So your PC have been infected by malware!?

Even if you have installed the best antivirus on the marked you can still become infected with malware, and once you are infected there is no certainty that your antivirus is capable of cleaning up without a little help.


On this page I will refer to malware as a generalization of viruses, malware, worms and trojans, and the techniques I refer to is aimed at Windows XP (can still be used on other platforms but may require additional steps/actions).

Tell-tail signs that something is wrong;

Your antivirus keep detecting infections day after day, you clean it but the next day when you reboot the machine it is infected again.

When is there little reason to be concerned;

If you browse to a web-site and immediately get a warning from your antivirus that this and that file is infected, and the reference is to a file in a folder with a name something similar to this (it may differ some);

C:\Documents and Settings\username\Application Data\Microsoft\Internet Explorer\UserData\FY2BE6Q4

then there is a good chance your antivirus caught the malware before it got a chance to install itself and there is thus no reason to panic, I would however still recommend a complete system scan with the installed antivirus just to be on the safe side.

Infected, what now!?

How did I get infected and what is the big deal?

What often happens is that your PC is infected by malware while visiting a web-site, this can happen even without visiting dangerous/suspicious web-sites even very reputable sites sometime get malwarecode injected into their sites (this can happen via banner advertisements or by hacking etc.).  As the malware may be brand new your antivirus does maybe not know it and thus raises no warning, you have now unknowingly been infected.  After a few days, your antivirus vendor may pick up on the malware, and issue an update to your antivirus (definition update) once your antivirus has been updated it now detects that your computer has been infected. You might think that everything is fine now, your antivirus has detected the malware and offers to clean the infection!?  The problem is, that quite often a malware infection has had ample time to do it’s nasty business before it was detected and cleaned, thus your antivirus may very well clean the ‘original’ malware but may not pick up on some of the changes done to your system – this could be anything from harmless changes to the titlebar of your internetbrowser to more serious matters like the installation of backdoors, rootkits, botnet clients or other malware.

Anyhow, let us try to picture that your PC has now been well and thoroughly infected.

What do you do!?

  • Check that your antivirus is working and has the latest updates.
  • Do a complete system scan with your antivirus.
  • Restart your machine, do so by shutting down and then starting up the machine again (not a simple reboot)
  • Do another complete system scan with your antivirus.

Now many people think that once this is done, and the antivirus informs you that it has cleaned a number of infections everything is fine, well the correct answer is that MAYBE everything is fine.  The problem is, as mentioned before, that you may not know how long your PC has been infected nor what has happened during this time – if the malware has installed what is known as a rootkit, then this can be very hard to detect and may go completely unnoticed by your antivirus, thus we need to take additional precautions before we jump to the conclusion that everything is fine.

Additional steps/precautions;

  • Run Microsoft Malicious Software Removal Tool (MRT)
    This is a utility that Microsoft has included in Windows Update, it is thus installed on all PC’s and updated monthly, once a month an automated scan is made (without any warning or display thus you will never notice it).  You can launch this utility manually by opening a run dialog box (Windows key + R) and typing MRT.EXE and clicking OK, now click next and do a complete scan (you can start with a quick scan which is much faster, but I strongly suggest a Full scan of the system to be safe).




Now your PC should be cleaned for infections, however we still need to verify this.

  • Shutdown your PC, start it again (a simple reboot is not enough) now do a new scan with your antivirus scanner.

Experienced users;

If you are an IT professional here is a few additional steps you may try, these are additional steps not required, and you will still need to perform the steps above. I do not reccomend these steps for novice/non IT professional users.

  • You can try to check which programs are set to autostart, look for suspicious programs that are configured to startup automatically.This can be quite complicated to determine as the references/names used often may be difficult to identify (eg. acr32rd.exe etc).To check which programs and services autostart you can use the utility msconfig.exe (Windows Key + R) type msconfig.exe and hit OK-  or try the more advanced utility from
    however be cautious, if you disable important systemfiles the PC may not boot correctly and it may be difficult to undo the damage.

