Malware Removal

The following  is a personal guideline for using tools I use to clean-up an infected computer. I don’t always use all the tools, depending on the level of infection. Following that is a  list of most of the tools I use, which are links to where you can get them.

General Instructions

Before doing anything, try using System Restore to go back to a Restore point prior to the infection. Tap the F8 key when system is starting up and choose “Safe Mode” from the menu you are given, for a better chance at it working. In many cases System Restore has been Disabled or Corrupted by the Malware, but it may not have been so it’s worth a try. Whether System Restore  works or not, these are the steps to do next. Some may fail but continue down the list if that happens.

otherwise:

 

    1. First, download D7, either on the infected PC or on another one you can copy to the infected PC from.
    2. Next, right-click on the d7.exe executable file and run as administrator.
    3. Click on the malware Tab in the program and then select the “Delete Temp Files (All)” selection and wait til it finishes deleting your temp files.
    4. At this point I uninstall any AntiVirus the computer had, Install AVIRA Antivirus, Spybot Search And Destroy, SuperAntiSpyware, and MalwareBytes. If any of them don’t install,(Malware sometimes prevents them) I install Trojan Remover, Hitman Pro, SmitFraudFix, Roguefix, and Combofix and run them all (in Safe Mode if nothing else). This usually fixes the problem, although at times Renaming the install file and/or the executable program file for MalwareBytes has been necessary to get it to install and run. Hopefully AVIRA, Spybot Search and Destroy, SuperAntiSpyware and MalwareBytes will all be able to install and run now… sometimes for hours, be patient until they are all done. Reboots will be likely after they are all finished.
    5. This has worked for me almost 100% of the time, but in the unlikely case that It does not, for whatever reason, I will use the Ultimate Boot CD for Windows ( Another Topic for another day ) to rid the computer of malware. If using that does not work,  and saving the PC as it was prior to infection is important enough, I have had great success with the AVG Antivirus Live CD. It has even helped get a computer unable to boot so that I could boot it. Additionally I will run HiJackThis and attempt to identify each and every process running on the computer and using google to search for what is good and what is bad, and the steps to eliminate each and every malware process. This can be a long process, and usually I will resort to a Repair Install of the Windows operating System, as it will be much quicker and more reliable. In the end, I have a stable operating system that I am confident is malware free when I am done with this step.
    6. After the malware is gone, things may not work just right. Windows Updates is often disabled or not working correctly, Internet connectivity may be lost, and the registry is sure to be a mess. So to cure these things, I run Advanced System Care, Dial-a-Fix ( Windows 2000/XP only ), and Eusing Registry Cleaner. With  Advanced System Care I choose all the options except Defrag. With Dial-A-Fix I choose all the options, although with IE8 there will be error messages, and Eusing Free Registry Cleaner I run 3 times, as you should any registry cleaner.
    7. In a nutshell, everything is done and should be working. Any further problems created by the malware I would have to research and fix independently. As a last “check” I always run HijackThis, if I haven’t already done so, and have one of the online HijackThis log file checkers scan through it and look for known malicious processes. One good one is at http://hijackthis.de/ .
    8. After all this, I run Spyware Blaster and immunize the PC with it. In addition I immunized earlier with Advanced System care, and would now immunize with Spybot Search and Destroy. Each one will add some known malicious websites that the other 2 don’t, and prevent you from getting infected there.

Good Luck and Happy Malware Hunting!!

  1. EndItAll2– Stops unnecessary processes from running, including malware slowing down the computer.
  2. Anti-Malware Toolkit – Batch downloader of many of the following tools.
  3. Glary Utilities – Cleaner/Optimizer – Cleans up Hard Drives of unnecessary files, making malware scans faster.(CCleaner can also be used for this, available in the above Anti-Malware Toolkit ) Glary Utilities also include a batch uninstall for programs you want to uninstall, a very safe registry cleaner, and a registry defrag tool among many other things.
  4. Combo Fix – Instructions and Download Links for this Malware Remover
  5. SmitFraudFix – Malware Remover
  6. SuperAntiSpyware – Malware Remover
  7. MalwareBytes – Malware Remover
  8. Roguefix – Malware Remover
  9. Vundofix – Malware Remover
  10. Norman Malware Cleaner – Malware Remover
  11. Hitman Pro – Malware Remover
  12. Trojan Remover – 30 Day Free Trial – Malware Remover
  13. The Avenger – Malware Remover
  14. Gmer – Rootkit Detector and Remover
  15. Spybot Search & Destroy – Spyware Remover
  16. Spyware Guard – Free RealTime Malware Detector…not fully tested with Vista
  17. AVG- Antivirus – Nice Free Antivirus
  18. Avira Antivirus – Best Free Antivirus when you don’t need email scanning
  19. A-Squared Free – Free Antivirus/Antispyware Software
  20. Advanced System Care – Cleaner, Optimizer and Malware remover
  21. Dial-a-fix – common Windows Problem Repair Tool, especially for fixing Windows Updates problems created by malware. ( Only use on XP )
  22. Eusing Registry Cleaner – Cleaner for Registry and Temp Files
  23. Spyware Blaster – Immunizes against spyware-not a cleaner.
  24. HijackThis– Creates a logfile for in Depth analysis of running processes on your computer..
  25. Kaspersky Online Scanner – Online Virus Scanner
  26. BitDefender Online Scanner – Online Virus Scanner
  27. Housecall – Trend Micro’s Online Virus Scanner
  28. ESET Online Scanner – Online Virus Scanner
  29. F-Secure Online Scanner – Online Scanner
  30. BlackLight – F-Secure’s Rootkit Eliminator
  31. EasyClean – F-Secure’s Malware Cleaner
  32. F-secure Rescue CD –  Bootable CD for Virus Removal
  33. DRWeb Live CD – Live CD for Virus Removal
  34. ClamWin Portable AntiVirus – Antivirus you can scan from your flash drive
  35. CounterSpy – 15 day Trial Malware Remover
  36. Vipre – 30 Day Trial Antivirus / AntiSpyware
  37. CWShredder – CoolWebSearch Browser Hijacker Remover
  38. DRWeb Cureit – Virus/Malware Cleaner
  39. FreeFixer – Malware Scanner/Remover
  40. MSN Cleaner – Removes MSN threats from PC’s
  41. Panda Anti-Rootkit – Rootkit remover
  42. Sophos Anti-Rootkit – Rootkit Remover
  43. Mcafee’s Stinger – Standalone remover of certain Viruses
  44. Kaspersky’s Virus Removal Tools – Specific Virus Removal Tools
  45. Threatfire – AntiVirus Supplement from PCTools

If you would like to purchase Malwarebytes, you can do so at Malwarebytes Checkout.

If you would like to purchase Super-Antispyware, please do so with the Super-Antispyware Checkout.