Preparation
Disconnect the infected machine from any and all computer networks (the Internet and/or Local Area Network).
If possible use a PS/2 based mouse and keyboard rather than USB (if you have to boot to DOS or Linux there may not be USB drivers). Have as many of these programs ready to run off removable media (floppy, CD, USB flash drive) as you can. It is best to run this software from removable media both to insure it is not compromised and because some malware may prevent the use of equivalent Windows based software on the infected machine.
- a disk imaging program
- a program to control auto-started programs such as autoruns
- a process monitor such as process explorer
- McAfee AVERT Stinger for virus removal
- a utility to disable Browser Helper Objects (BHOs) The one I used to use has been discontinued and Windows XP SP2 can do this as can the autoruns program discussed below.
If possible download a Windows/software firewall, such as ZoneAlarm, on another computer and store it on removable media such as a flash drive. Likewise, the trial version of an anti-virus program such as NOD32 or Kaspersky is good to have on hand.
And speaking of firewalls, if there is a broadband connection, it can't hurt to have the machine positioned behind a hardware firewall such as that found in normal ordinary routers from Linksys, Belkin, Netgear and the like. There is nothing wrong with a software firewall such as ZoneAlarm but two levels of protection better than one. I suggest using a router just for its internal firewall even if there is only a single computer connected to the Internet. Wired routers offer a bit more safety than wireless routers and although they may be harder to find, they do still exist.
