User:Bit By Bit Solutions/Virus removal

Introduction Background Computer viruses are the foes of every computer user. The harmful effects of viruses have dramatically increased the need for users to protect their computer devices in order to limit their exposure to attacks. Specifically, computer virus threats have accelerated since the revolution of the internet and electronic communications (Antivirus World). As technology continues to change, various new forms and methods of computer attacks will evolve as well. In fact, a computer security firm reported that since December, over four hundred firms have already altered their websites due to computer virus threats (Ralis). McAfee, a leading antivirus software company, reported that in 2009, computer hackers targeted client software products, such as Adobe Reader and Flash. The prediction for 2010 viruses is expected to aim towards social networks (Perone).

This manual is designed to assist in reducing the significantly growing and evolving cases of computer viruses apparent amongst university settings. With the increase threat to social networks, college campuses and students are especially at risk. Sophos, another antivirus software publishing firm, explains in an IT security report that viral attacks on social networks are already up 70.6% from last year (Sophos). With over 350 million users on Facebook, this networking site is expected to be targeted the most, followed by MySpace and Twitter. McAfee reports confirm these fears by explaining the relative easiness for hackers to gain user information compared to other networks. When applications are downloaded on Facebook, intruders can access account information from user profiles (Magid). With the majority of Facebook and MySpace users being college students, they will most vulnerable to attacks.

Antivirus software has become an essential for computer users due to the increasing risk and strength of computer viruses. While the cost of purchasing software is relatively inexpensive, for example, McAfee advertises total protection packages starting at $50 for one year, the cost for repairing infected computers are not as lenient (McAfee). At the University of Louisville, the Geek Squad offers software repair starting at $199.99, a significantly lower cost than the major computer repair companies in the area (Geek Squad). An infected computer can pose as a major inconvenience to college-level students, who typically rely on computer technologies for their course studies. In addition, as these students are characteristically generalized as low income, low budgeted consumers, repair costs can become a financial burden, especially as the necessary and common expenditures for college students continue to rise. These cost factors include, but are not limited to, the cost of tuition, textbooks, and housing,

This manual assists students in removing computer viruses. By allowing this group of users to repair infected computers without the need to rely on repair servicing companies, this manual serves the convenience needs and cost savings aspects of college students. This manual is intended for the removal of basic malware and viruses that are common today. As the technology behind viruses grow and evolve in the years to come, new manuals will be needed to address those issues. History of malware infections Any computer owner is familiar with the term “computer virus.” These damaging programs can make their way into a computer through many outlets. Once they implant themselves, the extent to which the damages that can be done are almost endless.

The very first reported computer virus was called Elk Cloner. It was written by Rich Skrenta in 1982, and it was the first virus to appear in a computer other than the one it was created in. Skrenta’s virus was created to infect Apple DOS operating systems. In order to hack into outside computers, it attached itself to floppy disks and once implemented, it attached to the operating system as well. The second known computer virus was titled, Brain. It was created in 1986 by Basit and Amjad Farooq Alvi as a tool to prevent pirated copies of their computer programs. Their invention, however, turned out to be a boot sector virus, and it infected the pc’s of individuals who used the Alvi brothers’ programs (Antivirus Ware).

In the 1980’s, computer virus characteristics were associated with the increased use of the Bulletin Board System (BBS), where computer software was ran in which users dialed into the system over the phone. BBS contributed to spreads of Trojan horses, which were typically created to target major software traders. Also, modem use and software sharing were contributing factors to viral infections. Before the internet became so widely used, viruses were commonly spread by infecting hardware or removable computer media. When floppy disks were once the main source of sharing and transporting information, viruses would appear most often in information and programs that were installed on these devices. From hardware, early viruses would proceed to mainly target operating systems after being installed (TopBits).

In the 1990’s, the presence of macro viruses grew. In fact, some versions of Microsoft Word were infected by macro viruses and would allow the infection to multiply. In effect, viruses were created to infect programs such as Word and Excel, and they would use Microsoft Office as an outlet of transportation. As the internet became more widely used, the spread of viruses grew tremendously. Viruses were able to spread more easily, such as in a web address link on an instant messaging program (TopBits).

