Mike's Mostly Tech blog

Here we go again – Spyware and bogus Antivirus

Folks,
I can’t stress enough the importance of keeping your Operating system patched, up to date and running the latest versions of available applications – especially web browsers!
Several new threats are emerging that are taking advantage of the fact the people are running outdated and un-patched software. Some of the latest hacks have involved un-patched Adobe Acrobat and old un-patched web browsers – IE 6 and Safari. There is no reason to NOT have the latest web browsers and have them patched. I run Firefox primarily myself, as I have mentioned, but always keep all of my browsers (IE, Firefox, Chrome and Opera up to date)

As I have said before never, never and never..
Download supposed toolbars or video player or helpers…that a site says are ‘required’ to…whatever..
These are nearly always ‘trojanware’.
If you need to ‘install’ a special toolbar to ‘play games’ or ‘view a file’ or what ever you can be assured that someone is using that download to ‘view/own’ your system.
Are those ‘smileys’ worth having your entire system compromised or corrupted? I don’t think so.
If you use P2P software Limewire, Gnutella, KaZaA, Napster, BearShare, MySpace, torrents or even some Facebook ‘Apps’ you can expect, repeat EXPECT, to get infected by malicious software! There is no such thing as free ‘premium’ software. If software that normally cost from a vendor somewhere else is ‘found’ for free, you can expect you’ll get what you pay for. We don’t get it in the ‘real’ world why do people continue to believe that it will occur in the cyber world?
Here is an article on some people tricked by the old ‘social engineering’ scam to do just that.
Here is a good article on ‘Scareware’ – essentially it is a ‘social engineering’ tick to get you to install actual spyware/trojanware!
People are hit with this from many sites all the time, and end up screwing themselves to the stoneage.
Please take the time to read this information and how to protect yourself.

The one thing this article doesn’t really explain is how to ‘get out’ of the pop-up hell.
It is simple.
1st.

DO NOT CLICK ON ANY POPUP

WARNING WINDOW TRYING TO

CLOSE/EXIT!!!.
This will infect you!

Press the Ctrl+Shift+Esc keys at the same time (all on the left hand side of the keyboard).
This will bring up the ‘Windows Task Manager’ see attached screen capture.

From here click on the Microsoft Internet Explorer or Mozilla Firefox running ‘Task(s)’ and then click on ‘End Task’. It is wise to End Task ALL of them.

This kind of ploy gets MANY users!
I just the week have had three – count them 3 different people get caught by these methods!!
After closing the pop ups via the task manager run CCleaner BEFORE you open any browser again. If you have followed my previous advice you already have this installed and run it everytime you close your browser.
Please re-read these posts for more information on protecting yourself from malicious software.

Here

And Here

Super Windows remote support tools

When doing tech support I often find it is nearly impossible to figure out what people are trying to explain is ‘happening’ with their system and what real problems they are actually having.
Trying to solve technical problems over the phone or via a back and forth chat or email is like trying to give a haircut over the phone. To properly diagnose and resolve an issue I have to be ‘there’ sitting in front of and interacting with their system to actually solve the problem.
Here are some of the solutions I use.

I am a huge fan of LogMeIn for users that I frequently need to access their systems.
[Read family and close friends.]
I have a few paid pro accounts for my personal and business use and lots of free ones (under family and friends email/login credentials) for continuing ongoing occasional support. I can’t say enough about the quality of the LogMeIn service. It is superb. It lets me access my PCs and Macs anywhere – even from my phone!
Becuase of the Mac support from the same interface I find this tool to be the best I’ve used.
It has proved worth the subscription cost hundreds of times over.

For others that I won’t need always on or ongoing access I use TeamViewer. For ‘one off’ logins it is simple fast and easy.
I simply have the end users download the TeamViewerQS component and I can access their systems quickly.

Another method is to have the user use one of the following tools and ‘show me’ what they are talking about and what exactly they are doing by providing me with a ‘recorded session’ of their actions and the problems.

The newest and so far easiest to use is Windows 7’s built in tool.
Called “Problem Step Recorder”. Just type “psr” into the win 7 start menu, and you will find it. It too works very well.
PSR works like a camcorder to capture a user’s mouse movements and keystrokes into a file that can be played back later for problem analysis. This helps me to recreate or ‘see’ the problem situations.
Here is a great walk through of how to use it from the Winhelponline blog

But what can people who run XP or Vista do? There’s no built-in feature to do the PSR work, but there is a free download available on TechNet that does the same thing. It’s called “Screenrecorder” and is a very easy-to-use screen-to-video capture program, developed on top of Windows Media Encoder, that lets you easily capture what is going on to a small video file, which you can then send via e-mail to the appropriate person.
The TechNet description is here.
The actual download is here.
And finally I just learned of a new application that may do the same thing as the PSR and Screenrecorder but is even simpler to use. It’s called “Show Me Whats Wrong”.
Sounds really cool and I am sure to try it soon. Have a look.
Video demonstration is here.
And the site is here.

