My Works‎ > ‎Guides‎ > ‎Information Technology‎ > ‎

Disinfecting Your Computer

Created: 12 November 2010

Last Reviewed: 21 January 2011



This guide was made for a personal friend who became a victim of a phishing attack (hence the use of first/second person perspective and the reason behind the assumptions made).

Anyone is welcomed to use, modify and republish this guide for non-profit purposes providing that due acknowledgment is paid and that it is in compliance with the Australian Copyright Act 1968 and other applicable local and international laws.

While the author(s) and editor(s) endeavour to ensure that the information contained in this guide is accurate, by using this guide, you agree to do so at your own risk and exempt the author(s) and editor(s) of any liability arising from the use or misuse of this guide. This guide should not substitute or be considered as professional advice.

All logos and trademarks used belong to their original owners. Material and pictures contained in this document are in accordance to the fair use policy contained in section 40 (research and study) and section 41 (review and criticism) or the Australian Copyright Act 1968.


First off, I still think that the safest and most effective way of cleaning your computer is to back up your documents (NOT using the windows backup and restore - because this will also back up all malwares and defeats the purpose of the exercise) and do a hard format of your drive (this involves formatting your hard drive, then write 0s to all sector of the hard drive, formatting it again and repeat 7 times) and installing a fresh copy of windows.

If you want to do this, I can tell you the steps to do the hard format (not the standard ‘format C:’ command from command prompt). But judging by your reaction to my suggestion of fresh-reinstalling windows the other day, I'll assume that you don't want to do this.

Assuming that you do not want to re-install windows, below are the steps you need. Note that anything written in bold and italics, especially ones that are in red are crucial steps. If you do not follow these steps in the order they are written or make a mistake, it will render your computer in a vicious cycle of one virus checker blocking the other virus checker going in a loop, not allowing your computer to process ahead, eventually causing the CPU to fail and necessitating a hard drive wipe-out and clean re-install of windows. So please, pay particular attention when you are approaching those steps.

<Words that are underlined contain links to the appropriate web site>

<If you have difficulty seeing the pictures, click on the pictures to enlarge>


A.      Find which version of windows you are running

①.   Right-click on ‘My Computer’

②.   Click on ‘Properties’ (I’m assuming that you are running either windows Vista or 7)

③.   Find the ‘System type’ (red box in the diagram)

à   If this says 64 bit like mine does, then some of the steps below will not work

à   If it says 32 bit, read on.

B.      Unlock the true administrator account and log in as an administrator

①.   Go to Start → All programs Accessories, then right click on Command Prompt

②.   Click ‘Run as administrator’

③.   Create a password for your administrator account

à   To make it safe, it has to

Þ     be at least 8 characters long, the longer the better

Þ  contain all of the following: small case, capital case, number, symbol

Þ     not be written down in a file anywhere in the computer

à   Type in the command as shown in the picture below:

Þ     net user administrator <password>, press enter

④.   Activate the administrator account

à   Type in the command as shown in the picture below

Þ     net user administrator /active:yes, press enter

⑤.   Restart your computer

⑥.   Log in with the ‘Administrator’ account

C.      Terminate suspicious processes and uninstall suspicious programs

①.   Ctrl + Alt + Delete

②.   Click ‘Start Task Manager’

③.   (See picture below) Click on the ‘Processes’ tab

④.   Go through all the processes under the user ‘Administrator’ (ie ignore ‘SYSTEM’ etc.)

à   If you recognise the process, then leave it alone

à   If you don’t recognise the process, then:

Þ     right click and select ‘Open File Location’, this will open the directory of the program

Þ     right click on the process again, this time selecting ‘End Process Tree’ (or ‘End Process’ if it returns an error)

Þ     Have a look at the directory and delete the offending program (it will not allow you to do this if you didn’t end the process earlier)

Þ     Once you’re done, empty recycle bin

⑤.   This is a crude way of identifying the obvious malwares and spywares to lessen the load and improve the success of the next steps

à   Don’t worry about accidentally deleting an important system file, as this will be listed under ‘SYSTEM’ and not ‘Administrator’

⑥.   At this point, it is also a good idea to run through your program list and uninstall anything that you don’t need or don’t remember installing (see picture)

D.      Remove malwares and (some) rootkits

①.   It is important that this step is done straight after section C without restarting

à   If you have restarted your computer, repeat section C

②.   Run a full scan (not a quick scan) with your current antivirus program, deleting everything it detects.

④.   Download the ‘Malicious Software Removal Tool’, install and run it

E.       Installing Avast antivirus

①.   Avast antivirus is a free antivirus and the only antivirus with ‘boot time scan’, which is only available for the 32-bit (see section A) version of the program

②.   Download Avast!

