How to Remove Malware DIY Guide
For more detailed information please read my article here.
Do you find that your computer has been running slower than usual? Do you find that there are more and more pop-ups on your screen? If so, your PC might be infected with a virus, spyware of other malware. Even if you have an antivirus program installed on your computer, you can still have issues. Other problems, such as hardware issues can produce similar symptoms it is best to check for malware in case you are not sure. For the DIY type people out there, here is a quick overview of how to remove most malware, hijacks, adware, spyware, viruses, Trojans, rootlets and other things that sound scary. This guide is given to you with no warranty and support. There is risk to doing it yourself but if you wish for someone with years of experience to handle the process for you then call the Nashville Computer Guru at 615-332-2844 for onsite removal at $80. $299 for Geek Squad to do the same.
Step 1: Enter Safe Mode
Keep your PC disconnected from the Internet, and don’t use it until you’re ready to clean your PC. This can help prevent the malware from spreading and/or leaking your private data.
If you think your PC may have a malware infection, boot your PC into Microsoft’s Safe Mode. In this mode, only the minimum required programs and services are loaded. If any malware is set to load automatically when Windows starts, entering in this mode may prevent it from doing so.
To boot into Windows Safe Mode, first shut down your PC. Locate the F8 key on your PC’s keyboard; turn the PC on; and as soon as you see anything on the screen, press the F8 key repeatedly. This should bring up the Advanced Boot Options menu; there, select Safe Mode with Networking and press Enter. You may find that your PC runs noticeably faster in Safe Mode. This could be a sign that your system has a malware infection.
Also it is a good idea to run a System File Checker, open a command prompt and type in sfc /scannow
This will check the core Windows files for any corruption or patched files and return them to the natural state. You may need your windows disk for this.
Step 2: Delete Temporary Files
Now that you’re in Safe Mode, you’ll want to clean temporary files, cookies, etc as some malware hides in the temp folders. I recommend CCleaner for that. I would use CCleaner to run a general cleanup, then a registry scan, then I also use that to look at startup files and browser extensions. Doing this may speed up the virus scanning, free up disk space, and even get rid of some malware. To use the Disk Cleanup utility included with Windows, select Start, All Programs (or just Programs), Accessories, System Tools, Disk Cleanup.
Step 3: Download Malware Scanners
Now you’re ready to have a malware scanner do it’s work–and fortunately, running a scanner is enough to remove most infections. If you already had an antivirus program active on your computer, you should use a different scanner for this malware check, since your current antivirus software may have not detected the malware. Remember, no antivirus program can detect 100 percent of the millions of malware types and variants.
There are two types of antivirus programs. You’re probably more familiar with real-time antivirus programs, which constantly watch for malware. Another option is on-demand scanners, which search for malware infections when you open the program manually and run a scan. You should have only one real-time antivirus program installed at a time, but you can keep a few on-demand scanners handy to run scans with multiple programs, thereby ensuring that you’re covered.
If you think your PC is infected, I recommend using an on-demand scanner first and then following up with a full scan by your real-time antivirus program. Among the free / or free trial programs I use.
I first use AdwCleaner – (french programmer) excellent for browser hijacks and adware
http://general-changelog-team.fr/en/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner
next run Malwarebytes – highly recommend buying the PRO version
http://www.malwarebytes.org/mwb-download/
also run TDSS Killer – rootkit detector
http://support.kaspersky.com/us/5350#block1
for the tough malware – Hitman Pro (FBI moneypak virus you must use this program)
http://www.surfright.nl/en/downloads
in the end I run Hijack this and remove anything that says Internet Proxy Override and BHO that says no file.
http://www.filehippo.com/download_hijackthis/
for a good free or paid antivirus I recommend AVG Free
http://free.avg.com/us-en/free-antivirus-download
Step 4: Run a Scan With Malwarebytes (best single program for malware removal)
For illustrative purposes, I’ll describe how to use the Malwarebytes on-demand scanner. To get started, download it. If you disconnected from the Internet for safety reasons when you first suspected that you might be infected, reconnect to it so you can download, install, and update Malwarebytes; then disconnect from the Internet again before you start the actual scanning. If you can’t access the Internet or you can’t download Malwarebytes on the infected computer, download it on another computer, save it to a USB flash drive, and take the flash drive to the infected computer.
After downloading Malwarebytes, run the setup file and follow the wizard to install the program. Once installed, Malwarebytes will check for updates and launch the app itself. If you get a message about the database being outdated, select Yes to download the updates and then click OK when prompted that they have been successfully installed.
Once the program opens, keep the default scan option (‘Perform quick scan’) selected and click the Scan button.
Starting the scan in Malwarebytes.
Though it offers a full-scan option, Malwarebytes recommends that you perform the quick scan first, as that scan usually finds all of the infections anyway. Depending on your computer, the quick scan can take anywhere from 5 to 20 minutes, whereas the full scan might take 30 to 60 minutes or more. While Malwarebytes is scanning, you can see how many files or objects the software has already scanned, and how many of those files it has identified either as being malware or as being infected by malware.
If Malwarebytes automatically disappears after it begins scanning and won’t reopen, you probably have a rootkit or other deep infection that automatically kills scanners to prevent them from removing it. Though you can try some tricks to get around this malicious technique, you might be better off reinstalling Windows after backing up your files (as discussed later), in view of the time and effort you may have to expend to beat the malware. If Malwarebytes’ quick scan doesn’t find any infections, it will show you a text file containing the scan results. If you still think that your system may have acquired some malware, consider running a full scan with Malwarebytes and trying the other scanners mentioned earlier. If Malwarebytes does find infections, it’ll bring up a dialog box warning you of the discovery. To see what suspect files the scanner detected, click the Scan Results button in the lower right. It automatically selects to remove the ones that are known to be dangerous. If you want to remove other detected items, select them as well. Then click the Remove Selected button in the lower left to get rid of the specified infections.
Removing infections in Malwarebytes.
After removing the infections, Malwarebytes will open a text file listing the scan and removal results; skim through these results to confirm that the antivirus program successfully removed each item. Malwarebytes may also prompt you to restart your PC in order to complete the removal process, which you should do.
If your problems persist after you’ve run the quick scan and it has found and removed unwanted files, consider running a full scan with Malwarebytes and the other scanners mentioned earlier. If the malware appears to be gone, run a full scan with your real-time antivirus program to confirm that result.
Step 5 – For the really tough malware infections
Run a Hitman Pro virus scan (free for 30 days)
http://www.surfright.nl/en/downloads/
Dr. Web Live CD or the cure it program
http://www.freedrweb.com/cureit/?lng=en
This will often find stuff left behind as well as gets rid of tough malware.
With any other questions or to have a professional computer repair technician work on your computer, contact Nashville Computer Guru today and set up an appointment: 615-332-2844.