Go to NetZ Home

Site Map
Support
    Knowledge Base
    Single Installation
    Network Installation
    Network Administration
    Bug Report
Registration
Downloads
Information

  

Subscribe to mailing list

Send To a Friend

Search the Knowledge Base

General cleaning method from common viruses

    Read this page through before undertaking disinfection. You may want to print it for reference.

    Applicable platforms: The method described below applies to Win32 platforms, from Windows 9x to XP, whether on FAT, FAT-32, or NTFS.

    Underlying principle: Common practice for virus cleaning is to run the virus removal software from a known to be clean environment, typically after booting of a clean DOS floppy. Unfortunately, booting from DOS is not always applicable, for cleaning NTFS partitions, as files on NTFS are not accessible from DOS.

    In practice, external booting is not necessary for cleaning from common and recent viruses. To run removal software without virus interference, it suffices to self-boot the affected PC from its own drive and native operating system, without letting Windows to initialize its startup applications (and the virus). This is done by replacing the Windows Explorer shell with CMD (under NT/W2K or XP), or with Command.com (under Win 95/98 or ME).

    Such startup mode exists in W2K and XP, and is known as ‘Safe mode with command prompt’. On other Win32 platforms, NetZ's ToggleMode utility provides the same capability to start Windows in command prompt mode, without loading the Explorer shell first.

    To install ToggleMode:

    • Run the ToggleMode utility directly from the web server, once, or download it to your local drive, or floppy. ToggleMode will install itself to the Windows directory the first time it runs. Once installed, ToggleMode can be invoked from the local desktop or command line just by running the TOGGLMOD command. Under NT/W2K/XP, you must have administrative rights when running ToggleMode in order to install it, and let it do the necessary changes in configuration files


    • To switch the Windows startup mode, run TOGGLMOD, from either the desktop 'run', or from the command line, select 'Safe' when prompted, then restart Windows


    Note: Although W2K/XP can be started to 'safe mode with command prompt' by tapping on the F8 key when restarting, users will find that using ToggleMode on W2K/XP is easier.

    Virus removal, step by step

    1. Applicability: The procedure described below applies where the following conditions are met:

      • The affected computer can load Windows from its own hard drive


      • The computer can connect to the web for downloading virus removal software. Although rare, an active virus may corrupt the download file of virus removal software. To avoid such interference, you may download the virus cleaner on a clean PC, store it on floppy, and run it from floppy on the affected computer. The size of dedicated virus removal software is rather small (a few hundreds Kbytes) and should easily fit on a 1.44 mb floppy, leaving ample room for ToggleMode and unused space.


    2. Selecting the cleaner program: Viruses, and especially worms and compound threats (the great majority of current malware) should be removed with specialized tools devised to handle the specific virus dealt with. The affecting virus can be identified through any of the following means:

      • The symptoms are similar to those described in one of the common virus alerts, on our home page


      • By submitting the offending file flagged by InVircible for online inspection, through this link (Kaspersky).


      After having identified the virus, use this Google search for a list of available removal tools. If not sure about the virus identity, then try a removal tool that handles a few tens of the most common threats, e.g Stinger from NAI.

    3. Always download the latest version of the selected tool, as these are updated frequently. Store the cleaner program to a directory that you will easily find when in command prompt mode, like to C:\CLEANER, for example, or to floppy.


    4. Disk cleanup: Before proceeding with the next step, run disk 'cleanup' on all drives when still in Windows. This will remove all temporary files from the drives and expedite the cleaning.


    5. Turn off System Restore: System restore must be turned off on Windows ME and XP, throughout virus cleaning. Click here for instructions how to turn SR off.


    6. Restart Windows to command prompt mode by running TOGGLMOD from either the desktop 'run', or from the command line, select 'Safe' when prompted, then restart Windows. Log in as administrator if the platform is NT4, Win 2000, or XP.


    7. Run the virus cleaner from command line, from the directory where you saved it, or from floppy (if saved there)


    8. Restart Windows in normal mode when done with the cleaning by running TOGGLMOD from the command line, selecting ‘normal’ when prompted, then restart Windows and resume normal operation

Last modified: 09 Nov 2003

Send this page to a friend

Back to Knowledge Base