Update May 4th 2011;
a new tool is available to scan and clean your pc;
Microsoft Security Scanner, get it free here;

Update June 5th 2011;
Recently I mentioned the Microsoft Security Scanner ( a portable/standalone scanner for your pc, well it seem Microsoft is stepping up their Anti Malware/Rootkit effords – link to their new scanner Windows Defender Offline a bootable ISO containing a Rootkit and Malware scanner.  It is also worth noticing that the latest version of Microsoft DART “ERD commander” (the old Winternal/Sysinternal utility to boot, modify and fix Windows installations) now also contain a malware scanning and removal utility – this is however sadly only available to Microsoft corporate license holders.

This link may also be useful; 
(direct download

Video tutorial to installing and cleaning using Malwarebytes scanner; – Danish version – English version

Additional links added January 2011;

Kaspersky Rescue Disk 10 – a boot and clean disk you can use to cleanup your system (untested by me, but was recommended).  (Free)

Sophos Anti-Rootkit (Free) – a detection and removal kit for Rootkits

SpyBot Search and Destroy (Free) (I however still prefer Malwarebytes, but this is a good cleanup utility also)

On this page I will eventually try to list some or all the software I use on a regular basic

Updated Feb 19th 2011

I usually convert video using;
Any DVD Converter Pro –

DVD backup is done using;
DvdFab –
AnyDvd (bypass region coding and more) –

iTunes is used to manage my podcasts (and Audiobooks);

Media files are played using;
Media Player Classic (Home Cinema x64) –

The problem with missing codec’s etc are solved via;
Windows 7 codec pack (Sharks) –

Photos and graphic is edited using;
and sometimes Photoshop from Adobe.

When I need to convert .MP3 to .M4B (iPod/iPhone audiobook format) I use these utils;

AVI video to DVD is created via;

AVI editing is done via;
Windows DVD maker (live tools)

Virtual machines;

VmWare Workstation/Player for my Workstation and Hyper-V for my servers

WinRar –

Files Shared via;

Passwords remembered via;


Coding done via;
Borland Delphi 7 (old old version)

DRM removal (needed to play wmv on iPod) done via;

Drmbuster (Simpler version)
TuneByte (more advanced)

Browsing done via;
IE + Firefox

CD-Burning done via;
Nero Burning Rom –
Alternatives are;  –  –
But also check here;

ISO Mounting is done like this;

Mail is read using;
Microsoft Outlook 2010

Screenshots are taken via;

Video/screen video captured via;
Hypercam 2 (Free) – 

Various Utilities I also use;
Virus total (scan files for virus with many engines) –  and a right click plugin
TerraCopy (MOST excellent, speed up copying and much much more – a MUST have) –

mseYes it is here “Microsoft Security Essentials”, the Beta for Microsoft’s new free anti virus (previously codenamed morro) and the replacement for One Care Live a paid anti virus solution Microsoft attempted earlier which reached eol in June 2009.

We use Forefront Client Security (Microsoft’s corporate anti virus solution) at work, and it works quite well.  The malware and anti virus part is just as good as any I have tried, but the corporate management part is somewhat lagging I would say.  But as Microsoft Security Essentials is a standalone product this is not an issue, and I would suspect the engine etc. to be the same as Forefront Client Security so all in all I expect this to be an excelent product.

Read more; 
Here you can also get the beta (if you are eligible)
Here you can also get the beta (if you are not eligible 😉 )

A pretty good walkthrough here;

Some random posts;

Bonus Outlook tools.

For some additional tools to help you manage Outlook files and contents, don’t forget about all the awesome (and portable) Outlook tools offered recently by Nir Sofer.

Outlook/Office Utilities – (freeware) – NirSoft.

