I had a serious problem with my PC recently. I picked up some infection while surfing the Net and the symptoms that followed were quite annoying.

Here is a list:

• When I opened Internet Explorer, several new windows popped up, displaying ads
• Automatic Windows Update was disabled and when I tried to enable the service in Control Panel/Administrative Tools/Services, error 1058 appeared
• System Restore was disabled and I couldn’t use it
• Internet Explorer accepted all cookies and I couldn’t change this setting. Every time I changed to default settings, it reverted back to “accept all”

I tried to clean my history, cookies and temporary Internet files and scan the C: drive with my AVG scanner, but nothing helped. The symptoms persisted. I also used CCleaner to delete unnecessary stuff and clean my registry, but that didn’t help either. Spybot S&D and Registry Mechanic were also ineffective.

More advanced programs such as Hijack this, Browser Hijack Retaliator and Browser Hijack Recover found and removed some infections, but this still didn’t solve all problems.

I did some research on the Net and found out that this could be work of the spyware called Virtumondo. If you don’t have a great antispyware and/or antivirus program, install it immediately (for recommended programs please check this post) and scan your PC or see this article on eHow.com on how to remove Virtumondo.

I solved the problem by going to the most unlikely place - the Microsoft Web site! I used the free Windows Live OneCare safety scanner and it was able to identify all infections and remove most of them. It also showed 5 unknown files that it couldn’t remove. I googled the names and I realized that they were all parts of the infection. Since I knew the names as well as their location on the hard drive, I was able to delete them manually.

If you are not sure whether you can delete such files, you can confirm this by looking at the Date Created in the containing folder. If the file is only few days old and it is not a system file, then you may delete it. If you are unable to do this, retry it in Safe Mode (restart and press F8 to display the Startup menu - then select Safe Mode).