Windows 7 ‘God Mode’

This is a really cool hack.
It seems to work in all versions of Windows 7.

“GodMode” feature lets users access all of the operating system’s control panels from within a single folder.

By creating a new folder in Windows 7 and renaming it with a certain text string at the end, users are able to have a single place to do everything from changing the look of the mouse pointer to making a new hard-drive partition.

To enter “GodMode,” one need only create a new folder (anywhere, but desktop makes most sense) and then rename the folder to the following [for assured results copy this – from the ‘G’ to the last’}’ ]:

GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}

Once that is done, the folder’s icon will change to resemble a control panel and will contain dozens of control options. It is a handy way to get to all kinds of controls.

This also works in Windows Vista 32bit too but not Vista 64bit.

How to create a bootable upgrade or installation USB thumb drive to install Windows 7

Before you begin, you will require the following:

USB Flash Drive (4GB minimum)
Windows 7 ISO Image file (or DVD as explained in how to create ISO section)
Reading all of my notes completely as things change if you are doing an upgrade vs. new installation. (see the upgrade section for important info.)
You must be careful when using any tool that formats drives – you could toast your current operating system if you are not careful!! I take no responsibility for your lack of attention to detail or inability to read and FOLLOW ALL of these instructions!

The VERY easy ways first!
Method one:
Use the Windows 7 USB/DVD tool!
You will need and ISO image of Windows 7.
Installation:
To install the Windows 7 USB/DVD Download tool:
1. Download the Windows 7 USB/DVD Download tool installation file.
2. When you are prompted to, either save the file to disk or run it, choose Run.
3. Follow the steps in the setup dialogs. You’ll have the option to specify where to install the Windows 7 USB/DVD Download tool and whether to create shortcuts on your Start Menu or Windows Desktop.
[You need to be an administrator on the computer you are installing the Windows 7 USB/DVD Download tool on.]
Launch the tool, navigate to your ISO file (usually purchased directly through Microsoft store or created by you – see the creating and ISO section), and walk through the wizard.
(Note you can use this tool with Windows Vista ISO too to create a Vista USB install)
That’s it.
The wizard lets you select your source ISO file (Win 7 install), it formats your USB drive/stick, and then copies all your files over and makes that USB drive/stick bootable.

Once you have created your ‘bootable USB Thumb drive you are ready to install.

To do that, reboot your computer.
Now while your system is starting up press the appropriate button (usually F1, F2, F12, ESC, Backspace, or Escape) to bring up Bios Boot Menu.
Change the startup order to boot USB by default. Once done, save changes and restart the system.
On some systems (like Dell) you can just press F12 for a ‘select boot’ option too – very easy.
The install (or upgrade to) your new operating system.

For Windows XP Users
The following applications must be installed prior to installing the tool:
* Microsoft .NET Framework v2 must be installed. It can be downloaded here.
* Microsoft Image Mastering API v2 must be installed. It can be downloaded here.

Once the USB is created, by any method describe here, search for and delete the file named ‘ei.cfg’. This is usually located in the ‘\sources\’ directory.

Doing this step is what makes the USB memory stick allow you to install any version of Windows 7 as it no longer has a default version configured.

[Warning: This procedure will allow you to install a copy of Windows 7 that you may not be licensed to have. Therefore you need to be very careful to only select a version that you have a licensed key for as you will not be able activate Windows without valid a key!]

Method Two:
This is much like method one just using an open source tool.
Use the UNetbootin (Universal Netboot Installer) tool found here.
Insert the USB drive, run UNetbootin, and select Disk Image as ISO. Browse your local drive for Windows 7 ISO that you downloaded and click Open. Now Select Type as USB and choose the drive. Once done, it will look like a bit similar to the screenshot shown below.

Click OK and it will begin extracting all installation files to the USB drive. The whole process will take some time, so have patience.

Follow same method as above to boot to the USB drive.