With the even more widespread use of the internet today, viruses can spread at an incredibly rapid rate and through various means. The use of the internet remains as the top contributing factor to the widespread appearances of viruses. As technology advanced and increased in speed and efficiency, viruses evolved as well. Today, viruses commonly make their way into computers by attaching themselves to materials that are downloaded and sent over the internet. By 2005, the viruses being spread using cross-site scripting became apparent (Adware). This infection is usually found in web applications, such as those found on Facebook and MySpace, and they allow attackers to contaminate other computers by bypassing various access controls, such as the same origin policy. As of 2007, Symantec, an anti-viral software producing and researching company, reported that cross-site scripting through means of the internet accounted for approximately eighty percent of all security vulnerabilities that were documented. In addition, the extent of damages that can be produced by these popular viruses can range from small peeves to major pc threats (Symantec).

As technology continues to grow and constantly change, it is predictable that the types and strength of viruses will as well. Preventing viruses continues to present itself as a challenge, and in response, the technology for anti-virus systems is constantly changing and upgrading as well. In addition, education of virus prevention for computer users is extremely important in stopping virus infections before they arise.

Warnings and Safety Instructions As working with anything of importance, like photos or power tools, you always want to be careful as not to make unchangeable mistakes. This section will explain some of the warnings that one will come across when using this manual. A brief section about computer backup is also found within this section.

Warning Icons Below are some of the warning icons found in the different sections of the manual. Each icon has a different meaning, so when you see these icons, take your time in that section. Interesting fact This step can cause harm to computer if performed incorrectly This step will cause harm if performed incorrectly

Backup your Data! If you believe that you have a virus on your computer, do not use an external hard drive or thumb drive to back up your data. While infected and attempting to back up data using these devices, the virus can jump from your machine to the backup device without knowing. Even if you successfully clean your computer, the next time you plug these devices back in, the virus will jump right back on the computer. In this case, you should burn cds/dvds with your necessary information.

If you know you only have adware on your computer, such as a program popping up and asking you to buy it, then you should be able to backup your data normally onto a external device. Due to the possibility of data loss from contacting viruses or power failures, one should periodically save their important files to a DVD, external hard drive, or a data backup site like Carbonite, so that if the worst happens, you will still have a copy of your important data.

Things to know This section of the manual will explain how to check file sizes and identify its creator. The section will cover common locations that malware installs too as well as how to use a feature of Windows called Safe Mode.

Checking Files When checking files, all that is needed is to right click on the file and choose properties. Once the properties window opens up, select the Details tab and make sure the file is verified. To do this, you will look at the Copyright line and the location of the file, and then go to Google and search for the file name. There are plenty of sites that will tell you who real owner of the file and where the file should be located. If either of these do not match what the site has listed than the file is possibly a piece of malware. This verification process is almost impossible to fool, but as a precaution, check the size of the file as well. Files located in C:\Windows or C:\Windows\System32 folders almost always belong to Microsoft and should have the Microsoft copyright listed.

Figure 1- Properties of a file

It is also important to note the version of the file as updates and service packs can change the file size. A perfect example of this will be the file Explorer.exe. This file changed in all three service packs of Microsoft Windows XP, so do not start deleting files until the version has been verified.

Basic file & Registry locations When a computer is infected by malware, the computer will show signs, like slowing down, certain functions have been restricted, and weird files start appearing. The following will show you how to identify if the file is legit.

Basic File Locations Malware and viruses will install files onto your machine. These files have multiple purposes, such as sending data to unknown sources, recreating the malware if it is removed, and ultimately shutting down policies that tell the computer how to function. The most common places for these files to be installed to are:

•	C:\ (Root Directory) •	C:\ Program Files\ •	C:\Windows\ •	C:\Windows\system32 •	C:\Windows\system32\drivers

When Windows XP came about, malware started to install its files into two new locations besides the ones mentioned above. These locations are:

•	C:\Documents and settings\(Username)\Application data\ •	C:\Documents and settings\(Username)\Local settings\application data\

With the release of Windows Vista and Windows 7, three new locations appeared.

