This guide will help you remove malicious software from your computer. If you think your computer might be infected with a virus or trojan, you may want to use this guide. It provides step-by-step instructions on how to remove malware from Windows operating system. It highlights free malware removal tools and resources that are necessary to clean your computer. You will quickly learn how to remove a virus, a rootkit, spyware, and other malware.
Disclaimer: This malware removal guide is intended to be used as a self-help guide. It is not a substitute for professional malware removal.
I recommend that you back up all your important data before attempting to perform the malware removal process. In the event of a system failure, you will be able to restore your data. Do not back up any system files, programs (.exe), or screensavers (.scr) because they may be infected with malware.
Notes:
- In some cases, the only way to remove malware is to reformat and reinstall Windows.
- Save or bookmark this page so you can easily refer to it if needed. Add bookmark = Ctlr + D
Preparation for Removal
Note: If you are having problems downloading files, download the files in this guide on another computer, and then transfer them to the infected computer with a CD or USB flash drive.
1. Can't Open Programs / Can't Connect to the Internet
2. Fix Internet Connection Problems
Certain types of malware will turn on an Internet proxy server and hijack Windows DNS cache, which can prevent you from accessing the Internet or downloading tools required for malware removal. Follow these instructions to fix this problem:
Fix Internet Connection Problems
Certain types of malware will turn on an Internet proxy server and hijack Windows DNS cache, which can prevent you from accessing the Internet or downloading tools required for malware removal. Follow these instructions to fix this problem:
Download and open MiniToolBox - Download here - Homepage
Select the following boxes: Flush DNS, Reset IE Proxy Settings, Reset FF Proxy Settings If you have Firefox open, close it before you click Go. It will open a log with the results. You can close the log.
Removal Process
Note: If you experience any problems after removing the malware, skip down to Fix Post-Disinfection Problems.
Step 1 - Scan for and Remove Rootkits
A rootkit is malware that hides itself from detection of antivirus software. Most rootkits will install other malware, redirect Google search results, or prevent files from opening.
Kaspersky TDSSKiller is an effective rootkit removal tool that is easy to use. The scan takes less than a minute to complete.
Follow these instructions to use TDSSKiller:
When TDSSKiller opens, click Start scan. If the scan finds nothing, click Close to exit. If malware or suspicious objects are found, just click Continue. Don't change any settings. It may ask you to reboot the computer to complete the rootkit removal process (save or bookmark this page).
Note: If TDSSKiller won't open, download and run FixTDSS from Symantec. If FixTDSS won't open, After you complete the steps, try opening TDSSKiller again.
Step 2 - Scan for and Remove Malware
Many malware removal tools will scan for and remove different types of malware, but unfortunately none of them are capable of detecting 100% of malware. Therefore, it's important to use more than one tool to find and remove all the malware.
The free tools listed below are highly recommended for removing all types of malicious software. They do an excellent job at detecting threats and completely removing them. The scans for each tool should take only 5 to 10 minutes, but it may be longer or shorter. The scan time depends on your computer and the number of files you have on it.
Important notes:
- Make sure the malware scanners are up to date before you scan with them.
- Do not use your computer for anything else during the scan.
- Do not run more than one scan at a time.
- You may need to restart your computer to complete the malware removal process (save or bookmark this page).
Unselect the box that says, "Enable free trial," and then click Finish. Perform a quick scan. Once the scan is complete, click Remove Selected to remove the malware from your computer (see image below). Make sure that everything is selected.
Note: If Malwarebytes won't update, download and run the offline database installer.
Download and open HitmanPro - Download here (32-bit), (64-bit) - Homepage It requires no installation.
When HitmanPro opens, click the Next button. Select the second option that says "No, I want to perform...," and then click Next. Once the scan is complete, click Next. Click Activate free license, and then click Next to remove the malware.
Note: HitmanPro requires Internet access to detect malware. If you can't connect to the Internet, scan with Dr.Web CureIt.
Step 3 - Scan for and Remove Adware
Adware is software designed to show you advertisements. Although most adware is harmless, it can also be used for malicious purposes. Adware can hijack your web browser and redirect you to websites. It will typically change your Internet homepage and install a web browser toolbar.
AdwCleaner is an effective adware removal tool that is easy to use.
Download and open AdwCleaner - Download here - Homepage
When AdwCleaner opens, click the delete button. Restart your computer.
Common adware threats: searchnu, babylon toolbar, claro search, mywebsearch, conduit search, incredibar, bProtector
After the Removal Process
Note: If you are in Windows safe mode, you can start the computer back to normal mode.