How to create ISO:
If you have a CD or DVD and not an ISO you can try and create and ISO from your DVD using one of these Freeware tools:
LC ISO Creator creates ISO files from CD/DVD-ROM.
download (LCISOCreator.zip – 14 kB)
ImageBurn
ImgBurn is a lightweight CD / DVD / HD DVD / Blu-ray burning application that everyone should have in their toolkit!
Get ImgBurn here

About upgrading to Windows 7:
This section was taken from here.

When doing an upgrade MS limits you to what ‘type or flavor’ of the OS you can upgrade to.
Example; Vista Home Premium can only be upgraded to Windows 7 Home Premium, Windows 7 RC(and therefore ‘Ultimate’) can only go to Windows 7 Ultimate etc.
BUT HERE IS THE GREAT PART!
That is not entirely true!
You can upgrade to a different version with a simple registry adjustment.
Open a command prompt on your Vista or (Windows 7 Release Candidate) machine and type in:
Regedit
Navigate to HKLM(HKEY_Local_Machine)Software\Microsoft\Windows NT\ CurrentVersion
Change EditionID on the reg key from “Ultimate” to “[youreditionhere]”
and
Change ProductName on the reg key from Windows 7 Ultimate to “Windows 7 [youreditionhere]”
(minus the quotes of course)
Example:
EdittionID Professional
ProductName Windows 7 Professional
Close the registry editor, restart and do your install.

I have used this registry trick to upgrade some corporate Netbooks that came with Windows 7 Starter to Volume Licensed versions of Window 7 Enterprise.

Method Three – the hard(er) way:

Creating bootable Windows 7 USB install using Vista and Windows 7 installation DVD:
Step 1. Insert the Windows 7 DVD into your computer and the USB memory stick into your computer
Step 2. Open a “Command Prompt” and run “DISKPART”.

This will launch the diskpart utility in a separate window and perform a UAC prompt (allow access)
Step 3. Type “LIST DISK” and take note what the disk number is of the USB memory stick. This will be the same size as the USB memory stick (eg. 3824 MB = 4 GB).

Step 4. Then type “SELECT DISK X” where X is the disk number of the USB memory stick.
Step 5. Type “CLEAN”. Warning – This will wipe all data from the USB memory stick.

Step 6. Type “CREATE PARTITION PRIMARY”

Step 7. Type “SELECT PARTITION 1”

Step 8. Type “ACTIVE”

Step 9. Type “FORMAT FS=FAT32” (and wait about 5 minutes depending on the size and speed of the USB memory stick)

Step 10. Type “ASSIGN”.

You will notice the auto play window now appears. Take note of the drive letter (e.g. F:\ ) and close this window.

Step 11. Type “EXIT”
Step 12. Back at the command prompt type “xcopy d:*.* /s/e/f F:” where D: is the drive letter of you DVD and F: is the drive letter of your USB Memory stick.

Don’t worry if it takes a long time to copy boot.wim and install.wim as these are the two largest files on the DVD.

Step 13. Once the xcopy is finished run “del F:\sources\ei.cfg” from the command prompt and you Windows 7 Bootable USB memory stick is ready to go. Doing this step is what makes the USB memory stick allow you to install any version of Windows 7 as it no longer has a default version configured.

You can now either boot from the USB memory stick or just run setup.exe from the drive to start the install process. Either way you will now prompted for the version of Windows 7 you want to install.

Back ups and System restores

Folks, please back up your data.
Once again I have been involved with a system meltdown where there was NO valid back up available.
I was able to salvage some data only after many, many hours and lots of aggravation.
Please don’t let this happen to you.
If people would create, and more importantly follow an effective back up strategy, they (and I) would live a much less stressful life.
There’s one simple rule about backups that everybody needs to fully understand:
Your files should exist in at least Two places, or it’s no longer a backup! Too often people delete files from their primary PC, assuming they are backed up or worse have their back ups located on the same hard drive on the same PC. A different partition of the same physical drive does NOT count. When hard drives fail they usually take the whole drive down including all partitions.
You data must exist in TWO, separate places at once or it is not a back up.
The simplest way is to purchase an external drive that you back up your data to by creating (and appending) disk images (see below for more) on a regular basis. I believe the most effective backups are Images(Clones).