•	C:\Users\(Username)\AppData\Local •	C:\Users\(Username)\AppData\Roaming •	C:\ProgramData\

Sometimes files are hidden in the above location and you will need to unhide them to check the properties. To unhide files, you need to make sure that the option for “View Hidden Files” is checked.

•	Click Start, and then click Control Panel •	Click Appearance and Themes, and then click Folder Options •	On the View tab, under Hidden files and folders, click Show hidden files and folders

Basic Registry Locations Another place malware and viruses love to hide is called the Registry. The Registry is a collection of commands and information that Windows continually accesses while running. If any entry within this collection is missing, corrupted or set to a different value, the computer will not perform correctly. Below are some of the common locations where entries are added, deleted, and changed.

HKEY_LOCAL_MACHINE\Software HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce HKEY_CURRENT_USER\Software HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce What is Safe Mode? Safe mode is a great built in feature that all versions of Windows have. It allows the machine to startup in a basic mode that loads only the minimum drivers and services that Windows needs to be able to function. This means that audio will not work, video is reverted to a generic driver causing your icons to become larger and Internet and network access will not work. In Safe mode, Windows will not allow for most malware to load. If network and Internet access is needed, there is a separate option called Safe Mode with Networking. To access Safe mode, you will need to start tapping the F8 key as soon as the computer is turned on. You will then be brought to something similar to this, depending on your version of Windows.

Figure 2- Advanced startup options The best selection for troubleshooting is Safe mode with networking since it loads up the essential drivers for connecting to the internet. Once you make this selection a screen will appear listing what files are being loaded. After this screen disappears, a warning screen will appear indicating that you are now in Safe mode.

Figure 3- Warning popup for Safe mode in Windows XP Click yes and then you greeted with an odd looking version of your Windows desktop. This version gives you most of the same tools and functions that normal Windows has. Tools of the Trade This section will discuss what tools are currently apart of Microsoft Windows operating systems as well as provide recommended freeware applications that will assist in the removal of malware. All applications within this section are FREE and do not require any money to use them.

Device Manager

The device manager is a tool that shows you what components make up your computer as well as what devices are currently not functioning correctly. To access the Device Manager, right click on "Computer" or "My Computer" and click manage. On the left pane, click "Device Manager." Click "View" on the toolbar and then click "Show Hidden Devices." What you are looking for, are any devices that pop up with a yellow exclamation next to the name and little icon as in the screen shot below. Most of these you simply want to right click on and click "Uninstall." Figure 4- Device Manager MSConfig

Sometimes malware will create a service that starts when you startup the computer. To correct these services, you will need to click on Start and then go to RUN. Type msconfig and hit enter. This will launch Windows Startup Services. This is a built in Windows tool that allows you to enable or disable services and programs that start when the computer starts. This is useful for any situation because it can be used to stop unnecessary processes from starting. Figure 5- MSCONFIG in Windows 7

In Windows XP, click the button for "Check boot.ini." If it says it needs changes hit yes. Check Services and Startup for any malware. Go to the Services tab and click the “Hide all Microsoft services” box. This does what it says, it allows you to look through the non-Microsoft services easier. There are infections that disguise themselves as Microsoft services but it can’t be determined if they are malicious are not with this tool and it will be discussed later.

Things in here will mostly be obvious. Items starting from "Documents and Settings", "Users", “ProgramData", or any temporary directory will almost always be infections. Malware will sometimes have randomly generated entries and sometimes simply include random numbers in their filenames. If anything is unsure, use Google to find out information about the process.

Task Manager

This is a list of all the current running programs on your machine. To access this you can either press CTRL+ALT+DELETE or CTRL+SHIFT+ESC. For Windows & and Vista, make sure the option for “Show processes from all users” is selected. To use the Task Manager effectively, you will need to be familiar with normal Windows files so that you can discriminate the bad from the good. Lots of malware will have the random file names. If you are not sure about the file, go to Google and enter the name and search for info about the files.

