A-to-Z Index

Computing Homepage

Information Technology Help Desk

Mon -Thu: 8:00am -9:00 pm
Friday: 8:00am - 5:00pm
Saturday: Closed
Sunday: 3:00pm - 9:00pm

(when classes are in session)

Exceptions for the year


Windows Vista/7 Worm Removal Information



Allow two to three hours to perform this procedure. If the computer is used to handle sensitive information or services, the cleanup method that involves the least risk is to re-format and re-install.

  1. Download the McAfee Stinger Tool to your desktop.
  2. Click the Symantec/Norton gold shield icon in your taskbar (you do have the Symantec antivirus installed, right?) and when the window comes up, click the LiveUpdate button to make sure you have the latest anti-virus definitions.
  3. Disable System Restore
    1. Click Start -> All Programs (or just Programs) -> Accessories -> System Tools -> System Restore
    2. When the System Restore Window comes up, click the System Restore tab,  and then check the box labeled either Turn off System Restore or Turn off System Restore on all drives.
    3. Click OK
    4. Click Yes to verify that you want to turn off System Restore
  4. Start the computer in safe mode by using the following procedure:
    1. Turn the computer off.
    2. Turn the computer on and as it starts up repeatedly tap the F8 key until the menu appears letting you choose SAFE mode. If the computer comes all the way up without giving you the menu, restart it and hit the key earlier in the startup process. If you still can't get it to work, stick a blank floppy disk in the computer, restart the computer, and when the computer complains about a non-system disk, remove the floppy diskette and hit the F8 key repeatedly.
  5. Double-click the McAfee Stinger Tool you saved in step 9. That will recognize and get rid of the most common worms.
  6. Add any additional hard drives you may have to the list of drives to scan.
  7. Click "Scan Now". The Stinger tool will remove common worms and viruses.
  8. Start Symantec and let is scan your computer too. If neither Symantec nor Stinger find anything wrong, you may have a newly released virus that cannot presently be detected or fixed with software. Your alternatives at that point are:
    1. Reformat and reinstall
    2. Wait for new anti-virus definitions through liveupdate which may take days
    3. Manually download the latest emergency Symantec definitions and try again. This is a manual process consisting of downloading Symantec's "Intelligent Updater". It usually has definitions days before Liveupdate so it may be able to find something that the normal Liveupdate process does not. To manually download the Intelligent Updater:
      1. Visit the Symantec Intelligent Updater web page.
      2. Look under the second yellow bar for a file with a name ending in ".exe" with the general format 2005mmdd-xxx-x86.exe where mm=month, dd=day, and xxx=a numeric version number.
      3. Right-click that file and download it to your desktop. It may take a while because the file is quite large.
      4. Once the download is finished, double-click it and the file will update your anti-virus software so that it will detect everything that Symantec knows about at the time the file was created.
    4. A complex, onsite, manual removal process which very few people can properly do and which may leave malicious software on your computer
  9. Restart the computer
  10. Enable System Restore
    1. Click Start -> All Programs (or just Programs) -> Accessories -> System Tools -> System Restore
    2. When the System Restore Window comes up, click the System Restore tab,  and then uncheck the box labeled either Turn off System Restore or Turn off System Restore on all drives.
    3. Click OK
  11. With the prevalence of "viruses" today that provide third parties the ability to control infected, compromised computers, including the ability to log password keystrokes, it is strongly recommended that any passwords that may have been typed into an infected computer be changed. You must also keep in mind that other information, such as credit card numbers, personal documents, and electronic communications, may also have been intercepted.
  12. Perform the StartSafe steps to help ensure your computer doesn't get infected again necessitating repeating all this mess.