Large external drives are very inexpensive these days. You can pick up a 1TB drive for around $100 or less just about anywhere.
But remember when backing up your data that you can’t delete it from your main system once it’s been backed up to an external drive. By doing that, you’ve left yourself with only a single copy of your important files, on an external drive that has just as much chance of dying as your internal PC hard drive.
So if you have only one external drive remember that.
Or you can go to my paranoid – but outrageously safe, route:
And use at least TWO external drives for image rotations.
I do.
I believe in the ‘grandfather/father/son’ method of backups.
[This is a method for storing previous generations of master file data that are continuously updated. The son is the current file (the one on your pc or data drive for home users), the father is a copy of the file from the previous cycle, and the grandfather is a copy of the file from the cycle before that one.]
I don’t want to be the guy who lost 25 years of family photo’s or my QuickBooks file with 15 years of business data because I didn’t want to spend a little money and time up front to be safe.

Imaging or cloning is the procedure by which you create a backup that is identical to a bootable system either to another (separate) internal or external drive. This is the ultimate backup! Should your drive fail you can just ‘pop in’ your cloned drive or ‘restore’ that clone image to a new (replacement) drive and your are up and running.
Image software makes a full, exact copy of your hard drive— a mirror image of the operating system, software, data, file organization—everything.
Good description here.
The go to software for me is Acronis or Ghost
Both have home and enterprise solutions. I have used them for many years, and continue to use both of them extensively.
For the price it is inexcusable to not have this software and use it regularly in your back up strategy.
For OS X creating an image is very simple process that can be done without any 3rd party software although I do like using SuperDuper. I have covered that in a previous article here.

Some of you may be happy just having your ‘data’ backed up to an external or online storage solution like Dropbox, Mozy, iDrive or Carbonite. There are others search ’em out.
That is fine and good for immediate back ups or access to current documents while traveling. I sometimes do this to between my image/back up schedule or when I am traveling and I know I will not be able to use a secure system.
I also use Microsoft’s SyncToy to mirror my working folders at home to one of my external drives and at work for my working documents and files. This tool has just been update to increase it’s speed and robustness, especially with network attached storage devices (NAS). You can find it here.
Well that’s all for now.
Please people save some grief and back up your data then back that up!
Peace.

More on Antivirus software

I’m really impressed with Microsoft Security Essentials. It’s very minimalist but it gets the job done. It’s very fast to scan your computer and it isn’t constantly bugging you to ‘renew your subcription’.
Microsoft Security Essentials is the newest addition to Microsoft’s computer protection software. It replaces the Windows Live OneCare subscription service and Windows Defender by providing more comprehensive coverage than either of the two originally provided. Microsoft Security Essentials is free for all Windows users and provides protection against a variety of threats including viruses, malware, adware, and spyware.

Although I still use Symantec Corporate (and other Anti-Spyware solutions – me paranoid) on most of my machines I have been using this on Windows 7 and think it is a GREAT free alternitive to the expensive ‘bloatware’ AV solutions out there now. The only ‘caveat’, if you can call it that, is your system must pass ‘Microsoft Genuine Validation’. I hope all your machines do already, they should. But there is always that chance your operating system was not properly licensed by your OEM or you license key was mistakenly blacklisted.

You can get it here:
http://www.microsoft.com/Security_Essentials/default.aspx

Be safe out here.

Microsoft Technet Deal

For those of you in the development of, sale of, or support of computers and systems you should already have a Microsoft Tech Net subscription.
With the Tech Net Plus subscription you have access to download over 70 full unrestricted titles (many with multiple license keys and permited activations!!) of Microsoft software and training titles, ranging from Windows 7 to Office 2007 and many server versions. Simply burn the images (.iso) to CD of DVD.
I believe it is the most valuable subscription available for staying current on applications and operating systems.
If you don’t currently have a subscription now is the time to get it.
Microsoft is being very generous and providing a 28% discount till the end of the year.
The regular subscription is $349.00.
With the coupon it comes out to like $252.00.
A VERY low price to pay for all the software most of you will ever need for a long while.
I have been a subscriber for over a decade believe I get WAY more than my moneys worth. I am able to have access to new and current software as soon as it is available and usually LONG before the general public has access. For example via TechNet I have been using Windows 7 in one form or another for over a year. [The cost of Windows 2008 Server R2 is $3,999.00 alone!]

You can find the information here:
http://www.microsoft.com/click/technetplus/

Just use the coupon code: TNWIN7L

Description of Subscription Software Benefits:

TechNet Plus Direct

All Online Access

Access to all TechNet Plus resources via the members-only TechNet Plus benefits portal for an individual user. Does not include DVD shipments.

