Short how-to on checking and cleaning windows installs from malware:
1. download a linux distro of your choice using a torrent client (reason: automatic hash-check, basically knowing that what you download is the real thing). For the purpose of this howto, I'll give the example of Fedora, because it's fully Open Source and GPL/GNU licensed, and runs really well on most hardware out of the box, and a Fedora Live distro boots to root, which is convenient. Fedora should only be downloaded from fedoraproject.org. The version to chose is the LiveCD version, and the spin that fits on a CD is the XFCE version, because it's smaller. If you go for the Gnome or KDE versions, it will not fit on a CD but you'll have to burn a DVD. Do not download the "install" version, but make sure you download the "Live" version.
2. burn the downloaded .ISO file like this: http://windows.microsoft.com/en-sg/windows7/burn-a-cd-or-dvd-from-an-iso-file
3. restart the computer and boot from the CD. Fedora will start up, and ask you if you want to install or try Fedora. Select "Try Fedora", and the system will boot further (this is not so fast because it's running of a CD, which is very slow in comparison to a HDD). When the system is booted, you'll be root, which is needed to install anti-virus software.
4. open the application laucher, and select "Terminal". A Terminal window pops up. Maximize it for ease of use. There is also a GUI way of doing all of this, but that differs from DE to DE, so I'm giving the CLI version because it works on all systems and it's faster.
5. In the terminal windows, you'll see a command prompt. This looks like "[[email protected]]$" or "[[email protected]]#". If it looks like the first option, type "su -" and press enter, and it'll look like the second, which is what you need.
6. Type "yum install clamav clamtk" and press enter. The system will look for the software packages "clamav" and "clamtk" in the official trusted fedora repos, and ask for confirmation to install these. Enter"y" for confirmation. The system will now install these packages.
7. after you get the command prompt back, type "leafpad /etc/freshclam.conf" and press enter. If you use the Gnome edition, you'll have to use "gedit" instead of "leafpad", and if you use the KDE version, you'll have to use "Kate" instead of leafpad. For the XFCE version, both "leafpad" and "geany" can be used, I chose leafpad because it's a very simple program without distracting functions for the inexperienced.
8. after entering the command under the previous item, a window will pop up with the contents of the freshclam.conf file. You'll have to make two very small edits to this file:
- at around line 7, you'll see the line "example". Change that to "# example" or just delete the line.
- at around line 70, you'll see a line that looks like "# DatabaseMirror=db.XY.clamav.net". Delete the "#" at the start of the line, and change the "db.XY.clamav.net" to "db.US.clamav.net" if you're in the US, "db.FR.clamav.net" if you're in France, "db.DE.clamav.net" if you're in Germany, etc... basically, enter your country code or the code of a country near you, so that you can access the virus definitions database efficiently.
9. Save the freshclam.conf file by selecting "file" and "save" (just like in windows notepad). Close Leafpad, and you'll be back in the terminal window you used before.
10. Type "freshclam" and press enter. The system will update the virus definitions. When it's completed, close the terminal window.
11. in your application launcher, find the program called "clamtk". It has a red crosshair in it's icon, and should be in the accessories category or the system category. Click the program name or icon to start it.
12. ClamTK will now open in a new window. After looking for virus definitions for about a second, it should display three checkmarks or three green lights, indicating that everything is up to date. In the toolbar, you'll find an icon that says "preferences". Click that. Preferences window opens. Check all options there and click OK to close the preferences window.
13. Click the "Home" icon in the toolbar for a full system check, or open the scan menu to select a folder on your computer. Make sure that if your computer has multiple HDD volumes, all volumes are mounted. In the XFCE edition, all the volumes are shown as icons on the desktop. If they are not mounted, they are greyed out, and you have to right click them and select "mount" from the context menu that pops up. Volumes that are not mounted will not be scanned, so this is important.
14. The scan will run for some time, and when it's finished, clamtk will open a window with all the infections found on the system. You'll have to go through them one by one and select "delete" or "quarantine" for each of them.
15. When you're done, close ClamTK and restart the computer, ejecting the LiveCD when the computer boots up.
16. If you had infections on your windows install, chances are that your windows is now broken, because most infections are on system files. Use the Windows install DVD to repair the system.
You might consider not running Windows on bare metal, but rather in a linux virtual container, because you can then snapshot your fresh windows install before infections and restore it in seconds after removing later infections, instead of having to repair the system. It literally takes seconds to do this, because linux uses what's called overlay files for this, because most of the data in a windows snapshot consists of zeros (for whatever unknown reason), it's basically just taking huge amounts of storage space for no reason at all, and the snapshot function in linux will reduce the size of those files automatically, using much less storage space, and because it's a smaller snapshot file, it will restore much faster. Also, Windows does run faster in a well configured linux virtual container than on bare metal. It has done so since about 2011, but in the last couple of months, linux performance has risen to the point that the Windows performance in a virtual linux container is now visibly faster than running Windows on bare metal. So if you want to use Windows in a smart way, virtualize it instead of running it on bare metal, it's not only much safer, but it's also much more convenient and much faster.