F.A.Q.
Q - A lot of this seems useless.
A - DO IT ANYWAY. Far too often people will skip steps, only to find they are still infected.
Every step has a purpose. Follow them all.
Q - Why not just format?
A - At least once a month, windows receives automatic security updates. These fix security holes that viruses and other types of infections can use to get into your computer and mess it up.
When you format and reinstall windows, you are taking it back to a time before all the updates, meaning you are just opening the door for even more infections to get in! It's better to remove the current infection and then take steps (listed in the "future prevention" post) to prevent reinfection.
Q - Why doesn't your sticky specifically list (name of infection here)?
A - There's thousands and thousands of computer infections, just like there's thousands and thousands of viral infections your IRL body can get, but there's not thousands and thousands of cold medications, are there?
There's tons of breeds of dogs, but they're all still dogs. You don't buy dog food specifically for your dog's breed+gender+age+color+attitude, do you? Most infections have core things in common with each other, so a few tools and instructions can remove 99% of computer infections people get. Furthermore the same infection can often call itself multiple names in order to try to disguise itself. This is most often true of infections that pretend to be virus scanners and try to scare you into "buying" them.
Q - I found this (verified legit) program that I installed and it scanned my computer and says it found the problem and is only asking me $30 to remove it, isn't that a good deal?
A - Never. That's like an electrician coming into your home, doing an inspection, and telling you
"Hey, I found the problem, these cords right here came disconnected. Now, I can reconnect them, but you're gonna' have to pay me $50..." If the program has installed and has found the issue, it has
no reason whatsoever to charge you to do the final steps, which are simple compared to actually being installed and scanning, which it's already done for free. These programs try to get you to pay for something you don't need. They try to make you feel backed into a corner, like you have no other option. There is no actual need for you to pay after it's already scanned, they just want your money.
This is especially true if the program doesn't actually tell you what
and where the problems are, that shows that the makers of the program don't want you going and fixing it yourself. They're not interested in actually fixing your problem, they just want to
scare you out of your money.
Q - A scanner is telling me that something I know is clean (for example, a game like maple story) is an infection, why?
A - Either it really DOES have an infection (
viruses infect other programs in order to reproduce!), or the scanner you're using is doing "heuristics" scanning. That's where it takes the program, and basically puts it in a virtual environment and tests how it reacts to certain actions, and if it does anything the scanner finds suspicious (that the scanner thinks it has no right doing, like a fast food employee carrying a gun), the scanner will mark it with a generic alert based on what type of infection the scanner thinks it is.
http://www.virustotal.com/ - Go there, upload the file it says is infected, and it will scan it with many virus scanners. There you can see what the results are. If only a small percentage of the scanners mark it as bad, and they use generic terms, like just "spyware" or "trojan" or "keylogger", then you can assume that the file is really clean. Real viruses are given codenames, like "Fojack" or "Hidrag.a".
Q - What is all this stuff about DNS and HOSTS?
A - DNS means "Domain Name Server". A DNS server keeps information which web address relates to which IP address on the internet (like how google.com is 74.125.45.100). It's sort of like how "Jack's house" means "123 Oak Tree Lane" in the real world. Unfortunately, sometimes an infection will misdirect your computer, sending it to the wrong websites. We can do a few things to stop that.
The HOSTS file is a file on windows that holds information about DNS entries on your own computer, it's usually used to bypass a normal DNS server for whatever reason. Unfortunately infections will add entries that make real sites redirect to fake sites... so we will delete the HOSTS file so that it cannot be used for evil. Your computer can work without it, and if it's needed it will be recreated later, but for now it can be considered dangerous.
Q - What's a tracking cookie?
A tracking cookie is not a virus, it will not hurt your computer. They are used by ads on websites for marking purposes. They record what "genre" of sites you generally visit (such as anime sites, military sites, car sites) so that the advertisements on a site know which types of ads to show you.
They do not record any personal information about you, they do not know who you are.
A cookie is a text file created by a website on your computer to store information about what you've done there. A text file is several kilobytes, which is one thousandth of a megabyte, which in turn, is one thousandth of a gigabyte. It would take millions of cookies to amount to anything that might slow down your computer.