

Once the scan has finished, and you exit the utility, it will popup a report in Notepad, check it to see if it was able to detect and clean any infections. Now you can run the final scan using Kaspersky.

  1. Close the report and select option 4 from the Multi_AV menu to start the Kaspersky antivirus scanner.
  2. Let the full scan complete.
Step 7 – Are The Results Clean?

Once the final scan has finished, check the report to ensure the results are clean. If the report is still indicating that it has an infection it was unable to clean you will need to get additional help. Go to the Links page for a list of places on the Internet that you can get additional help.

Step 8 – Reboot and Enable System Restore

If your final scan did come back clean you can be pretty sure your computer is now clean. The final step is to reboot the computer back into Normal Mode and turn the Windows XP System Restore service back on.

  1. Back at the desktop, click Start and Run and in the Open box type msconfig.exe
  2. Click the BOOT.INI tab and click the /SAFEBOOT option so that the check box is clear
  3. Click OK, after a short pause a System Configuration window will pop up
  4. Click Restart so that your computer reboots.
  5. Once the computer has rebooted logon with an account that is a local administrator.
  6. Right click the My Computer icon on your Desktop and click on Properties.
  7. Click the System Restore tab.
  8. Click Turn off System Restore on All Drives so that the check box is clear and click Ok

That is it, your computer should now be free from Viruses, Worms and Trojans. If you found this guide useful please let us know via our feedback page. To return to the PC-DiD home page click here.