③.   Make sure you download the free version (we are only going to use it once, so please don’t buy the professional edition)


⑤.   Once the download has finished, disconnect the internet, then uninstall your current virus checker

⑥.   Restart the computer

⑦.   Install Avast

⑧.   While installing, if it offers you to do a ‘boot-time scan’, select yes

⑨.   Don’t restart your computer yet (I know that it recommends you to do so)

⑩.   You can register it if you want, but I wouldn’t bother since it lasts 30 days without registration and we only need it for today

⑪.   Run Avast, turn internet back on and update both the program and the virus database

⑫.   If it didn’t ask you before, find the section that enables ‘boot-time scan’ and create a schedule for the next restart

F.       Do a boot-time scan

①.   Restart your computer.

②.   It should start up and load the Avast module

③.   Let it run (will take a few hours depending on the speeds of your CPU and hard drive and how much data you have)

④.   If it encounters anything, always select delete (a good tip is after it finds the first virus/rootkit/malware –it will find one in a few minutes– select ‘delete all’ and then you can let it run and do something else without it needing your input)

⑤.   Once it is done, then log on again into the administrator account

G.     Remove Avast, a new virus checker (± set up IP blocker)

①.   This virus checker that you are picking next will be the one that you will use for the long term. You have basically 2 choices:

à   Comodo Internet Security (get the free version, the premium only adds customer support)

Þ     Very powerful and has all the features you will ever need

Þ     Gives you control on how tight you want your security to be

Þ     Requires very good knowledge of computer defences (firewall, sandbox, network shields, etc)

Þ    Can be very annoying and potentially dangerous if you don’t have a good understanding of computer security


à     Microsoft Security Essentials (free download from Microsoft)

Þ     Very clean and requires minimal attention

Þ     This should be your default choice unless you fully understand what I’m talking about above

②.   After downloading and before you install the new virus checker, make sure that you turn off the internet, then uninstall Avast!

③.   Restart your computer, install the new virus checker, turn your internet back on, update the virus checker and then restart

④.   From this point, I’m going to assume that you chose Microsoft. If you chose Comodo, make sure that you are familiar with the program then skip to section H

⑤.   Open Microsoft Security Essentials, go to the ‘Settings’ tab and make sure that your settings match the pictures below

⑥.   Once you are done, download the program PeerBlock

à   This program scans incoming connection and recognises IPs that are associated with spying and hacking activities

à   It is a free program that uses minimal computer resources and mostly run silently in the background

à   Make sure you get the beta release, not the stable release

Þ     the stable release is badly outdated and does not get updated often

Þ     the beta release is already very stable anyway

à   Install and choose to update every day when prompted

à   The problem with this program is that it blocks all IPs that are suspected of spying, and this includes IPs from Universities, governments and some legitimate corporations

Þ     Most of the time it will not cause any problem

Þ     It does not interfere with Windows update or virus checker update

Þ     If you find that it blocks a website you want to visit

·         Chances are that the website is bad

·         If you trust the website, then allow HTTP

·         But don’t forget to disallow HTTP again once you finish

H.     Preventing future attacks

①.   Don’t use the 'Administrator' account ever again (don't log in there, or if you can't resist the temptation, repeat step D, changing the argument to: 'net user administrator /active:no'), but make sure you remember the password.

The 'Administrator' account has privileges way beyond that of a normal account. It is similar to the 'root' or 'superuser' account in unix systems, which have access to everything without exception (this is contrast to normal account that are set in control panel to have 'administrator level' access, which still have limitations in access to the core files). So if someone else gains access to it, they pretty much have total control of your computer.

Keep 'user account control' turned on! It is there for your safety and is a clone of the system that has been well and truly tested and proven effective by the Unix systems (Linux and Mac). It may be annoying, but can make a huge difference.

②.   Don’t visit dodgy websites or reply to any dodgy email

③.   NEVER use another Hotmail account

④.   Use a completely separate email account that is strictly for paypal and banking

à   Safeguard the identity of this email, tell no one and use it for nothing else

Þ     Preferably the paypal email is again separate from the banking one since your seller will be informed of your paypal email

à   Do not give this account out to shopping websites, including eBay

Þ     Have a separate email for eBay

⑤.   Never ever give your password to anyone online (email, private message, anything!)

⑥.   Do a full scan of your computer (not the quick scan which is being run daily) at least once a week

⑦.   Hard format your hard drive (see opening paragraph) and install a clean copy of windows every year

⑧.   Do not stick your USB into hospital computers (which are proven to be full of viruses)

⑨.   Do not stick strangers’ USB into your computer

⑩.   If any of (8) or (9) must happen, make sure that you do a full scan of your computer after updating the virus checker

⑪.   If you are about to do something with your computer that you think may be a silly idea, then it will most likely be silly


In closing, remember that regardless how sophisticated your security system is or which operating system you use, the most important defense (and also the most dangerous threat) to your digital life is the person sitting in front of the computer reading this right now (yes, that means you!). Your computers, email addresses and passwords are your digital ID. Anyone gaining control of any of these will have control of your digital life, which I’m afraid nowadays represents a very significant proportion of our real life. Stay safe and good luck =D

~Ignatius Eric Hadinata~

Post comments below (please use scrollbars)


The gadget spec URL could not be found