Figure 6- Task Manager HiJack This This is a great tool that simply takes time to get used to. First time users will more than likely be overwhelmed by the lines of entries that this program is able to read.

Figure 7- HiJackThis Users need to go through and look for odd or unnecessary entries. Simply read the entry and try to determine what it is for and what it is doing. Let’s examine the highlighted file. Its entry is located in the HKCU\..\Run which really means the following location, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Most developers make their files so that it is relatively easy to determine what the file actually is and who it belongs to. In this case, they have the name right in the front to show that this is not malware. However, many developers seem to leave a lot of designations for their file names, making your work cut out for you.

Figure 8- Results of a HiJackThis scan On your machine you will see entries that you have no idea what they are. Look at what it is, and determine where it is coming from and what it is doing. In this case it is a service, from an unknown owner. Does the file location ring a bell? Is this a program you recognize and remember installing? Do any of the words or letters in the folders or filename seem familiar? For example, the item “mysql,” belongs to database program. The next thing to do is to determine if this is an executable file or part of that software? You may want to search for mysqld.exe on the web for additional information before you remove the entry. Below is an example of what might appear when searching for info on a specific file.

From File.net mysqld.exe file information The process belongs to the software MySQL Servers and Clients or mysqld.exe or XAMPP or 2X ThinClientServer or Namo WebBoard or sugarMysql or Apache2Triad: apache server or Scrutinizer NetFlow Analyzer or SlimServer or T3 Pro MySQL or SugarCRM on FastStack or Virtual Chemistry Lab or EasyPHP 2.0b or SqueezeCenter or ZRM Windows Client For MySQL by MySQL AB or TISS MSC or Zmanda. The file is just from a database management program that was installed for work. This basic researching method needs to be used until you are comfortable with simply scanning through and seeing if anything looks out of place. Some good places to check are: 	File.net 	Neuber.com 	liutilities.com 	fileinspect.com These are online communities that have files submitted to them and determine if they are malicious or not. If you simply cannot find the file anywhere on the web, then it is more than likely a virus. Almost every single program has some form of documentation or process that is listed somewhere, whether it be in a forum or from one of these sites and it should come up in a search. Dial-a-fix (Mainly for XP and windows 2000) Dial a fix is a great little tool that carries out automated tasks that one would normally have to remember all the command lines for. It does things like repair permissions on files, start/restart services, fix Windows updates, as well as flushes your icons when they go missing for no reason. One of the greatest things about Dial-a-fix is its quick ability to analyze unusual policies. Policies control how your computer works. Figure 9- Dial-a-fix main window

To start the repair process, click on the hammer and then click on repair permissions.

Figure 10- Dialafix tools window After that, simply click the green checkmark to select all items and then click go. After this is done, click on policies and remove anything in here, unless you have specifically enabled a policy.

If you have the correct Windows installation disk for your system, consider running the system file checker (SFC) flush and SFC scan. This can be run either by clicking the hammer icon or by using the command line. To run from the command line, click on Start and then go to Run. Type CMD and hit enter. Now type “SFC /purgecache” and hit enter. This will delete any temporary files that are stored so that if the SFC finds any violations, it will copy it from your known good disk instead of an infected file for repair. After this scan completes, type in “SFC /scannow” and hit enter. Windows will probably ask you to put in your Windows disk to copy some files.

The RUN prompt can also be quickly access by holding the Windows symbol and the letter R.

