That Nasty Pop-up Virus

I never did get that nasty pop-up virus from MGoBlog that some people were reporting, but I did get it from another source yesterday. Mine came in the form of "Antivirus Soft", which is a combo scam to try to get you to pay for their completely bogus anti-virus program, and download more spybots, adware, hijacks, etc onto your system. There are a few other variants out there, but they usually take a similar pattern. I thought I'd run through a quick overview and an easy way to remove it, if you have XP. A) You'll know if you have this virus or a version of it, because it will start throwing up tons of little pop up boxes that look like windows messages. "randomfilename.dll is infected with a virus. Would you like to start your antivirus program?" and the etcetra. You should know these are fake, because though they look real, that's obviously a completely ridiculous message. These are actually disguised messages trying to get the okay to perform functions that Windows requires a user okay to perform. Never click ok on any of these. B) You have the virus. Don't panic. It looks agressive with so many pop-ups, but as long as you don't do anything stupid, you'll be fine. Disconnect your computer from the internet. IF you have a hardware connection, pull it. If not, it's a little trickier because the virus blocks out some windows, but you should be able to. C) Reboot your computer to safe mode. Don't bother running your antivirus or any other programs yet. They won't find anything. Instead, run System Restore, and load your computer to the most recent restore point before you got the virus. This will not remove the virus, but it will defeat the registry values that allow it to totally screw with your system. Reboot to regular windows. Instead of virus boxes popping up every few seconds, you'll get a simple error box telling you a file is invalid, and then the program will work anyway. D) You should already have three programs on your computer. A good antivirus (Avast is free), Malewarebytes Anti-Malware and SuperAntiSpyware. If you don't, download these from a clean machine, and have them ready. I also recommend keeping the malwarebytes install file on your machine somewhere, because the virus will likely delete the executable for this program. E) Reconnect your machine to the internet. Run (or install and run) SuperAntiSpyware full scan, updating definitions first. Just click okay on each error message. When this process is complete, reboot. F) Either run Malewarebytes, or reinstall it (uninstall old version first) if mbam.exe is missing. Again, make sure you update the definitions first, and run a full scan. Reboot. G) At this point, you should no longer get any error messages. NOW, run your virus scanner, full scan, updating first. Avast or any other good virus scanner should find the last remaining files from the virus, usually two trojan.exe or .dll files files, which have been rendered mostly harmless and easily detectable by the removal of their associated files. H) Reboot once more. Your computer is now clean. No reformatting. No loss of data. No more than a few hours depending on hos fast your scans go.