NOTICE: You Do NOT Have the Right to

Reprint or Resell this Handbook.

COPYRIGHT 2010-2014 TekTime IT Consulting LLC - All Rights Reserved







Disclaimer:

While every attempt has been made to verify the information provided in this publication, neither the
author nor the Publisher assumes any responsibility for errors, omissions, or contrary interpretation of
the subject matter herein. This publication is not intended for use as a source of legal advice. The
information contained herein may be subject to varying state and/or local laws or regulations.

The Purchaser or Reader of this publication assumes responsibility for the use of these materials and
information. Adherence to all applicable laws and regulations, federal, state, and local, governing
professional licensing, business practices, advertising, and all other aspects of doing business in the
United States or any other jurisdiction is the sole responsibility of the Purchaser or Reader.

The Author and Publisher assume no responsibility or liability whatsoever on the behalf of any Purchaser
or Reader of these materials. Any perceived slights of specific people or organizations are unintentional.

Any unauthorized selling, sharing, or use of this manual, is prohibited by law without expressed, written
consent from the author.








PREFACE

First, I would like to thank you for purchasing volume III of the PC Technicians Virus Removal Manual.
Without loyal readers such as yourself, the strategies, secrets and knowledge used to create this
publication would have been shared in vain.
If you own a computerwhich Im sure you doyou have at least HEARD of a computer virus, unless
youre in a third world country. Im sure you understand well; viruses are never created to spread
wealth and happiness to unsuspecting users!
Viruses are and will continue to be a problem in the digital world, due to the sheer amount of viruses
being written dailyto the tune of 35,000 new threats released dailyand they become more complex
with each passing year, making them more difficult to remove. Not only that, but malware is not limited
to just computer users per se; it affect servers, websites, entire networks and so much more in this era.
That being said, this eBook will serve as the perfect reference guide, in which to remove viruses, trojans
and other threats from a computer successfully and thoroughly. Regardless of that computers function,
from server to datacenter to home-level computer the solution is right here.
This handbook is not an ordinary eBook, and is definitely not fun to read, as a non-fiction novel or
other genre book may be. Unfortunately, I wont get into my background here, spilling the beans about
where I came from, my expertise, hobbies and habits. I decided to save that for my website! This manual
is strictly for helping others learn the methods and tools that I and various technicians have used, and
use, to become successful in defeating malware.
The strategies shared in this book are listed sequentially or step by step, and ideally, for beginners,
should be performed on a computer in the EXACT order and fashion as described in this book, with little
to no deviation, in order to achieve the desired end-goal.
However, it is possible for advanced computer users and technicians to skim through the book to utilize
the software links, or search for information that will enhance their acquired skill sets and increase their
knowledge banks.
If you are a beginner or a novice in virus removal and various technical modalities, youll benefit highly
from following each page from beginning to end, unless instructed otherwise within the manual. Have
any questions? Feel free to ask here!





Many of the techniques and software used in removing viruses from a computer are universal; in other
words the various techniques are known amongst thousands if not millions of computer technicians.
Please do not misunderstand the purpose of this book, in hopes of stumbling across the holy grail of
virus removal; there are no secrets being shared here. What makes this book extremely valuable is the
easy to follow, step-by-step, illustrated instructions combined with hyperlinks to FREE software and
UNLIMITED technical support. The techniques and tools highlighted in this book are the exact same
techniques and tools used by our technicians on a daily basis, for the purpose of removing malware
from computers and networks.
TekTime IT Consulting has a malware removal success rate of 99%. In other words, 99 out of 100
computer viruses are successfully removed without data loss or the need to re-format and reinstall the
Operating System!
Beyond that, we successfully remove malware from other networked devices, servers and websites
while enhancing security and preventing/minimizing future incidents. Keep in mind that data loss
resulting from malware infection may or may not be reversed; this fact needs to be communicated with
the customer or client before beginning any work to eradicate the threat.


OUR success equals YOUR success as long as you use the strategies and techniques written in this
book. There are many approaches possible when diagnosing, cleaning and preventing malware, but the
approaches used in this book may differ from what others may recommend.
For example, many technicians use a Rescue disk or CD-Rom/DVD-Rom that contains anti-virus
software and utilities. These disks are used to diagnose/clean malware before the computer boots into
its Operating System, and most contain bootable utilities to remove viruses that prevent booting
successfully.

NOTE: We will not use the Rescue disk approach in this book due to our strict policy of backing up data
prior to performing any cleaning, to avoid data loss and liability.

