Instructions for using the DoIT Windows CleanUp CD
The Internet has made it very easy for computers to be attacked, making it
increasingly important that all computers are protected using up-to-date
operating system and application software. This CleanUp CD contains anti-virus
and anti-malware (spyware, browser hijackers, re-directors and other malicious
software) utilities including files used to update them. Using these utilities
will remove existing viruses and malware from your computer and protect it from
future infections or intrusions.
The cleanup process involves:
Backing up your computer,
Preparing your computer for cleanup,
Installing and running anti-virus and anti-malware software,
Protecting your computer from re-infection, and
Updating installed software.
The whole process may take between 2-8 hours so allocate enough time before you
start.
It is very important for you to follow all the steps as presented. Once you
disconnect from the Internet and start cleaning your computer you should NOT:
-
Reconnect to the Internet until you have finished the cleanup procedures and
installed protective software.
-
Start "browsing the web" or do other work until you have all Windows Critical
Updates installed.
If you need help installing or using any of the utilities included on this CD,
please contact the DoIT Help Desk at (415)338-1420 from 8am to 10pm, M-F and
10am to 10pm, Sat. & Sun.
A. Backup! Backup! Backup!
During the process of cleaning and removing viruses and malware from your
computer, there is always the possibility of all your data being lost. We
strongly recommend that you back up all your data before proceeding with the
cleanup of your computer. If you need instructions on how to backup your data,
visit http://www.sfsu.edu/~helpdesk/backup/WinBackup.htm
This document is also in the CleanUp CD at
backup/WinBackup.htm
B. Prepare Your Computer
Before you start the computer cleanup process, you need to do the following:
print necessary documents, isolate your computer from any network connection,
disable System Restore setting (only if you are using Windows XP or Windows ME,
and run the Windows Disk Cleanup utility.
1. Print Documentation
Print the following documents from the CleanUp CD which you will need to
install VirusScan.
For Windows XP/2000
vs71/VScan71.htm
For Windows ME/98
vs451/vscan451.html
2. Disconnect from the Network
To prevent further infection while you are working on your computer, make sure
that your computer is not connected to the Internet or any network.
If you are connected to the Internet via a cable
Unplug the cable from your
computer.
If you are using a wireless connection:
For Windows XP
Right-click on the
Start button and click Explore. The Start Menu window will
open.
On the left-hand side of the window, right-click on
My Network Places and
click on Properties. The Network Connections window will open.
Right-click on the
Wireless Network Connection icon and click on Disable.
For Windows 2000
On your desktop, right-click on My Network Places and click on
Properties.
Locate your wireless network adapter in the list, right-click on it and select
Disable.
Close all windows.
For Windows ME
Click Start.
Click Settings. Click Control Panel and then double-click on the
System icon.
Click on the
Device Manager tab.
Expand the section under Network Adapters by clicking the + sign to the left.
Locate your wireless network adapter. Right-click on it and select
Properties.
Under the Device Usage section, put a check mark in
Disable in this hardware
profile, then click OK.
Click Close.
3. Disable System Restore (for Windows XP and ME only)
By default, System Restore is enabled so you can go back to a certain point
after making changes to your computer that are risky or might make your computer
unstable. You need to disable this so that your computer will not go back to a
virus-infested or malware-infested state.
Log in as an Administrator (XP users only).
Right-click on My Computer. (In Windows XP Standard mode, click
Start first)
Click
Properties
For Windows XP
Click the
System Restore
tab.
Click the check box for Turn off System Restore
to put a check mark in the
box.
Click
OK.
If asked “Do you want to turn off System Restore?” click
Yes.
For Windows ME
Click Performance
tab.
Click
File System button.
Click
Troubleshooting tab.
Click check box for
Disable System Restore
to put a check mark in the box.
Click
OK.
If asked “Do you want to turn off System Restore?” click
Yes.
When prompted to restart the computer, click Yes.
4. Run Windows Disk Cleanup
Running Windows Disk Cleanup will remove all unnecessary cache and temporary
files. This process may take anywhere from 3 to 30 minutes so be patient.
Select Start. Click (All) Programs. Click
Accessories. Click System Tools.
Click Disk Cleanup.
