Malware Removal

I only use programs that are free for private use: if you find these tools helpful please donate to them to keep their projects alive. I would hate to see what kind of world it would be if not for the dedicated side/home developer. These men and women keep computing possible for the rest of us!

All links go to the individual product’s page. It is there that you can make your donation. (Its not like you’re having to spend > $50 at McAfee or Norton to clean your PC.)

 

Step 1     Unplug

Unplug the network cable or disconnect from WiFi until you make the time (up to a couple of hours of scan time) to clean the infection.

 

 

 

 

Step 2     Safe Mode

Restart the PC in Safe Mode (press the “F8” key while booting up and choose Safe Mode with Networking).

Step 3     Restore

Restore the PC to an earlier restore point before you had the infection (but not too far back a couple of days to a week before should be good.) Here are detailed instructions per operating system XP , Vista , Windows 7.  If successful you can continue in regular mode (if it didn’t work, I’d run the next tw0 programs in Safe Mode).

Tip: Before you start scanning, remove your temp files so the cleaning programs don’t have so many files to scan. If you don’t know how to do this by hand, the best program for the job is CCleaner.  If you don’t know what any of these options are then set yours up to look like this and click the “Run Cleaner” button. DONT TOUCH ANYTHING ELSE you could screw up your computer.

Step4     RKill.exe

First up for removal is a tool from BleepingComputer.com called RKill, download it HERE. Read the instructions very carefully. The Ad space is confusing, be careful to select the correct link.

 

Option 1 in the picture is to download the RKill.exe file. Some malware blocks the running of exe files so that’s where the other options come into play. Choose one of them if you cant get Option 1 to run.

RKill will stop any processes that are running, not just malware. If you have a program open that you need to save do so before running RKill.

RKill will provide you with a text pop-up report when it is finished. You will be able to see what processes it stopped. It only works against specific virus/trojans but regardless of success, I always run it first.

Step 5     ComboFix.exe

Download ComboFix.exe to your desktop. It must be run from your desktop. If it is not double-clicked and run from your desktop it won’t work properly. You should put it on your desktop first, then run it. (Build your own website if you dont like it:)

**Note**  If you weren’t able to restore to a previous date and are still working in Safe Mode. Run ComboFix once in Safe Mode, then switch back to Normal Mode and run again- from the desktop.

 Step 6     Malwarebytes.org

Malwarebytes.org has been THE goto application for Malware removal for years now. the work these folks do is incredible.

First step is to download from Malwarebytes.org – choose the Download now button. This will download a fully functional REMOVAL tool. Use the “Buy Now” button to add ongoing protection and removal functionality (highly recommended).

The final installation step is 2 check boxes, one to launch and one to update. Check both to update the virus definitions.

Then run the quick scan. With MWB there’s not a need to run the full scan, unless it makes you feel better, the quick scan looks everywhere you need.

If MWB finds nothing you’ll get a text pop-up detailing what it did not find. If there are results you’ll have a button at the bottom right of the window that says “View Results” click that, make sure everything on the list has a check mark and then click “Remove Selected.”

You should be done. There could be some icons on the desktop that remain- those can be deleted.

Step 7     Microsoft Security Essentials

**Note** Do not do a web search for this or any product on this page. Use the links found here. The “bad guys” use infected links on spoof pages to fool you into downloading infected software (or just to get you to go to a site that loads the virus).

http://windows.microsoft.com/en-US/windows/products/security-essentials <–This is the only link I’ll use to download it.

Install Security Essentials accepting all the defaults. There is a check box to opt out of sending Microsoft anonymous information about infections (Leaving this checked helps them update their virus definitions (Its a good thing for the community-you don’t want to hurt the community do you?))

After you install go to the settings tab and set it up to do a daily (recommended) or weekly (haven’t you learned your lesson yet) scan and this time set it to FULL. Unlike MWB, this needs to be a thorough scan.

If, at any time, you notice that the icon in the system tray (down by the time) turns any color other than GREEN, Click to open the program and push the big red or yellow button to scan or update.

    

If you think you may still have a virus you can go to the Forums at MajorGeeks.com and read through the “Sticky” posts at the top.

Say it