Pre-Environments (PE) A pre-environment or PE is a very useful tool that can accomplish all sorts of tasks. If a computer does not start up into Windows, whether it be from a software issue or a virus, you are going to need a PE. This allows you to boot from a cd/dvd or an usb drive, and depending on the PE, have a Windows like environment. PEs do not use your installation of Windows to run. The PE is running from an un-writable source so that it makes it a perfect tool for recovering data, or removing deeper level viruses. For beginners, the best Pre-Environment is Bart's PE. This can easily be found with a quick Google search. Types of Infections The two basic classifications of malware are spyware/adware and viruses. They are both files that can harm your computer in terms of speed, normal use, and data retrieval. Viruses are simply files or programs that try and replicate themselves while at the same time, hindering different abilities of your machine. Adware or spyware are files or programs that do things similar to what their names imply. They install to your machine and either cause pop-ups, or redirect your web browser to different sites in order to try and get you to buy their product.

There are many ways to remove infections, and the difficulty in removal varies greatly by the type of infection. One of the most commonly seen infections at this time are rogue antivirus/rogue antispyware products. These will pop up, mimic a virus scan on your machine, and say you are infected and at risk for data loss. Sometimes these programs will say "Your machine is at risk of being used to help terrorism, purchase this program to stop this from happening." The reason these are so prevalent is that people are actually buying these things and give the creators of these their money.

Another type of infection is a Trojan. This is an overly used term that has now incorrectly encompassed all types of infections. When thinking of a Trojan virus, think of the Trojan horse used at the city of Troy. However, instead of being chocked full of soldiers, it contains files that create a means to open up the door to your computer to download different pieces of spyware to your machine. There are even Trojan downloader files that download other Trojans, greatly speeding up the rate at which your computer goes downhill. Malware removal Steps to remove malware Time to Get Started! WARNING! You are about to modify/delete files and possibly corrupt your Windows installation further if not done correctly. Before you begin, it is highly recommended that you make backup copies of your files that are viewed as important or valuable as these procedures can cause problems if not followed correctly. Once you know you’re infected, following these steps will give you a fighting chance against the infection.
 * NOTE* Any steps with an * by them require an Internet connection. If you cannot connect, try steps 7-11 and advanced steps “Reset Network Stack” first.

1.	Boot the computer up into Safe mode with networking. (Press F8 repeatedly right after turning the        machine on). 2.	Click start and then run (Or windows key and R simultaneously) and type msconfig. Use msconfig to check startup entries and uncheck any known malware from starting. 3.	If malware is found in startup, try and determine the location and delete it. 4.	Using run, type regedit. Right click on HKLM and then click export. Save the file to a place that you will remember and name it something like "HKLM backup." Do the same for HKCU and name it "HKCU backup." (HKLM is Hkey_local_machine and HKCU is Hkey_current_user) 5.	After successful backup, you need to check the basic registry locations that are listed in the previous section. Delete any obvious entries here. For instance:
 * NOTE* If task manager or any of the applications that you are going to try and run in the following steps come up with a “(this file) has been disabled by your administrator” or “Cannot find (this file)” you need to hold CTRL+SHIFT+ESC AS SOON as the computer turns on. This will allow you to use what you have learned looking for questionable processes running via task manager and end them. Knowing these file names should also help you remove the infections.

Figure 11- Registry entry viewing with regedit.exe Take notice that it looks like someone just randomly pressed keys while naming this entry. Any unknown entries need to be researched on Google. 6.	Go through My Computer or Computer (depending on OS), and look through files. Make sure hidden files are able to be viewed (see checking files) and then check the common file locations listed in the previous section. If you saw where bad entries were starting from, check their folders now. One of the easiest things to do is to list the files by latest modified date. Use what you learned in the previous section to determine what files do not belong. 7.	See “Device Manager” section and remove any drivers with yellow “!” by them. Also note your network device to see what type/s you computer uses. 8.	See “Reset Internet Explorer Settings” section and perform this action 9.	Go to control panel and go to Network and Internet Connections (XP) or Network and Sharing Center. You need to go to "Network Connections" or "Adapter Settings". Once here, right click on your primary connection and go to properties. You should see something similar to this:

Figure 12- Network Adapter Properties 10.	Click on "Internet Protocol Version 4" and click properties. Make sure that "Obtain IP address automatically" is selected. (Unless you know what you're doing). If you don't have "Internet Protocol Version 6" on here, then click install, protocol, and then select it and have it install. 11.	If you continue to have issues connecting to the internet, make sure you have a copy of the drivers from the manufacturer’s site and then uninstall/reinstall the drivers. 12.	*Download dialafix and run it according to the previous section. If you can download and run this, skip the next step. 13.	In the command window (Window key + R or Start => RUN => CMD) type secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose and hit enter 14.	*Download Hijackthis and run it according to the previous section. 15.	*Run Trend Micro's online scan 16.	Restart the computer, and let it start up normally. 17.	If the infection isn't obviously still here, open regedit again and check HKEY_CURRENT_USER and double check the other basic registry locations. If the infection is still here, press CTRL+ALT+DELETE and try and see if you can tell what the file is called and end its process. Then if possible, use the filename that you find to help you locate it and delete it. If task manager doesn't run, or it simply says it's disabled, restart the computer into Safe mode. Once back in Safe mode run the programs Malwarebytes antimalware, and spybot search and destroy. 18.	Unless you have your own antivirus solution that you trust, uninstall any and all antivirus programs. You cannot have more than one antivirus program on the computer at the same time. 19.	Install Microsoft Security Essentials and let it update and run a full scan. 20.	Click the start menu and keep running windows updates until it says no more updates are available.

Advanced Steps Offline Service Pack Rollback (XP) This uninstalls the current service pack and reloads all system files with good backups (if they are available).
 * NOTE* If these basic techniques don't work, the infection is still on the machine, and you simply can't find where/what it is then you may need to reformat the drive and reload windows. However, if you are willing to try a few more steps, have Windows XP service pack 3, and are not scared of command lines, then this is for you.

1.	Start the computer up into recovery console 2.	At the command prompt, type "CD $ntservicepackuninstall$\spuninst" (without quotes) if you don't have this folder you are out of luck and cannot use this. 3.	Type "batch spuninst.txt" (no quotes) and let it do its thing. 4.	After completion you will see the command prompt again. At this point either type exit or simply restart the computer by pressing the power button. 5.	Start the machine up into windows and see if this helped.

Reset Network Stack Go to the Start Menu, type cmd and right click or (Ctrl + Shift and hit Enter), and select "Run as Administrator" Type the following commands, each followed by pressing enter.

•	ipconfig /flushdns •	nbtstat –R •	nbtstat –RR •	netsh int reset all •	netsh int ip reset •	netsh winsock reset

Or another helpful command: netsh interface tcp set global autotuninglevel=disabled

Reset/Repair/Restore Default Permissions (Vista) To restore your operating system to the original installation default security settings, follow these steps: Click Start, click Run, type cmd, and then press ENTER. In Windows XP, type the following command, and then press ENTER:

•	secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose •	In Windows Vista, type the following command, and then press ENTER: •	secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose •	You receive a "Task is completed" message and a warning message that something could not be done. You can safely ignore this message. For more information about this message, see the %windir%\Security\Logs\Scesrv.log file

Troubleshooting / FAQ 1.) I have followed the removal steps but Internet Explorer is still having issues, how do I fix this? Even though the malware has been removed from the machine, applications like Internet Explorer will experience some residual effects from the infection like slow web surfing or inability to open up certain sites. When this occurs, you will need to remove Internet Explorer. Steps for Windows XP To uninstall Internet Explorer 8, follow these steps: 1.	Carefully select and then copy the following command: %windir%\ie8\spuninst\spuninst.exe 2.	Click Start, and then click Run. 3.	In the Open box, type Cmd.exe, and then press ENTER. 4.	Right-click inside the Cmd.exe window, and then click Paste to paste the command that you copied in step 1. 5.	Press ENTER to uninstall Internet Explorer 8. 6.	When the uninstall program is finished, restart your computer.