In the Select Drive
window, select a drive to clean up. Usually drive C: is already selected and
is the correct drive to clean up. If you know Windows is installed on a
different drive, select that drive using the drop down menu.
Click OK.
Wait for Windows to scan for files to delete.
Be patient.
From the Files to delete list, make sure the box is checked for the following
(depending on the version of Windows you are running, you may not see all files
listed):
Downloaded Program Files
Offline Files
Recycle Bin
Setup Log Files
Temporary Files
Temporary Internet Files
Temporary Offline Files
Temporary PC Health Files
Webclient Publisher Temporary Files
Make sure the following are NOT checked
Catalog Files for the Content Indexer
Compress Old Files
Office Setup Files
Click OK.
When prompted for a confirmation, click
Yes.
Click OK to close the Local Disk Properties window.
C. Cleanup Procedures
To make sure that your computer has a current, undamaged anti-virus program, we
strongly recommend that you remove your existing anti-virus software and install
the university site-licensed anti-virus software, VirusScan. Updates and
upgrades to this software are free to current faculty, staff and students.
Note: Installing VirusScan while other anti-virus software is installed will
result in serious system conflicts.
1. Remove any existing anti-virus software currently installed on your computer.
Click
Start.
Click
Settings (skip for Windows XP standard mode).
Click
Control Panel.
Double-click on
Add or Remove Programs.
From the Add or Remove Programs window, click on the anti-virus program you
wish to remove [your current anti-virus program name]
Click Remove.
Click
Yes when asked if you are sure you want to remove this program.
Close all open windows.
2. Access the CleanUp CD menu.
Insert the CleanUp CD in your CD drive. If your CD drive is set up to auto
start, the CleanUp CD menu will start automatically.
If the CleanUp CD menu does not start automatically, then do the following:
Double-click
My Computer. (In Windows XP Standard mode, click Start first,
then click on My Computer)
Double-click
CleanUp CD.
Double-click
menu or menu.exe.
Make a note of the CD’s release date in the title bar. If it is more than a week
old, your CleanUp CD is out of date. Bring a blank CD-R disk to ADM 110 to have
a new CleanUp CD made.
3. Install VirusScan and the current virus definitions.
Note: Installing VirusScan and scanning your computer for viruses may take at
least an hour and is likely to take three to four hours.
For Windows 98 or ME
If you haven't already done so,
print
vs451/vscan451.html,
rint docs/vs451/vscan451.html, for complete installation instructions. Follow
these instructions step by step. Return to this document when told to Update
VirusScan using the CleanUp CD menu.
For Windows 2000 or Windows XP
If you haven't already done so, print
vs71/VScan71.htm, for complete
installation instructions. Follow these instructions step by step. Return to
this document when told to Update VirusScan using the CleanUp CD menu.
Click on
Update VirusScan from the CleanUp CD menu. This will update the
anti-virus software to recognize the most recent viruses.
At the Welcome screen, click
Next.
When the update is complete, click
Finish.
4. Install and update Spybot–Search & Destroy (Spybot-S&D).
Spybot is a freeware program that can detect and remove spyware, and malicious
software (malware) from your computer. It can also be configured to help prevent
future spyware infections. The Spybot Detection Rules contain up-to-date
information on the latest spyware, and malware.
4.1 Install Spybot
Click on
Install Spybot.
Click OK
in the Select Setup Language window.
Click
Next in the Welcome to Spybot – Search & Destroy Setup Wizard window.
Read the License Agreement, then click on the radio button to the left of
I
accept the agreement to select it. Click Next.
Click
Next in the Select Destination Location window, to accept the default
location.
In the Select Components window, the check-boxes that are not grayed-out
should be unchecked. Click Next.
In the Select Start Menu Folder window, accept the default folder name and
click Next.
In the Select Additional Tasks window, accept the default settings and click
Next.
Click Install in the Ready to
Install window.
In the Completing the Spybot – Search & Destroy Setup Wizard window, uncheck
the Run SpybotSD.exe check-box. Click Finish.
4.2 Update Spybot Detection Rules
Click on
Update Spybot. If Spybot is not installed, a warning will be
displayed. Click OK to return to the menu. Install spybot before updating the
detection rules.
