Let's Dance! - The Windows Waltz
A step-by-step guide to dancing The Security Tango - for WindowsStep One: Kill the Lurkers
Before we can clean out your system completely, we have to make sure that any of those oh-so-innocent-looking files sitting on your hard drive (that may not show up on anybody's radar) are not secretly lurking in the background, breathlessly waiting for the chance to pounce out of the shadows and reinfect you.There are several variations on each of these steps, depending on which version of Windows you're running, which version of your Web browser you're running, etc. I'll hit the highlights, but your mileage may vary. Pay attention to the prompts and menu choices and you should be okay.
Before you start, just a word about running your computer as the Administrator. When you start your computer, you have to log in (many Windows systems do this automatically for you - more on this later). This lets you have multiple users on the same computer (not simultaneously). If you're not running as Adminstrator normally, then you should log out, and log in as the Administrator to dance the Security Tango. If you have no idea what I'm talking about, or if your computer just starts up without asking you to log in, then you probably do run as the Adminstrator. You shouldn't, on a day-to-day basis. Generally, it's best to not run as the Adminstrator. If you run as a regular user, viruses have a harder time infecting your computer. You should only run as the Administrator when you want to add or remove programs. But that's kind of beyond the scope of this page. So... now that I've confused you thoroughly, let's go!- Delete your Temporary Internet Files
- When a Web browser (e.g., Chrome or Firefox or Edge) goes to a Web site, it saves a copy of each page on your hard drive. This is designed to enhance your browsing experience - the next time you go to that page, your browser checks to see if anything's changed; if not, it uses the old copy on your hard drive. This makes browsing to a site much faster, and cuts down on Internet traffic considerably. This is a great idea, but it means that if you've gone to a Web site with malware, a copy of that malware may well reside in the cache (those temporary Internet files). So let's get rid of 'em.
- In your Web browser, click the Tools menu, then click on "Internet Options...," then click the "Delete Files" button in the "Temporary Internet Files" section. If you're still using Internet Explorer, you'll see a new box with an option to check to delete all stored offline content. You should do that. Click OK. The cursor will turn into the hour glass for a while, then come back. That's really all the indication you have that you've done it.
- In Firefox, click the Tools menu, then click on Options...," then click on Privacy. Click the Clear button next to Cookies.
- Empty the Recycle Bin
- Empty your Temp Files
- In the same way that your Web browser saves temporary files on your hard drive, so does Windows itself. Often these are "scratchpad" files used by programs, and sloppy programmers have neglected to delete them. You should do so. Of course, the way it's done has changed in Windows 10 & 11.
- Windows 7/8
- Look for folders called TEMP or TMP (upper or lower case) on the C: drive at the root level (the base level of the drive) and empty them. Do the same with folders also named TEMP or TMP inside the Windows folders. Sorry I can't be more specific than that; many manufacturers tweak Windows a bit before they send it out, and one of those tweaks is sometimes to change where the temporary files are kept.
- You may get an error message or two at this step. There may be a program running that has a file opened in the Temp files directory, and you won't be able to remove that one. Also, there may be some folders you can't remove. You see, when Windows installs some programs, it puts files it uses all the time in the temporary directory. Yep. In either case, don't worry about it. Just move on to the next file, or decide you're done.
- Windows 10 & 11
- From the Start menu, select Settings, then select System, then go to Storage. You'll see your hard drive listed as "This PC," with the amount of storage used as a bar. Click on it. You may wait a while as Windows gathers the necessary information.
- Once Windows is done gathering information, you'll see a list of file types and how much disc space each takes up on your system. Scroll down until you see "Temporary files." Click on that.
- From here, you can delete all of your temporary files, manage the files you've downloaded, and even empty your Recycle Bin. Click on "Delete temporary files," click "Yes, I'm sure" in the pop-up verifier, and wait a few moments while Windows does its thing.
- You may get an error message or two at this step. There may be a program running that has a file opened in the Temp files directory, and you won't be able to remove that one. Also, there may be some folders you can't remove. You see, when Windows installs some programs, it puts files it uses all the time in the temporary directory. Yep. In either case, don't worry about it. Just move on to the next file, or decide you're done.
- Reboot
- I don't know that this step is strictly necessary, but I bow to the wisdom of my friend Bill Bateman. At any rate, it can't hurt.
- Turn off System Restore
- System Restore is designed to return the system to a known good state, in case you mess things up a bit. The problem is that many viruses nowadays lurk in the System Restore files, and if you do a Restore, immediately reinfect you!
- Note that dancing this step results in the loss of all previous Restore Points.
- If you really want to, you can turn it back on again afterwards, but you'll just be turning it off again the next time you dance the Tango, so what's the point?