Since viruses become more and more complex as the years go by, virus removal software can work
perfectly fine today, yet fail to detect the threats of tomorrow. For this reason, virus software authors
are ALWAYS busy creating new application which will prove to be effective against the onslaught of
current viruses. That leads us to the next point.
THIS MANUAL IS UPDATED REGULARLY. Since you have purchased this manual, you will receive an
updated copyFREE OF CHARGEwhenever an update is released!!




Updates to this book will be released periodically as:
New virus removal software tools and utilities are released

New techniques in malware removal are discovered by our team

Revised methods of diagnosis/cleaning are learned by our team

New operating systems are released and information relevant to diagnosis/removal on the new
Operating System are needed

Any other information is discovered by TekTime IT Consulting that will prove helpful in removing
and preventing viruses.

The author decides to offer more tips, tricks and solutions to your technicians arsenal, and to
provide more value than you paid for!

Computer technicians getting into virus removal will find that this eBook will pay for itself hundreds if
not thousands of times over, just by utilizing the methods described when cleaning your clients
(or future clients) computers.
Remember, we provide full technical support to the purchasers of this manual, so feel free to contact us
if you come across any issues while removing malware, or if you would like assistance. We will respond
to your inquiry within 0-3 hours! See you on the other side!













TABLE OF CONTENTS

Chapter I: Whats A Computer Virus & What Are Symptoms of Infection?
Defines computer viruses and lists many common symptoms associated with computer
infection.

Chapter II: Preparing For Virus Scanning & Removal
Details on the preparations needed to prepare a computer for virus scanning, including the
precautions necessary to protect the users original data, from becoming corrupt or deleted.

Chapter III: Scanning For Threats
Learn which antivirus programs are available for free, where to download them, which ones we
recommend as most effective, and the steps necessary in scanning for malware.
Learn how to accurately scan a computer, to avoid the chance of not detecting malware that
resides on a computer. Also, learn how to avoid false positives when scanning for malware, to
prevent deleting critical system files or other precious data.

Chapter IV: Reversing Malware-Changed Settings
Learn how to search for malware in common places, as well as how to locate hidden malware.
Learn the various settings that malware typically changes, which affect a computers reliability
and ability to operate. Learn how to revert back to the original healthy settings.

Chapter V: Removing Malware That Kills Software
Learn the behavior and characteristics of malware, and how many types can be eradicated
using manual techniques and software tools. Learn which software tools can be used to kill
malicious processes while they are running, even when they resist killing, renaming or deletion.
Learn how to discover and remove malware that clones or copies itself.



Chapter VI: Rootkits - How to Detect & Remove Them
Learn how to identify rootkits by using specialized software to locate hidden files and processes,
that wouldnt otherwise be detectable using conventional, consumer-grade software products.
Learn how to identify if a rootkit is actually harmful as some pose no threat at all.

Chapter VII: Confirming Full Removal of Malware within a Computer
Learn how to check a computer to ensure that malware has been removed, and all traces of
viruses, trojans, spyware, rootkits are eradicated and cause no harm to an otherwise healthy
user experience.

Chapter VIII: Safeguards to Prevent Malware Infection & Compromise
Learn methods to secure a Windows computer from malware infections, external exploits, and
how to minimize or prevent malicious behavior in the event an infection occurs. Learn how to
prevent malware and other threats from executing real-time changes on a computer.

Chapter IX: How to Scan Networks for Malware & Hacker Activity
Learn how to scan individual computers and networked computers for incoming and outgoing
threats with harmful intent. Obtain details on scanning an entire network for malware, and
safeguarding against infection across a network of computers and devices.

Chapter X: Locating & Removing Malware on Servers & Websites
Learn methods to scan for malware on various types of servers, and how to locate malware or
malicious code located within a website. Learn how to secure a website immediately after it has
been infected; how to scan for hidden code and encoded script located within web pages and
directories, and how to safeguard against future incidents.