Steps for Windows Vista\Windows 7 To uninstall Internet Explorer 8, follow these steps: 1.	Carefully select and then copy the following command: FORFILES /P %WINDIR%\servicing\Packages /M Microsoft-Windows-InternetExplorer-8*.mum /c "cmd /c echo Uninstalling package @fname && start /w pkgmgr /up:@fname /norestart" 2.	Click Start, and then type Cmd.exe in the Start Search box. 3.	In the list of programs, right-click Cmd.exe, and then click Run as administrator.

4.	Right-click inside the Administrator: Command Prompt window, and then click Paste to paste the command that you copied in step 1. 5.	Press ENTER to uninstall Internet Explorer 8. 6.	When the uninstall program is finished, restart your computer.
 * NOTE* If prompted for an administrator password or for confirmation, type the password, or click Continue.

2.) I tried to access Safe mode by tapping the F8 key, but it keeps going to the Windows screen. Launching Safe mode can be a little finicky at times. If you see the Windows XP screen, it means that you did not hit F8 at the right time. If the Windows XP screen appears, all you need to do is hold the power button on the computer until the machine shuts off. Then hit the power button and then start tapping the F8 key about once a sec. This will then get you to the Safe mode screen.

3.) I am not sure if I am experienced enough to build my own PE, is there a prebuilt setup I can use? IT analysts have taken this into consideration and have created many types of PE for different circumstances. Some have been designed to recover Windows XP from debilitating crashes and others have been created for virus removal. Microsoft has also created a helpful guide on how to create a PE at http://msdn.microsoft.com/en-us/library/cc312998(WinEmbedded.5).aspx

Conclusion Tuition, books, gas, and virus removal all have the share a common thing. Inflation, the cost of these items keeps rising every year, causing students to have less and less money while in school. Students do not have any say in how much tuition and books cost, nor do they have any say in what the oil companies are charging for gas. But students now have a say in how much they need to spend on virus and malware removal. Bit By Bit Solutions realized that students do not have the funds necessary to afford proper malware and virus removal as these costs can easily reach the $200 mark. So the team was determined to create a manual that anyone can use in regards to virus removal. The three man team devoted countless man hours to researching malware and the current removal processes for some of the most common types. Once steps were agreed upon, hours of testing was performed and eventually creation of this manual occurred. The team took many approaches in creating this manual and feel that the final product is more than ready to help the students of the University of Louisville The primary goal of this manual was not only to show students how to save money by removing malware and viruses themselves, but also to inform them of costs of becoming infected. Not all malware can be removed by hand, and the team took this in consideration and provided examples of free software that can assist in removing infections. This manual has taken in consideration of students different levels of computer knowledge and has successfully built the manual to be effective to all knowledge levels.

References Adware. "The Evolution of Computer Viruses." Adware.com. Adware, 2008. Web. 18 Apr 2010. .

AntiVirus Ware. "History of Computer Viruses." Antivirus Review. AntiVirus Ware, 2010. Web. 15 Apr 2010. .

Antivirus World. "History of Computer Viruses." Antivirus World, Web. 27 Feb 2010. .

Geek Squad. "Computer Hardwarerepair." Geek Squad, Web. 27 Feb 2010. .

Magid, Larry. "More attacks expected on Facebook, Twitter in 2010." CNET News. 29 Dec 2009. CNEW, Web. 27 Feb 2010. .

McAfee. "McAfee Secure." McAfee, Inc., Web. 27 Feb 2010. .

Perone, Joseph. "Expect new, evolving computer viruses in 2010." New Jersey Business News. 31 Dec 2009. Nj.com, Web. 27 Feb 2010. .

Ralis, David. " Computer Virus Attacks Increasingly Malicious." Wopular. 08 Feb 2010. Wopular, Web. 27 Feb 2010. .

Sophos. "Malware and spam rise." 01 Feb 2010. Sophos, Web. 27 Feb 2010. .

Symantec. "Attacks Increasingly Target Trusted Web Sites." Symantec Report. Symantec Corp., 	13 May 2008. Web. 18 Apr 2010. 

TopBits. "History of Computer Viruses." Tech Community. Top Bits, 2010. Web. 15 Apr 2010. .