- Windows 10 & 11
- System Restore is off by default in Windows 10 & 11. Unless you've turned it on, you can skip this step. If you have turned it on, turn it off.
- Windows 8/8.1
- Move the cursor to the bottom right corner of your screen to display the Charm Bar and choose Settings (or press the Windows key + C)
- Choose PC info
- Choose System Protection
- Click on Configure
- Select Disable system protection
- Click on "Apply
- Windows 7
- Open System by clicking the Start button
- Right-click Computer
- Click Properties
- Click System protection
- Under Protection Settings, click the disk, and then click Configure
- Click OK, and then click OK again
- Windows Vista
- You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed. If you do not know how to log in as Administrator, contact your system administrator (if you are on a network), the computer manufacturer, or installer.
- Click on the "Start" button in the lower left corner
- Right-click on Computer, and select Properties from the drop-down list
- Select "System Protection" on the right under "Tasks," and click "Continue"
- Uncheck all your drives - that will stop System Restore from working on those drives
- Okay your way out
- Windows XP
- You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed. If you do not know how to log in as Administrator, contact your system administrator (if you are on a network), the computer manufacturer, or installer.
- Right-click My Computer, and then click Properties from the drop-down list
- (Depending on how your system was set up, you may have to click Start -> Programs -> Accessories -> Windows Explorer to get to My Computer)
- Click the System Restore tab
- Check the "Turn off System Restore" or "Turn off System Restore on all drives" check box
- Click Apply. A warning message appears, reiterating what I said above. Click Yes.
- Click OK
- Reboot
Step Two: Download All Necessary Files
Shortly, we'll be rebooting into Safe Mode, which will cut off your Internet access. So first, we'll download all of the software we need to install. You'll find out more about the individual files below, but for now, let's just download them.- Download rkill, which tries to stop malware from running so that they can be removed.
- Download unhide, which tries to reveal programs that are trying to conceal themselves from being removed.
- Download a rootkit remover, which tries to kill some very specific rootkits. Check out the Windows Software menu choice above.
- Download the free versions of SuperAntiSpyware, Malwarebytes' Anti-Malware, and Malwarebytes' Adware Cleaner. Once you've seen how great they are, you'll want to buy the full versions, but for a first cleanup, you can use the free versions.
- You'll want an antivirus program. If you already have one, great. Update it and scan your entire system right now. If you don't have one, download one of the ones on that menu there at the top. Many you have to pay for; AVG and avast! are free for personal use. Comodo has both a free and a paid version.
- Next, you'll need a firewall. If you have Windows XP with Service Pack 2, you have one. If you'd rather, you can get a great firewall from the list on that infamous menu at the top. Most of The Security Tango is designed to weed out infections that are already on your computer. What's better is to block as many of them as possible before they even reach your computer! Firewalls help do that. They stop traffic from coming into your computer via most of the known malicious backdoors and rarely-open paths. If you have a small network at home, with a home router, it's possible that router includes a firewall, which will protect all of the computers in your network. If, however, you have only one computer, you should run a firewall on it. ZoneAlarm does have a free version, but, again, once you see how great it works, you'll want to get the full version.
Step Three: Reboot into Safe Mode
Now we want to reboot into Safe Mode, where very little stuff is running in the background, and you're off the Internet. (Some systems don't do Safe Mode for various reasons - if you can't get into Safe Mode, don't worry - just keep on keepin' on)Getting to Safe Mode in Windows 7
- Click Start, click Turn Off Computer, and click Restart.
- As the system reboots, keep tapping the F8 key until you see a text menu.
- Select Safe Mode.
Getting into Safe Mode in Windows 10 & 11
PLEASE NOTE: On some Windows 10 & 11 machines, when you reboot into safe mode, Windows wants you to enter your password/PIN again. However... on some Windows 10 & 11 machines, Windows seems to ignore the keyboard, so you can't enter your password/PIN! The way you deal with that is to use the on-screen keyboard, and enter your password/PIN using the mouse. So be sure to turn on the On-Screen Keyboard BEFORE you reboot into Safe Mode, just in case. To bring up the on-screen keyboard, click on the Start button in the lower left corner. Click on "Settings" (you may have to scroll to find it). Click on "Ease of Access" in the window that comes up. On the left, scroll down to "Keyboard," and click on it. Turn on "Use the On-Screen Keyboard." It will appear. Once it does, you can reboot into Safe Mode:- Hold the Windows key down (as if it were a shift key) while you press the R key. This brings up a Run box.
- Type msconfig, and press Enter.
- Click on the Boot tab.
- Under Boot options, check Safe boot. Minimal is fine; leave it selected.
- Click OK.