1. Remove Temporary Files
By removing your temporary files, you will delete any remaining malicious files from Windows temp folders. It will also free up hard disk space, which will help to speed up your computer.
Note: If your desktop icons are missing, skip this step and go on to Fix Post-Disinfection Problems.
Once installed, simply click the Run Cleaner button at the bottom right. You are warned that CCleaner is about to permanently remove files from the system. Click OK to proceed.
2. Change All Passwords
Certain types of malware will steal your personal data such as passwords, emails, and banking information. Change all your passwords immediately, especially if you do any banking or other financial transactions on the computer. Password Strength Checker
3. Clean up System Restore
Your system "restore points" may contain malware. The only way to remove the malware is to delete the restore points. To delete the restore points.
Note: If you're not experiencing any problems that are listed below, skip down to the Conclusion.
Fix Post-Disinfection Problems
After the malware is removed, you may experience problems with your computer, such as problems with Windows Firewall, system performance, and Internet connectivity. Fortunately, there are simple ways to fix these problems.
1. Can't Connect to the Internet
2. Fix Windows Update and Firewall
When Windows Repair opens, click the Start Repairs tab. Click Start. Unselect all the boxes except for the following five:
- Reset Registry Permissions
- Reset File Permissions
- Repair WMI
- Repair Windows Firewall
- Repair Windows Updates
Then click Start. Once it's finished, restart your computer.
3. Programs and Files Won't Open
4. Bing/Google Search Redirects (Random Websites/Ads)
First, clear your Java cache. Malware remnants will frequently hide in the Java cache.
If clearing the Java cache doesn't work, uninstall and reinstall your web browser. If that doesn't fix the problem, your computer is likely still infected with malware. Follow the instructions below in the Get Expert Analysis section.
5. Desktop Icons are Missing
Certain types of malware will hide all the icons on your computer. To unhide your icons, download Unhide.
Once downloaded, double-click on Unhide and allow it to run. It will remove the hidden attribute on all icons and attempt to restore the Start menu items to their correct location.
6. Slow Computer
7. Other Problems
Visit the following websites for more information:
- Microsoft Fix it Solution Center
- Re-Enable: a tool that can undo many changes made by malware.
Get Expert Analysis
If you want to be certain that your computer is completely cleaned or just want a second opinion, you can create a topic at one of the forums listed below and ask for help. These forums have people who are well trained and experienced in removing malware. Be sure to mention in your topic that you followed this guide. Please note that it may take a couple of days to receive a reply, so be patient. Note: You will need to register for a forum account to create a topic.
Free support forums: Bleeping Computer, Geeks to Go, What the Tech, Tech Support, MalWare Removal, TnT
Free support forums: Bleeping Computer, Geeks to Go, What the Tech, Tech Support, MalWare Removal, TnT
If Windows won't start or if the computer won't start in safe mode, I recommend using an antivirus rescue CD. An antivirus rescue CD allows you to scan an infected computer without having to start Windows. Many antivirus companies provide free rescue CDs. They are extremely effective at removing malware from a computer.
Below are three highly recommended antivirus rescue CDs. I recommend using Kaspersky Rescue Disk.
Kaspersky Rescue Disk (270 MB) - How to create and use Kaspersky Rescue Disk
Avira Rescue CD (250 MB) - How to create and use Avira Rescue CD 
Dr.Web LiveCD (230 MB) - How to create and use Dr.Web Live CD- Burn the antivirus ISO file onto a CD using CD burning software.
- Insert the CD into the infected computer's CD-ROM drive.
- Go to the computer's BIOS, set it to boot from the CD, and restart the computer.
- Scan for and remove malware using the rescue CD.
If the rescue CD doesn't work, follow the instructions mentioned above in the Expert Analysis section.
Conclusion
Your computer should be completely cleaned of all malware after following this guide. If you believe your computer is still infected, seek professional help to remove the malware.
Common Malware Threats
Many computer users encounter the following malware threats:
- Fake antivirus: Win 7 Defender, Win 7 Antivirus Pro, File Restore, System Progressive Protection
- ZeroAccess rootkit (Google redirect virus) Removal tools: Yorkyt by Panda or FixZeroAccess by Symantec
- TDSS rootkit (aka Tidserv, Alureon)
- FBI MoneyPak ransomware (Citadel reveton)
- ZeroAccess rootkit (Google redirect virus) Removal tools: Yorkyt by Panda or FixZeroAccess by Symantec
- TDSS rootkit (aka Tidserv, Alureon)
- FBI MoneyPak ransomware (Citadel reveton)
No comments:
Post a Comment