NK2View – (freeware) – Did you know that if you use Outlook the email names used in the To/Cc fields are retained? The NK2 file is the “auto-complete” file. Great place to review if you are auditing an Outlook user’s pc. Anyway, this handy utility allows you to view the N2K file, display all the email address records stored, and export them into various file formats. Handy for security techs.  Also allows you to quickly edit, sort, save/restore, and delete items in the file itself.  Particularly useful if you need to bulk-edit the contents due to changes/conversions in corporate address book items.

OutlookAttachView – (freeware) – This utility can help you locate, extract and/or remove attachments embedded in your Outlook email messages.  It displays the list of attached files in your Outlook’s mailbox, and allows you to easily select all attachments that you need, and then extract them into a folder that you choose. 

OutlookStatView – (freeware) – Nir is on a roll! For all you Outlook junkies out there, this tool can gather a lot of great statistics on your email habits. Quoting from Nir’s description, “OutlookStatView scans your Outlook mailbox, and display a general statistics about the users that you communicate via emails. For each user/email, the following information is displayed: The number of outgoing messages that you sent to the user (separated by to/cc/bcc), the number of incoming message that the user sent to you, the total size of messages sent by the user, the email client software used by this user, and the time range that you send/received emails with the specified user.”

Source; Claus V.

This content is password protected. To view it please enter your password below:

Although I am more or less up and running again after the Needhost bankruptcy (just 2 months blogposts lost), there are those less fortunate.

One of my very close friends lost his wife’s blog (not popular), but he pointed me to this blogpost that may be of interest to former Needhost customers;

Let’s hope for a small miracle this Christmas 🙂

In the Early days of Christmas 2008 my old hosting provider declared bankruptcy and switched off their servers, or rather switched off their servers and then leaked information about their bankruptcy..

So as a man with a FULL backup of his site cough cough, I went to a new provider and reinstalled my backup..  Hmm, but well as you may see I missed a few months of backup :-/  bummer..

But I will try to restore some of the missing posts from memory and from google cache, and well take a new look at my backup routine 😀

Meanwhile, hope you all had a merry Christmas and wish you a blast of a new year 🙂

Happy holidays.

 Ps. Note the irony in that the last post from my backup actually regarded backup..  Someone sure had it in for me 😉

Carol of the Bells – 2008 Holdman Christmas Display from Richard Holdman on Vimeo

Frosty the Snowman 2008 – Holdman Christmas Display from Richard Holdman on Vimeo.

I have decided to start a dedicated page to various links. Mainly I may keep this online for my own benefit, just to avoid forgetting those interesting links you stumble across over time.

Anyhow, here goes;


Below is a list of some of the blogs I have stumbled across during my surfing.

Michaels Deployment Blog
Blog with tip’s and tricks for deployment MDT/SCCM etc.

Rob Marshall’s blog
Microsoft SCCM guru

Ronni Pedersen’s Blog
Danish SCCM guru from EG

Terry Zink’s Cyber Security Blog
An interesting blog about spam and spammers among other things

News Media and more;

Below are links to different News services I follow.

ComOn  – (Mobile version)
A Danish online IT news magazine

Version 2
A Danish online IT news magazine

24 Timer
A free Danish newspaper (available as downloadable PDF also)

Cnet news (Video magazine)
Cnet’s Technology News site

Various Links;

A collection of different interesting links for various things.

4 sysops
A site for system administrators, full of useful utilities, reviews, scripts etc.

Lazy Admin
A site for system administrators
A Danish language forum/site for IT administrators

A site with various IT news, reviews, utilities etc.

Black Viper
A great resource to optimizing your Windows installation, this site will explain what the different services and processes do and what you can do to tweak performance.

A resource for debugging eventid errors in Windows

Need help configuring a router (perhaps setting up port-forwarding etc.), well this is the site to visit.  Lots of information and guides for almost any brand router you can think of.

Photo ressources;

In 2011 I bought myself a DSLR camera and during this process I did a lot of research, I found the links below very helpful

A great and easy to understand site with tons of reviews, tips and tricks and other information

This is a cool YouTube channel for people interested in Cameras.  Lots of reviews, tips and geeky/funny stuff in general.  Even if you are not all that into cameras then this is worth a visit.