I. Whats a computer virus & what are the symptoms?

A computer virus is a computer program that can, for the most part, copy itself and infect a
computer. The word malware is used as a general term usually, to describe many types of
infections which can and will compromise a computer and its data; these include viruses,
worms, Trojan horses, rootkits, spyware, adware, scripts and more.
Malwareusually spread by unsuspecting computer users who: click on a link, open an email,
transfer media from one computer to another using an external drive; or do to exploits used by
hackers and external threats to compromise a computer. Malware may corrupt or delete the
data on a computer or use the internet to spread to other computers via email, peer to peer
software, websites, code injection, etc.
Trojans and worms are usually created for a specific purpose, such as stealing data, controlling
a computer, sending emails to a spam list, tracking a users habits, causing fake alerts
prompting the user to spend money to clean the infection, and more.
Viruses are created to cause harm to a computer. Deleting files, rendering a hard drive
unbootable, causing a computer to restart constantly; are just some of many examples of
malicious virus activity. Trojans and worms can often be called viruses simultaneously.
Rootkits enable continuous administrative level access to a computer, while hiding or
cloaking its presence from the user(s). Rootkits are often extremely difficult to detect and
take a higher level of knowledge to detect, remove and prevent. These will be explained in
more detail later in this book.

There are many symptoms which could indicate a computer is infected by malware; this
includes but is not limited to the following:
Antivirus software indicates a virus infection on the computer/server
The computer restarts randomly and unexpectedly
The computer will not boot into Windows even though no software was installed nor
updates performed
Windows task manager will not open
Windows does not startup, and a message is shown stating: system files are missing.


Low memory errors pop up even if there is no memory true memory problem
You get random BSODs (Blue Screen Of Death)
Your computer seems to move very slowly, and your task manager may indicate high
CPU usage, even when you are running no programs at all (i.e. 100% CPU usage)
The computers starting or loading time to get into Windows takes excessively long.
Constant pop-ups are appearing and/or browser re-directs (being unintentionally
directed to other web sites than those youve selected)
People are receiving emails that you dont recall sending
Your broadband modem is showing traffic activity, when you aren't using the internet
When new programs are installed, they either dont work or have constant problems
You are suddenly receiving more spam to your email inbox(s)
Programs that are installed are instantly deleted
Documents and files disappear (deleted)
Windows updates will not install successfully
DVD and CD-Rom drives open and close by themselves
Sounds may play randomly, from the computer speakers
Files and folders will not open at all
WINDOWS SECURITY CENTER has been disabled
WINDOWS FIREWALL or other third party firewall software has been disabled
Instead of logging into the desktop with icons after the Windows splash screen, the
computer just shows a black screen and cursor.
Windows password(s) have been changed without the user(s) doing so
Software, files, pictures, music, video etc; start to open/run without the user
commanding those actions.
A computer will not boot up after powering on. (rare cases Boot virus)


You get you are infected pop-ups, by an antivirus program that you never installed.
You get a constant blue screen with the error: IRQL_NOT_LESS_OR_EQUAL
Your desktop icons, folders, files and documents have disappeared (hidden)
You see the hard drive activity light blinking, but no programs are running at all.
LAST DATE MODIFIED is showing recent dates for software that you havent accessed
recently (in your Windows directories).
Changes in file sizes occur for no good reason; for example a 5MB file now reads as 1K.
Your hard drive space diminishes rapidly without anything being downloaded or
installed by the user
The printer is connected properly and operating, but you cannot print
You notice software icons on your desktop that you didnt install
You are noticing more emails in your inbox related to your interests, however, you
rarely share that email address with anyone.
You receive a call from your ISP (Internet Service Provider) stating theyve received
complaints stemming from your IP address.
Your website has been hacked, or spyware is found on your website (for instance,
Google often sends alerts to the administrators account when this happens)










II. Preparing for virus scanning & removal

Digital data is consisted of binary codes, which is essentially 1s and 0s, translated (encoded)
to be used by the CPU. Digital data should be treated as highly fragile, or non-existent,
whenever it comes to performing any type of work on a computer that involves the hard disk.
Removing malware should never be attempted without preparation, to ensure that in the event
of a mistake or data corruption, the computer can be restored to its original format; this
translates into preservation of settings, documents, files, profiles, databases, etc.
At TekTime IT Consulting, our policy is preservation of data prior to ANY work being performed
on a computer or network. Therefore we use software which allows us to clone: to make an
exact copy of the customers hard drive, which will be used for the purpose of restoring, in the
event the computer becomes unbootable or important files are deleted along with the virus.
Here are the tools we gather prior to beginning ANY work on a personal computer:

