Lollipop

Welcome to PcCare.com

HomeHelp DeskSupportSelf Help

 Virus infected Files

 

If you would like to pay for your virus removal, try McAfee Virus Removal Service, or a more afforable alternative PcCare.com

 

Step 1 
 
Prepare your system in case of system failure: Disaster Preparation
 
Step 2
 
Create a Bootable Windows PE cdrom  containing Sysinterals Suite 
 

Boot infected system from the PE cdrom.

 
Step 3
 
Create a list of unsigned executable files, list includes files which are executable but are not named with .exe extension. 
 
sigcheck -u -e -a -s c:\  > c:\temp\sigcheck.txt
 
Extact filenames for later comparison.

 

type c:\temp\sigcheck.txt  | find "c:\\" | sort > c:\temp\sigcheckFiles.txt  

 

Step 4

 

Remove PE cdrom and boot system into normal mode.

 

Re-run above command to determine files modified by virus.

 

sigcheck -u -e -a -s c:\  > c:\temp\sigcheckVirus.txt
 

type c:\temp\sigcheckVirus.txt | find "c:\\" | sort > c:\temp\sigcheckVirusFiles.txt  

 
Step 5
 
 

Copy sigcheck files to non-infected system containing an installed copy of the resource kit ( Vista , Xp ).

 

Compare sigcheckVirusFiles.txt and sigcheckFiles.txt with windiff. The diffs are files hidden/modified by the virus.

 

 

 

 

 

 

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. PcCare.com will not be held responsible if changes you make cause a system failure.

Please review our Terms of Service and Privacy statement before initiating service or using this site. Microsoft® and the Office logo are trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. PcCare Site Map. About Us