• Full-version evaluation software without time limits

• Beta software releases

• Technical Information Library

• Professional Support Incidents

• Managed newsgroups

• Online concierge Chat

• Technical training resources and Microsoft E-Learning Courses

Servers & Operating Systems 2007 Microsoft Office System Microsoft Dynamics

• Windows Server 2008

• Windows Server 2003 R2

• Compute Cluster

• Windows SharePoint Services

• SQL Server

• Application Platform Servers

BizTalk Server, Commerce Server, Host Integration Server, Connected Services Framework, Customer Care Framework

• Business Productivity Servers

Content Management Server, Exchange Server, Office Live Communications Server, Office Forms Server, Office Groove Server, Office PerformancePoint Server, Speech Server, Sharepoint Server, Windows Sharepoint Services

• IT Operations Servers

Identity Integration Server, Microsoft System Center, Microsoft Operations Manager, Microsoft System Center Capacity Planner, Microsoft System Center Data Protection Manager, Systems Management Server, ISA Server

• Windows 7

Ultimate/Enterprise/Professional/Home Premium/Home Basic/Starter

• Windows Vista

Ultimate/Enterprise/Business/Vista Home Basic/Home Premium

• Windows XP

XP Home/Media Center/Professional/Tablet PC Edition

• Office

Ultimate/Enterprise/Professional Plus/Professional 2007 [2]

• Office Desktop Applications

Office Word, Office Excel, Office PowerPoint, Office Outlook & Business Contact Manager, Office Access, Office Publisher, Office InfoPath, Office OneNote, Office Communicator, Office Groove, Office SharePoint Designer, Office Visio, Office Project Standard, Office Accounting, Office Business Scorecard Manager, Office FrontPage, Office Project Professional, Office Project Server, Office Project Portfolio Server

• Dynamics AX, GP, NAV, SL, Microsoft Forecaster & Microsoft FRx

• Dynamics CRM, Point of Sale, Microsoft Small Business Accounting & Financing

Share External Mac Volumes

If you have a mixed environment of PC’s – MS Windows and Macintosh, it can be tough to configure access to shared resources on shared machines.
Sure you might think OSX can do this with the ‘Windows File Sharing’ but you are limited to the ‘home’ folder.
Sharing a Windows folder or drive is actually fairly simple and straight forward.
Here is a great tutorial from Lifehacker on how to mount Windows shared folders in OSX:

http://lifehacker.com/software/mac-os-x/how-to-mount-a-windows-shared-folder-on-your-mac-247148.php

But what about sharing other (like external drives) resources on you Mac with other Macs and PC’s
By that I mean what happens if one of your Mac’s used for Graphic Arts or Pre Press has external drives that need to be shared to other Mac’s and PC’s
I have found VERY few articles that describe this easily and succinctly in over a decade of working with Mac’s.
So here is what has worked for me.:
——————————————
You can share any volumes on the Mac, USB, Firewire and other internal drives etc.

First TURN OFF WINDOWS FILE SHARING in the System Preferences.
I find the first example works best for me most of the time.
Then Go to Applications

Then Utilities and find the Terminal application and open it.

Open Terminal and type;

cd /etc

sudo pico smb.conf

———————————————————-

You’ll be prompted for the password.

Then scroll down to the end of the options and add something like this below:

[BIG EXTERNAL]

comment = BIG EXTERNAL

path = /Volumes/BIG EXTERNAL/

browsable = yes

public = yes

read only = no

Or maybe like this:

[USB]

comment = USB Drive

path = /Volumes/USB Drive name

valid users = joe user

public = no

writable = yes

printable = no

When done making your changes, hit Control-O to write changes to disk (save additions to smb.conf file) and press Return when prompted for a file name. The hit Control-X to quit pico and close the Terminal window.

Now go to your Window PCs and try and ‘browse’ the network and find your shares.
——————————————————

To share additional folders, duplicate the section above — but change the name, comment, and path for each new folder.
I have used this and veriations of this technique for years with great success.
Hope this helps you get productive.

Ok now what if you need to mount an NTFS volume ‘in’ OS X?
There are a few solutions.
This one is condensed from tips from MacOSXHints:

Snow Leopard has the ability to mount NTFS volumes as read/write, but it’s not enabled by default — just read only is supported, as in 10.5. Here’s how to get full read/write support for NTFS drives in Snow Leopard.
First, uninstall NTFS-3G or Paragon if you’re using either one!

Here’s how to get read/write support for NTFS drives in Snow Leopard:

1. In Terminal, type diskutil info /Volumes/volume_name, where volume_name is the name of the NTFS volume. From the output, copy the Volume UUID value to the clipboard.