In the Name Setup: Installation Folder window, accept the default location and
click Install.
Click Close in the Name Setup window.
5. Install & Update Ad-Aware SE Personal
Like Spybot S&D, Ad-Aware is an application that removes pop-up ads and spyware
from your computer. The two programs complement each other since both find
pop-ups and spyware missed by the other.
Important: Ad-Aware SE Personal can only be legally installed on personally
owned computers. You must purchase the Professional or Plus version if you want
to install Ad-Aware on a University-owned computer.
5.1 Install Ad-Aware
Click on Install Ad-Aware.
You will see a window that states 'Ad-Aware SE Personal is for use only on
personally owned computers…' If the computer you are installing to is a
personally owned computer, click Yes. Otherwise, click No.
In the Ad-Aware SE Personal screen, click
Next.
Read the license agreement. If you agree to the conditions, click on
I accept
the license agreement to put a check mark in the check box. Click Next.
In the Destination Location window, click
Next to accept the default location.
In the Install to All Users menu window, make sure the radio button next to
Anyone who uses this computer is selected. Click Next.
In the Start Installation window, click
Next.
After installation, you will see a screen that says installation was
successful. Uncheck all of the check boxes. Click Finish.
5.2 Update Ad-Aware
Click on Update Ad-Aware. This will update Ad-Aware with the newest adware
definitions. If Ad-Aware is not installed a warning will be displayed
Click OK to return to the menu. Install Ad-Aware before running the update.
When the updates are finished, you will see a message that states: 'Ad-Aware
definitions were successfully updated. Click OK to exit.' Click OK.
6. Reboot computer in Safe Mode. (Note: Read all instructions before proceeding
with this section).
Close the CleanUp CD menu by clicking on the ‘X’ in the top right corner.
Shut down your computer and turn the power off.
Turn your computer on and immediately press the F8
key once each second until
the start up options screen appears.
Using the arrow keys, choose
Safe Mode
and press Enter.
Log in as Administrator on Windows 2000 and Windows XP.
7. Scan your hard drives for virus-infected files.
Click Start.
Click
All Programs (in Windows XP), or Programs
(in Windows 2000/ME/98).
Click on
Network Associates.
Click
VirusScan on Demand Scan.
Click
Scan Now. For each infected file found, it will do one of the following:
-If VirusScan cleans the file, it is ok to leave it on the computer by clicking
OK.
- If VirusScan is unable to clean a file, click
Delete. If the file cannot be
deleted, write down the name of the file and its location. Then call the Help
Desk at (415)338-1420 to schedule an appointment to bring your computer in!
Close all windows when scanning is completed.
8. Run Spybot-S&D
Double-click on the
Spybot - Search & Destroy desktop icon.
Read the contents of the Legal Stuff window, then click OK.
If you have other anti-spyware programs installed on the computer, the
Compatibility warnings window may open. We recommend you read it then click OK.
The first time you run Spybot-S&D
on your computer, the Spybot-S&D Wizard will
startup. Do the following:
In the Spybot-S&D Wizard window, click
Next. Do not click on the Create
registry backup button.
In the next wizard window, click
Next. Do not click on the Search for updates
button.
Click
Immunize this system in the next wizard window. When you see
Immunization has finished, click Next.
Click Start using the program in the next wizard window.
Click
Check for problems to start the scanning process. Scans usually take
between fifteen to forty-five minutes. Check the scanning status in the progress
bar at the bottom of the window. If spyware or other malicious software is found
on your computer, you will see the problem items listed on your screen. Each
identified problem will have a check in the check-box preceding it. If the DSO
Exploit problem is listed, you may ignore it.
Click
Fix selected problems. For Windows XP, a Creating System Restore Point
window pops up and closes when completed. At the Confirmation window, click Yes.
After problems are fixed, another confirmation window will pop up. Click
OK.
Each identified problem will now have a large green check preceding it.
If a problem can not be fixed, Spybot-S&D may prompt you to restart your
computer to complete the cleaning process. Agree, then close Spybot S&D. Restart
your computer in Safe Mode. Log in as Administrator on Windows 2000 or Windows
XP. Spybot S&D will automatically rescan your computer. Follow the previous
instructions to Fix selected problems.
Close Spybot-S&D.
