I have stopped counting the number of times I have played that game: Removing malware on a windows box without killing the system.

The first step is identifying the malware. This is normally done by a virus scanner. If there is none avaliable, you might try some online scanner. If this is not possible or the scanner fails, Process Explorer from Sysinternals is your friend as many malware programs are running as background services. Missing company names or descriptions are a common sign for software. Another helper is netstat!

To make sure the identified program is the enemy we’re looking for, take a closer look at its actions. TCP Connections are often signs for bots.

If our search wasn’t successful, Autoruns by Sysinternals is our next chance. With the help of this program you can have a closer look at files starting up automatically – including various DLL files used by the windows explorer. As before, missing company names or descriptions are signs of malicious things. To verify that the file is bad, there’s no way around google.

Step two is whacking the rat. As windows cannot delete files in use, we have to deactivate the virus first. If we found it being an exe, it should be killed easily via Process Explorer. If it relaunches, booting into safe mode or using a bootdisc helps. An alternative method is using Autoruns by removing the entries there. After rebooting the system, the file is removeable as it is not used anymore.

To bring the game to an end I would suggest installing the missing security patches.