Here is how to clean a system and prevent it from being seriously compromised again.


I will briefly explain how this all works

This tutorial is for the basic end user that wants to put a stop to malware for good. Advanced users can do more than just LUA but I will not go into that now. Over the years I have given up on antivirus and found that the only REAL solution is limited users. You will need a credit card to buy an active scan pro panda account if you do not already have a clean system it's like 25$ a year so go get an account. I don't work for panda software or anything I just found that out of all the online scanners panda has the best. Only other alternative I can suggest is kaspersky.com they have an online scanner too.

  • Antivirus does not work!

    I don't care how much you pay for end-user commercial antivirus it does not work because it depends on definitions and if it's a zero-day exploit it won't do you any good and often times causes more problems than it fixes!

  • LUA (Limited User Account) is the way! Guess what?? IT IS FREE!!!

    The Limited User Account (LUA) in Windows XP prevents casual access to sensitive areas of the operating system such as the registry and the Windows folder. As a result, LUA provides a significantly more stable operating system experience for the user. The drawback to LUA is that many applications were not written for this scenario and require users to have full access permissions to the entire computer.

    Now the workaround for applications is using the runas feature for windows so you do not have to logout every time you need to run an application as a user with Administrative rights. I will show you how to do this later.

  • Remove ALL security software (yes it all Norton/Symantec , MacAfee and anti spyware apps etc ...) If you have problem removing Symantec products use the Norton removal tool

  • If you already know you have a secure system you can skip to the 'Once you have a CLEAN SYSTEM' section. If you like you can do the panda online scan only for free

  • Wipe out all temp files (this will make the scan a LOT faster ) you can use ccleaner or if you have multiple login accounts my quickclean.exe that works for all users on the box !!!

  • Boot safe mode with networking support ( you may need to be wired connected for this to work so wireless MAY not work in this case)

    To get into the Windows 2000 / XP Safe mode, as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu". Use your arrow keys to move to "Safe Mode With Networking Support" and press your Enter key.

  • Go to www.pandasecurity.com/activescan and buy the pro account its like 25$ a year

  • For better results use firefox browser and end task all running EXPLOERE and IEXPLORER before you start the scan

  • I do quick scan first then a full scan

  • Reboot safemode with networking again and run the scan again and save the log file open it then all you are looking for is items that did not get cleaned that are .dll or .exe if you see any items that are DLL or EXE contact a professional or email me from my contact page.

    Once you have a CLEAN SYSTEM

    Now here is the part where we use the built in security for windows this way you don't need ANY bloated software to secure the system !

  • create new administrator account called 'admin'
  • create new limited user account called 'internet' if the current user is 'Administrator' and copy all the files to that user
  • if the current user is not 'Administrator' then the just drop the user to the 'Users' Group or limited user I have created a script to do this for you !! run the script here lockxp.exe

  • OK. Now you have a secure account but before you reboot change the password to the 'admin' account to something you can remember !
  • Start > Control Panel > User Accounts to change passwords for accounts( you can also change Administrator AND internet accounts if you like )

    Defaulting to limited user account LUA

    When you start windows you are prompted to login this section will allow you to always run as the protected 'internet' account without having to login every time

  • Click start > run then type 'control userpasswords2'
  • Select the 'internet' account
  • Uncheck the 'User must enter a username and password to use this computer. You will be prompted for the user 'internet' password.

    Using the RUNAS feature:

    If you are having issues running a program as a limited user do the following

  • Hold shift and right click the shortcut or program and go to RUNAS


  • Then put in the admin or administrator account login


    Advanced RUNAS

    If you find you are having to runas too often you can use the /SAVECRED option
  • Right click the shortcut and add the following to the beginning of the line
          'runas /u:admin /savecred' Don't forget the space at the end

    Now when you click the shortcut it will never prompt you again.