SATA or PATA USB Hard Drive Enclosure (3.5 for desktop drives, 2.5 for laptop drives)
A hard drive to use to store the temporarily backed up/cloned data; 500GB+ preferred
NOTE: An External USB Hard Drive can be used in replacement of the two above.
A USB to IDE/SATA Adapter, can be used in replacement of a USB Enclosure.
Software with the capability to clone hard drives. We currently use Acronis True Home
Image 2012.
Since there are several different brands and types of backup software on the market, we are
unable to illustrate how to create a clone of a hard disk, since all software has different options
and menus. If you would like to know how to make a cloned copy of a hard drive, onto an
external drive please email us at support@time4tech.com, and mention the software you are
using or would like to use. Too lazy or tired to do that? Just click here to email us! We will
provide you step-by-step details within 0-3 hours of receiving your email.
All compliments of TekTime IT Consulting for buying this handbook!
Now that youve created a perfect, BOOTABLE backup of your or your clients data, its time to
verify the integrity of the clone copy. Continue reading on the next page


Preferably, the hard drive of the customers is the same size drive and type as the backup drive
you are using. If so, you just need to plug in the clone copy, and proceed with the process of
booting into Windows. If it boots successfully with the same exact information and setup as the
clients computer, the data copy is ready to store in a safe place, in case future use is needed.
Remember to store this drive in a place free of direct sunlight, moisture, shock, and/or any
other threat which could damage a hard drive.

NOTE: Strict data security measures should always be a policy, so ANY data copy made of a
clients data should be IMMEDIATELY destroyed (drive reformatted) after the computer or
problem is successfully repaired and the customer has signed off on the repairs as being
satisfactory.
______________________________________________________________________________

UNDERSTAND THE RISKS OF REMOVING MALWARE!

Removing malware does have a set of risks that should be acknowledged prior to beginning any
virus cleaning, on any computer or network. Since we encourage backing up data stringently,
these risks should cost you nothing in the long runjust time! Several risks are, but arent
limited to:
Inability to boot a computer successfully upon removing certain types of malware. Since
many viruses replace critical system files with infected files, removing those files will
cause problems with stability or reliability due to important files having been deleted.
Upon successfully removing malware, a computer may become unstable, and could
crash randomly, restart randomly, or have many other symptoms that arent considered
normal operation. It is always wise to prepare for unusual activity, such as programs
that wont open or crash unexpectedly, random errors and other problems that cant be
predicted.
Inability to access the internet and/or the local network. Many types of malware can
and will change: proxy settings of various browsers, change TCP/IP settings, host file
settings, firewall settings, router settings and much more. After removing a virus, you
may find that the computer can no longer access the internet. There are various ways to


troubleshoot a computer that cant access the internet due to malware [removal], but
we wont cover all of them in this handbook, to save time and avoid boredom!
Ancient Windows XP computers which were infected with malware may have damaged
WINSOCK files. If you remove viruses on an XP computer and cant access the internet,
download Winsock Fix by clicking here. That usually does fix the issue; if not contact us!
Inability to access Internet Explorer and/or download Windows updates. So many types
of malware tend to target and infect poor Microsofts software. Often enough, Internet
Explorer will display a Page not found or similar message when attempting to access
the internet after removing a virus. If you encounter problems accessing Internet
Explorer after removing a virus, feel free to email us at support@time4tech.com. We
will have an answer (or assistance) to your problem within 0-3 hourstotally FREE!
Inability to install software. Many threats also attack the .MSI installer which is needed
for Windows to install and uninstall software. There are also ways to get around this
problem so feel free to contact us if needed at the above address for a quick solution.
________________________________________________________________________

PREPARE FOR SCANNING!

1.) Disconnect from the internet. Malware can connect to the internet, update itself when
needed, and proceed to download more malicious software from the internet; upload
sensitive data to the internet (i.e. sensitive client information and company-critical
database records) and much more. As well, if there is a network present with other
computers attached, those computers could become infected as well. Always
disconnect the internet as a first step to prepare for scanning a computer infected with
malware. If youve created a subnet, you can connect an infected PC to the Internet
with less chance of incident. Otherwise, All PCs connected to your network should also
be disconnected.
2.) Create a current Restore Point. Open SYSTEM RESTORE (System Protection in Vista and
Windows 7). Create a restore point for the current day in which the virus is being
removed. A current restore point will aid in restoring the computer to its original state
in the event there are problems encountered during or after the cleaning.