Close all open windows.
9. Run Ad-Aware (only if you installed Ad-Aware SE Personal)
Double-click on the
Ad-Aware SE Personal
desktop icon.
Click the
Start button to start a scan.
Select
Perform full system scan, then click Next.
You will see Performing System Scan as Ad-Aware scans your computer. This scan
can take quite a while. Please be patient.
After the scan is finished, you will see Scan Complete.
Click Next.
In the
Scanning Results screen, right-click on the first object in the list
and choose Select All Objects. Click Next.
A window will open and warn you that objects are about to be removed. Click
OK.
You may see
Deleting Selection
as Ad-Aware deletes adware.
When Ad-Aware is finished deleting adware, you will be returned to the Ad-Aware
SE Status screen.
Click on the
X in the top right-hand corner of the Ad-Aware SE Personal window
to close the program
10. Shut down and restart your computer. In Windows 2000 or Windows XP, log in
as an Administrator.
D. Protecting Your Computer
1. Turn Your Computer Firewall On (Windows XP only)
A firewall stops worms from getting into your computer. Verify that your
computer firewall is turned on.
Right-click
Start then click on Explore.
Right-click on
My Network Places
in the left side of the window.
Click
Properties.
Right-click on the network adapter you are using to connect. Click Properties.
Click on the Advanced tab.
If you have not installed Service Pack 2 (SP2), make sure that the box next to
Protect my computer… is checked.
If you have installed SP2, do the following:
In the Properties window, click on the
Settings button.
Click
General tab in the Windows Firewall window.
Click the
On (recommended)
radio button and click OK.
Click
OK in the Properties window.
Close the Network Properties window.
2. Enable System Restore (for Windows XP and ME only)
Log in as an Administrator (XP users only).
Right-click on
My Computer. (In Windows XP Standard mode, click Start
first)
Click Properties
For Windows XP
Click the
System Restore
tab.
Click check box for
Turn off System Restore to remove the check mark from the
box.
Click OK.
For Windows ME
Click
Performance
tab.
Click
File System
button.
Click
Troubleshooting tab.
Click check box for Disable System Restore to remove the check mark from the
box.
Click OK.
When prompted to restart the computer, click
Yes.
3. Reconnect to the Network
If you connect to the Internet via a cable:
Plug the cable back in to your computer.
Restart your computer.
If you use a wireless connection:
For Windows XP
Right-click on the
Start button and click Explore. The Start Menu window will
open.
On the left-hand side of the window, right-click on
My Network Places and
click on Properties. The Network Connections window will open.
Double-click on the
Wireless Network Connection icon.
For Windows 2000
On your Desktop, right-click on
My Network Places and click on Properties.
Double-click on your wireless network adapter icon.
For Windows ME
Click
Start. Click
Settings. Click Control Panel and then double-click on the
System icon.
Click on the
Device Manager
tab.
Expand the section under Network Adapters by clicking the + sign to the left.
Locate your wireless network adapter. Right-click on it and select
Properties.
Click on
Enable Device then click
OK.
Click
Close.
4. Install Critical Updates
Windows Update is used to download and install updates to the Windows operating
system. This includes critical security updates and other updates Microsoft
believes you may want. Installing critical updates as soon as they are available
is crucial to protecting your computer from attacks over the Internet. For more
information, go to http://www.sfsu.edu/~helpdesk/windowsupdate/
Launch your Internet Explorer browser.
Click the Tools
menu then click Windows Update.
Depending on what Windows updates you have previously installed, click on
either
Scan for updates or Express Install.
If you clicked on Scan for updates
Click on
Review and install updates.
Click
Install Now. A pop-up window will show the installation progress.
If you clicked on Express Install
Click Install.
A pop-up window will show the installation progress.
Click
Restart Now, if prompted.
Repeat the entire “Install Critical Updates” procedure until no new critical
updates are found.
5. Install and Run SpywareGuard
SpywareGuard provides a real-time protection solution for your computer against
spyware.
5.1 Install SpywareGuard.
Click on Install SpywareGuard.
Click
Next in the Welcome to the SpywareGuard Setup Wizard window.
Read the license agreement and click Yes.
Click
Next in the Information window.
Click
Next to accept the default destination directory.