2. Back up /etc/fstab if you have it; it shouldn’t be there in a default install.

3. Type sudo nano /etc/fstab.

4. In the editor, type UUID=, then paste the UUID number you copied from the clipboard. Type a Space, then type none ntfs rw. The final line should look like this: UUID=123-456-789 none ntfs rw, where 123-456-789 is the UUID you copied in the first step.

5. Repeat the above steps for any other NTFS drives/partitions you have.

6. Save the file and quit nano (Control-X, Y, Enter), then restart your system.

After rebooting, NTFS partitions should natively have read and write support.
This works with both 32- and 64-bit kernels. Support is quite good and fast, and it even recognizes file attributes such as hidden files.
[There may be good reasons why Apple left support disabled, so use at your own risk!]

Another solution that may be simpler is to use this utility which ‘puts’ a GUI onto the above style tweak.

Anyhow I hope this helps

Let’s Kill Some Spyware!!

I recently had to help some people remove some serious spyware/malware/virii.
No normally if I can’t ‘kill’ the bad stuff fairly quickly. I will simply get the persons ‘data’ – documents, pics, music etc. – off the machine and then delete the partitions. wipe the drives, re-format and re-install the operatiing system clean.
But sometimes in a business situation this is not always possible.
Or sometimes all the needed applications are not available for ‘re-install’
For this you must try and ‘save’ your system without the ‘nuclear option’.
So here is one of the best methods I use on a ‘running’ active system.
Read all the instructions and download ALL of the suggested applications from a ‘non-infected’ machine 1st.
Then place them on a portable drive – usb or a directory on the infected system [c:\killmalwareapps or something]
Ok let’s start.
1st on the infected machine delete the ‘hosts’ and ‘lmhost’ files.
They will be located in the c:\windows\system32\drivers\etc folder.
[Possibly c:\winnt\system32\drivers\etc]
First try an online scan from Trend Micro.
To do this safely – using an ‘external non-infected browser’ you need to run ‘Firefox portable’ off USB drive.
This will allow a ‘clean run’ of a browser for a live malware/spyware scan:
How To:
The article here:
http://firefox-fangirl.livejournal.com/1977.html
explains how to download the latest portable Firefox builds and how to correctly install it as a ‘portable app’ on a separate folder or usb drive. I ‘install’ it to a directory called ‘portablefirefox’ and then I copy that to my USB drive.

Then go to Trend Micro USING THE PORTABLE FIREFOX and run their housecall application and run a scan:
http://housecall65.trendmicro.com/
Make sure you do NOT use any browser installed on the infected system!!!
Use the ‘Firefox Portable’ application to get to the web.

Other tools to have on hand (on your usb drive) before starting.
From Sysinterals
http://technet.microsoft.com/en-us/sysinternals/default.aspx

Get the following apps. Download on clean system and transfer to usb.
Autoruns – Finds all the crap actually loading at startup.
You will finds all kinds of ‘crap’ that shouldn’t be there.
http://download.sysinternals.com/Files/Autoruns.zip
Extract and run this to show EVERYTHING that is loaded at start up.
This includes applications, scripts, drivers, active X controls, dll’s and more.

Process Explorer
http://download.sysinternals.com/Files/ProcessExplorer.zip
This helps find unwanted running strigs and helps in there termination.
Run the application to see every currently running process/application on your system.

You will often need some or all of the following applications to ‘kill’ bad processes.
That is, malicious programs that are running ‘un-authorized’ processes.

unlocker
http://ccollomb.free.fr/unlocker/

wholockme
http://www.dr-hoiby.com/WhoLockMe/

file assassin
http://www.malwarebytes.org/fileassassin.php

A great spyware finder:

spybot s&d;
http://www.safer-networking.org/en/spybotsd/index.html
I install this as my online scan is running (if possible).
Don’t confuse this application with other that are trading on the ‘Spybot’ name and are in and of themselves ACTUALLY spyware. The one and only original FREEWARE application is here.
http://www.spybotupdates.biz/files/spybotsd162.exe

Remember to have all these files already downloaded and copied to your portable drive.

And to assist in cleaning our all ‘temp’ type files:
CCleaner
Especially usefull if there is an ‘unseen’ internet app (ie or firefox) downloading malware in the background continually
I will run this over and over while running spybot scans.

http://www.filehippo.com/download_ccleaner/download/d1565b7fb77b48a3692a199d871845fd/

Anyhow this is just a quick but I think fairly thorough way of cleaning an infected system if you don’t have a ‘Live’ type of utility or rescue disk available such as UBCD (ultimate boot cd), Hiren’s, or a custom Bart PE disk.