3.) Remove all writable media. Disconnect all memory cards, external USB drives, and
other storage devices from the computer. Viruses tend to spread easily to drives and
media connected to an infected computer, so its best to disconnect any to lower the
risk of spreading the infection.
4.) Create a cloned copy of the suspected/infected hard drive.
Attach the external USB backup drive to the infected (or suspect) computer. At this
point, you should have your Cloning Software as noted earlier, ready to create a
cloned copy of the hard drive in case something bad happens during the process. We
wont cover the cloning process in this eBook, but feel free to email us for FREE
assistance if needed, to complete the cloning process.
NOTE: If you elect NOT to clone the drive, you may be liable for loss data!!
Please remember that due to viruses and other errors, it may be possible that a drive
will not clone. In such an instance, manually backing up important data is needed.
NOTE: You MAY need to reference item#5 - below, to create a clone copy of the hard
drive, as it is sometimes not possible to clone a hard drive via USB, while it is
connected to the source computer. In that scenario, attach the backup drive to a
master computer, and then attach the infected drive to an additional enclosure, to
create a copy. Two USB enclosures (or adapters) will be needed in this situation.

5.) Remove the infected hard drive from the computer.
Carefully remove the infected drive or the drive that you would like to scan, from the
computer. Whether a laptop or desktop, hard drives are very straight forward to
remove, and require a Phillips head screwdriver, anti-static surface and a bit of
patience!



NOTE: Its best to use a static free wristband when working with hardware
components to prevent electrostatic damage, but working on a wooden or non-
conductive surface will help greatly, as well as resisting the urge to work on a computer
in a carpeted room.
Next, attach the hard drive to the USB Hard Drive enclosure. Example enclosures are
shown below for your reference. Notice the differences between a laptop enclosure and
a desktop enclosure.

Desktop Hard Drive Enclosure:


Laptop Hard Drive Enclosure:



Once the hard drive is connected properly and plugged in, the drive is now ready to be
attached to a different computer; that contains the needed scanning software. Now you
have completed the Preparation process.
NOTE: If you do NOT want to use an external USB drive, and you dont feel comfortable
removing a hard drive from a computer, that is totally understandable. To scan a
computer for viruses that will not allow software to be installed, or that doesnt boot,
you will need to use a rescue disk to boot the computer and scan for malware outside
of the Windows Operating system.
We will discuss rescue disks in an update to this manual - in the near future. In the
meantime, please feel free to email us for any assistance with creating/buying a rescue
disk to scan a PC for malware!
Also, you should perform a manual backup, by copying and pasting the files from the
computer you are working on, to an external media such as a CD, flash drive, etc; to
safeguard the clients important data in case the computer no longer boots during or
after the virus removal.
Performing Manual Backups:
Files that you want to copy and paste include: My Videos, My Music, My Documents,
My Pictures and bookmarks, as shown on the next page.

Next, search for any music, picture, video or documents that may be on the computer
and not saved in the various MY folders.
Click on Start on the taskbar, and click Search.


Next, choose from the selection of options (shown on the next page is a picture of the
search box in Windows Vista and Windows 7, for reference; XP will appear differently).
Click the first option shown below: Pictures, music, or video

Next, click on all of the boxes as shown below, and then click on Search



Now, you will notice ALL of the pictures, music, and videos on the hard drive will start
showing in Windows Explorer. Allow the computer to scan for ALL of the files until it is
completed. Once it is completed you can Copy and Paste the files onto the USB backup.

Now, repeat the same process as you did when searching for music etc, but choose:
Documents (word processing, spreadsheet, etc.)
Next, allow the computer to search for documents the same as when you searched for
music, video, pictures and other files. Copy and paste what is found onto the USB
backup drive. Repeat this step for ALL FILES AND FOLDERS next, and then you can
manually search for any other data the user may need such as web browser bookmarks,
.exe files, etc. Once you have backed up all of the data manually, you are ready to scan
for viruses!
Please remember that the manual backup method is used as an alternative to using the
external hard drive enclosure and cloning a drive, to preserve data.
IF YOU DONT NEED TO BACKUP, OR CANT BACKUP FILES, AND YOU ARENT USING AN
EXTERNAL HARD DRIVE, YOU CAN STILL REMOVE MALWARE WITH A VERY LOW
CHANCE OF DATA LOSS. DO NOT PROCESS TO THE NEXT CHAPTER. INSTEAD, CLICK
HERE.



Sorry!


Unfortunately, this is the end of the PC Technicians Virus Removal
Manual Version 3.1 sample.

_________________________________________________________

Click here to purchase the full version!

Youll have full access the remaining pages, resources, unlimited technical support and
unlimited updates that we offer!


Thanks again for taking interest in this handbook. See you on the other side!



Sincerely yours,

Jarvis Edwards - Author