My Computer Won't Start Up, I Have the lsa32.exe Worm

Manual clean up

• 1

  Unplug your computer from the Internet. If you are hard-wired, unplug the Cat5 Ethernet cable. If you are running on Wi-Fi, disable your Wi-Fi network card.You will need to have another, clean Internet-connected computer nearby to serve as a stand-by to download software you will need for the cleaning process.

• 2

  Boot your computer, pressing F8 as you power up. Enter "Safe Mode" if possible. Many viruses are not able to deploy in Safe Mode. If you can enter Safe Mode, continue with this cleaning effort. If not, skip to Section 2: Other Efforts.

• 3

  Go to "Start," "Control Panel" and "Systems" and turn off Systems Restore.

• 4

  Download a free and safe advanced cache cleaner program called C-Cleaner. Windows does not have a comparable tool. Download the program to a flash drive using another computer. Use a small flash drive, 1 gig in size, that is completely empty. You will destroy this flash drive after the clean up is finished to prevent it from cross-infecting other computers. Don't install C-Cleaner yet.

• 5

  Download a free and safe advanced virus cleaner called "Combo Fix" from BleepingComputers.com. Combo Fix is very effective in killing advanced bugs: Windows offers nothing comparable. Download the program to your small flash drive but don't install it on your computer yet.

• 6

  Download three special clean up programs: Avast, Malwarebytes, and SuperAntiSpyware. Don't be misled by their "free" nature: these programs are very effective in cleaning most generic viruses and some advanced bugs as well: Windows does not offer comparable on-board tools. They are the tools many professional PC techs use in viral combat. Download these programs to your small flashdrive but don't install them just yet.

• 7

  Install all of these programs from your flashdrive to your computer, except for Combo Fix. You'll leave Combo Fix, the virus "nuke" program, for last. Insert the flash drive in the USB port on your computer and double click on the program install icons. Follow the installation directions for each program, one at at a time. If the program offers to "launch" the program now, choose "Yes," or "Okay," but don't run any scans until all (but Combo Fix) have been deployed.

• 8

  Run three of these programs in this order: C-Cleaner then Malwarebytes. C-Cleaner again and then SuperAntiSpyware. C-Cleaner yet again, and then run a "Boot Scan" with Avast. When Avast is complete, it will reboot your computer. In most cases, you will not need to go into SafeMode to reach your desktop after this process, a good sign that healing is happening!

• 9

  Install Combo Fix from the Flash drive. Run the program. If you are using a laptop computer, make sure you're running on AC power, not the battery. You cannot risk the laptop battery going dead during the Combo Fix procedure. Follow the ComboFix directions as they pop up. When ComboFix is finished, it will reboot your computer.

• 10

  Reconnect your computer to the Ethernet cable or Wi-Fi signal. You should be able to get on the Internet now. If not, skip to Section 2.

• 11

  Revisit the Avast, Malwarebytes, and SuperAntiSpyware websites again---from your computer. Download any updates to these programs and run all three programs again. This is the only way to be sure your computer is really clean.

• 12

  Throw away the small flash drive. It may have picked up the rootkit infection while serving you. You want to prevent re-infecting yourself, or others, by destroying it.

Other Efforts

• 13

  Reinstall Windows using your Windows OS Setup disc. This full reinstall will erase your hard drive contents, and the root kit with it. The process takes less than 40 minutes to complete, a much shorter amount of time than a manual clean up effort. Place the Windows Setup disc in your computer CD drive and boot your computer. Your computer will prompt you: "Press any key to boot from CD." Press any key. The Windows process will start. Follow it through until you reach the "Name your computer" stage. When this appears, plug in an Ethernet cable to revive your Web connectivity. Finish up the reinstall process.

• 14

  Remove your hard drive from your computer if you cannot clean up the computer manually ---while it is the "boot drive" of your computer--and if you don't want to resort to a Windows reinstall just yet. This is the last ditch effort! Connect your hard drive to another computer as a secondary Slave drive (see YouTube video below, in References). Download all the programs listed in Section 1 and run the scans on your hard drive in this Slave drive position. When the scans have been completed, return the hard drive to your machine. If you're fortunate, the rootkit will have been destroyed. Run Combo Fix once more to be certain.

• 15

  Replace the hard drive if none of the above steps seems to clear up the infection. You may have another strain of "32" virus--in addition to Isa32-- that is not repairable. Remove the hard drive from your computer and replace it. Reinstall Windows afresh on this new hard drive. Destroy the old hard drive.