Click Next
to accept Full installation.
On the Select Additional Tasks window, make sure all shortcut options are
checked.
Click
Next.
Click
Install in the Ready to Install window.
Click Next in the Information window.
Make sure the Start SpywareGuard box is checked and click
Finish. SpywareGuard
then starts running (in the background).
5.2 Modify Settings and Update SpywareGuard.
Set SpywareGuard options by doing the following:
Double-click the red
SG
icon on the Windows System Tray (usually located in the
lower right-hand corner of the screen at the far right end of the Task Bar).
Click
Options then click
General.
Uncheck Enable Browser Hijack Protection to prevent conflicts with Spybot, which
does the same thing.
Click
Save Settings.
Click
Ok.
Click
Live Update to download current updates. Click Next.
Click Exit to close
the SpywareGuard LiveUpdate window.
Click on the X in the top right corner of the SpywareGuard window to close it.
Do NOT select File | Exit! which will stop SpywareGuard from running and will
leave your computer unprotected.
6. Install and Update SpywareBlaster
SpywareBlaster prevents the installation of spyware, adware, browser hijackers,
dialers, and other potentially unwanted pests.
6.1 Install SpywareBlaster
Click on
Install SpywareBlaster.
Click Next.
Read the License Agreement and click the radio button next to the “I accept
the agreement” then click Next.
Click
Next in the Information window.
Click
Next to accept the default destination directory.
On the Select Additional Tasks window, make sure the shortcut option is
checked.
Click
Next.
Click Install in the Ready to Install
window.
Make sure the Run SpywareBlaster box is checked. Click
Finish.
Note: SpywareBlaster should be running after the installation completes. If not,
double click on the SpywareBlaster desktop icon.
6.2 Update SpywareBlaster and Enable Protection
If this is the first time SpywareBlaster is run, a Getting Started window will
open for a short tutorial (3 screens). Read and click Next twice. Click Finish
when done.
You should now be in SpywareBlaster’s Protection screen. If not, click on
Protection in the left-hand side of the window.
Click on
Enable All Protection under Quick Tasks.
Click on
Updates in the bottom left side of the SpywareBlaster window.
Click on
Check for Updates.
If there are no updates available, close the window.
If updates are available, it will display Update Successful. Click on
Enable
Protection for All Unprotected Items then close the window.
If you get an error message, try to determine what caused the error, fix it,
and then check for updates again. Call the Help Desk at (415)338-1420,
from 8am
to 10pm, M-F and 10am-10pm, Sa & Su, if you need help.
Click on the X in the top right corner of the SpywareBlaster window to close
it.
7. Due to the current security problems with Internet Explorer, the Help Desk
staff recommends using an alternate browser like Mozilla or Firefox. Use
Internet Explorer only to do Windows Updates.
Congratulations! Your computer should now be relatively clean of viruses and
other malware.
E. Periodic Updates
To continue protecting your computer from new viruses and malware, all the
programs you have installed should be checked for new updates at least every
week. We realize that this can be a tedious task, so if you prefer, you can sign
up to have the Help Desk send you an e-mail when there is an update/upgrade to
any of the anti-virus/anti-malware software that we support. Sign up at:
http://www.sfsu.edu/~helpdesk/safecomputing/alertlist/
1. Update VirusScan
All versions of VirusScan are configured to automatically update Virus
Definitions 15 minutes after you start up your computer. If your machine is not
connected to the Internet, the update will not occur. You can manually update
the VirusScan definitions by following the instructions available at.
VirusScan 7.1 Manual Update:
(Windows XP/2000
http://www.sfsu.edu/~helpdesk/VirusScan71/VScan71.htm#update
VirusScan 4.5 Manual Update:
(Windows 98/Me)
http://www.sfsu.edu/~helpdesk/applications/vscan451.html#update
2. Update Spybot-Search & Destroy
http://www.sfsu.edu/~helpdesk/spybot/index.htm#update
3. Update SpywareGuard
http://www.sfsu.edu/~helpdesk/os/winos/SpywareGuard/spywareguard.htm#update
4. Update SpywareBlaster
http://www.sfsu.edu/~helpdesk/os/winos/SpywareBlaster/spywareblaster.htm#update