- Click Restart, and the system will reboot into safe mode. You'll know you're in Safe mode, because it will say so above the Windows menu in the lower right corner.
- To reboot into regular mode again, just go back into msconfig and uncheck Safe boot, then reboot. You'll be back to normal. And you can turn off the On-Screen Keyboard, if you like.
Step Four: Clean Your Machine
- First, we run rkill. This program tries to stop malware that's already running. It doesn't always work, but when it does, it makes the rest of the software we'll be running just a little bit more effective.
- Then, we run unhide This program tries to reveal bad stuff that's hiding in your system.
- Now we run that rootkit remover you downloaded. There are some very stubborn root kits out there, and your rootkit remover will try to stop them, then remove them.
- Please note:BitDefender's Rootkit may not run in Safe Mode on some versions of Windows 10 & 11. Try a different one.
- Now we move to your antivirus program. You must run a thorough scan on your system. Every antivirus program installs and runs a tad differently, so read the instructions that come with yours. The important thing to understand is that every antivirus program has two parts. There's the program itself (the "engine"), which searches your hard drive for infections, and there's the virus definitions, which the program uses to identify those viruses. Once we're done here, and reboot to regular Windows mode, you'll want to update your antivirus program again and run it again. The engine rarely needs updating. But the definitions need to be updated regularly. Running with old definitions is like not running an antivirus program at all! Every antivirus program has a mechanism for updating the definitions. You should familiarize yourself with yours, and make certain that the definitions are updated regularly. Daily is not too often to update. Most days of the week, you won't get anything new, but those times you do will come in really handy!
- SuperAntiSpyware is - you guessed it - yet another antispyware program. It handles some key loggers and hijackers better than some of the others. Yes, you have to update the virus definitions in the free version by hand; make sure you do that.
- Next, Malwarebytes' Anti-Malware. As with the others, there are types of infections that it handles better. Again, make sure you update the virus definition database by hand each time.
- One more - Malwarebytes' Adware Cleaner. Adware is a whole different animal, and warrants its own cleaner. Just run it. I know - it all seems so redundant. And most of the time it is. But that one time when each of these catch something different from the others, you'll be glad you ran them all!
- Now it's time to install that firewall. Install the one you downloaded in Step Two, or just use the one that came with Windows.
Step Five: Reboot and Do it Again
Once all of those have been installed and run, and you have gotten your machine as clean as possible, it's time to reboot (this time in regular mode) and do it all over again! The reason for this is that, now that the system is pretty clean and protected, it's time to update all the programs (to make sure you're as protected as possible). Once you've updated them, of course, you'll want to run them again to make sure that you've cleaned out absolutely everything you can. Reboot, and run the Tango in order:- Rkill
- Unhide
- Your chosen rootkit remover
- your antivirus program (update it first)
- SuperAntiSpyware (update it first)
- Malwarebytes' Anti-Malware (update it f... oh, you know)
Step Six: Windows Update
If you're running a newer operating system, Windows Update may well be running in the background, and every once in a while will annoy you by notifying you that updates are ready to be installed. This is a Good Thing™! You should be able to set up automatic updating via your Control Panel - it'll be called either Windows Updates or Automatic Updates. In Windows 11, just go to Start → Settings → Windows Update → Check for updates.If you don't have that (e.g. you're running a very old version of Windows), you can still update from Internet Explorer in that older version of Windows. Click the Tools menu, then select "Windows Update.". Always install all Critical patches; others my not suit you - read them carefully.
Yes, it's true that Microsoft has put out one or two updates that killed Windows entirely. You have to weigh the risk of being vulnerable to a known exploit vs. the very slim possibility of having to reinstall your system. You do have backups, don't you?
While You're at It:
You might want to give some thought to turning off Fast Startup. You can read all about it here.Remember: Spybot's, Anti-Malware's and your antivirus program's definitions must be updated every time you run them!
Additionally, you should regularly check the various pages of our dance partners to assure yourself that you're running the latest "engine" as well as the latest definitions!Some of this stuff can be potentially damaging to your system - if you're not sure what you're doing, please bring your system to a qualified professional to clean it!
Special thanks must be given to my friend Bill Bateman, who suggested entire steps, as well as made improvements to many of the other steps. Not only is he a qualified computer professional, a great teacher, funny, interesting, handsome, and a heck of a musician, he's pretty smart, too!
Bill: Still waiting for my check... There are a whole lot of other people who have suggested rewrites, changes, additions, deletions, and anatomically impossible things. Thanks to most of you; keep the constructive suggestions coming!
Please Help
Is the Tango useful to you?Please help keep this site alive! Fighting the good fight for
20 yrs, 6 mos & 27 days.
Where's Nick's Q&A?
Newspapers dieInformation doesn't