Security Links;

A bunch of links to various security related sites and services

Hak5 is mostly a monthly webcast about security and hacking, it is perhaps tending to be a bit on the ‘black hat’ side – but this offers great insight into the ‘enemy’ and is thus very interesting.  It is a geeky show with tons of tips, tricks and reviews.  The quality has lowered slightly after the staff has been reduced, but it is still worth a visit if you are interested in ‘the dark side’ 🙂

Secunia offers among other things a security scanner for your pc that will evaluate the software on your pc (version and vulnerability wise).  Other than that it is one of the more famous security companies so they are likely to have other goodies or news lying around.

Threat Expert
This is a cool service where you can upload software for analysis, you will get a report that show what the software does upon execution (what files are installed, which registry keys are modified etc. and a general thread assessment) – it is very useful if you suspect mischief from some software you download or find installed on your pc.

Virus Total
This is an EXCELLENT site, you upload an executable or other file and it is analyzed with numerous antivirus scanners (20-30 different scanners).  Thus if you are in doubt if a file is infected upload it here and get a ‘second opinion’.  They also offer emailing service (you can email files instead of uploading) and a right-click option for windows (so you can right-click any file and upload it without having to visit a web-site).


Podcasts I listen to;

I recently bought an Ipod Touch 16gb, now this is a cool device it seem really well thought out and the finish just blows you away, the only thing I’m not that impressed with is that I’m forced to use ITunes to manage it, it would have been great with just pure USB access, but other than the ITunes ‘infection’ its really cool.  I added an FM transmitter for car usage, so now I can combine the commuter trip with e-learning (or just plain podcasting). – Security Now
Security Now is a weekly approx 1 hour security briefing with focus on new technology and current issues in the security world.  This show is fine both for persons with just a basic interest in security as well as the security professional. – Risky Business
Risky Business is like Security Now a security podcast, the focus on this show is however more on the commercial/business side.  This podcast is likely more interesting for the IT Security Pro than the home user. – Various
On Twit you will find numerous interesting shows staring Leo Laporte, along these I’d mention “Windows Weekly” and “Security Now” as definitely worth a listen.  The site’s focus in mainly on end users and not limited to IT news, there is also shows on cooking and parenting.

Quite a few additional Security Podcasts can be found here;


Http://  –  Sinus-Art
I would like to promote a small art gallery in Germany, I have bought a few paintings from this place and they are great.  Paul Sinus can really do something with colors, its really fascinating and at a fair price even.

Selected Value: 2

Get in touch

If for any reason you want to get in touch, give feedback, correct me or just plainly want to reach out.  Feel free to fill out the form on the left, I will try to get back to you in a few days if applicable.

Looking forward to hearing from you.


Who is the man behinde the scene;

Michael Møller

31st August 1969, Samsø Denmark

Civil Status:
Married to my beautiful wife Mary Liao

Where do I live:
Viborg, Denmark
Show City on Google maps

Current occupation:
IT administrator at a Danish architect company, former IT operations in both international corporations and in the Danish military.

Technologies I work with:

MS-Server 2003/2008/2008-R2, 2012 2012R2, 2019, MS-TMG, Sophos UTM, MS-Exchange 2010/2007/2003, Lansweeper, MS-SQL 2008/2005/2000, MS-Forefront, WebRoot AV, McAfee AV, Office365, MS-Teams, MS-Skype4b, IBM-TSM, MS-Cluster,/HyperV, Riverbed.

I used to code a bit in Delphi, but these days it’s mostly VBS and CMD scripts – I have a promise to myself to learn more Powershell but time is scarce so..



Books (I listen to quite many Audio Books , along with this come a number of podcasts), Movies, Family, IT in general and especially IT Security.

CISSP, CPSA, MCP (WIN NT, 2000, 2003), ITIL