How to remove malware - LIKE A BOSS!

in #steem-help8 years ago (edited)

Introduction

With the recent news around crypto-viruses and social media numbers increasing exponentially, it's only going to be a matter of time that you will get hit by some type of malware.

In this article I'm going to explain how to get rid of malware from your Windows PC, like a Boss! I have over 25 years experience with PCs and run my own PC Support company. I have successfully removed 1000's of items of malware using the following steps.

It's not a quick process and there are a number stages to getting a clean PC again. If you follow all of these carefully, you should have a malware-free computer with adequate protection against further attacks.

The best thing about the software in this guide, is that it's all FREE! Even the anti-virus sofware I recommend has a free version and is perfectly adequate for home use. 

I have provided links at the bottom of this page to all the tools I use. I suggest you download them all now and put them on a USB or CD labelled "Virus Recovery" so that you're not panicking when you do get infected!

I do assume some level of PC literacy for this guide and you may need the following for a successful removal

  • A copy of your Windows installation CD. This is to copy any corrupted files over.
  • Your Windows Administrator account password. To enable the hidden Windows Administrator account in Windows 7, 8 or 10; click here
  • Be comfortable using a DOS / CMD prompt window.

 The Stages

  1. Determine if it's malware or something physically wrong with your PC
  2. Get your PC ready to start the removal process
  3. Start the removal using the tools I recommend
  4. Check the PC is really clean
  5. Install adequate anti-virus software to prevent further infections
  6. Update and scan regularly!

Stage 1 - Determine the problem

Before you start panicking and reaching for your USB stick  / CD you made earlier (you did take my advice, right?), you may not have malware installed. It could be a hardware issue or a corrupted operating system. If your computer won't switch on or doesn't display anything on your monitor, then it's unlikely to be malware. Even a slow running PC isn't an automatic sign of an infection, it could be down to lack of resources or an impending hard drive failure. 

This handy guide will take you through some of the basic hardware troubleshooting methods to help you find out if it is hardware causing your problem

It's not hardware, what now?

Malware tends to affect the operation of Windows or its components, e.g. Internet Explorer or Task Manager. However, if you are seeing weird pop-ups on your computer screen or are being re-directed to Internet pages that you've not requested, then there's a chance you've been hit. Here's a handy list of behaviours that may indicate a malware infection:

  • Your web browser has lots of toolbars present that you don't remember installing
  • You get redirected (sent) to seemingly random web pages when trying to search Google
  • Your browser home page has changed to a non-standard search engine
  • You cannot open Task Manager, Regedit or other system related programs
  • You get strange messages from the system tray saying that you've got thousands of infections on your computer and install this magic software to remove it (this itself is a form of malware)
  • Your computer wallpaper has been changed with some kind of warning message
  • As soon as you open any browser your computer starts running really slowly
  • You cannot use Explorer to browse files correctly or you get an error message when trying to open malware removal tools

If your PC is showing any of the above symptoms then you should really look to perform a full malware removal by following this guide.

Stage 2 - Preparing your PC for removal

Ideally you should be able to run all of the tools in Normal Windows mode -  ie the day-to-day "look" Windows. When you start the removal process you should try to run some of the scanners / tools in Normal mode but if you can't then read on... 

Some of the more sophisticated pieces of malware will prevent you from running some of the tools I list below. Also, your computer may be so bogged down with malware that it's just not physically possible to run anything in Normal Windows mode. 

If this is the case then you need to put Windows into a special mode called "Safe Mode", or more accurately "Safe Mode with Networking". This is a cut-down view of Windows which prevents much of the standard features, including malware, from running.

How do I get into Safe Mode?

There is a great article from ESET here that shows you how to get your computer into Safe Mode with Networking. Just choose the correct procedure for the version of Windows you have installed and you should be all set.

Stage 3 - Removal

This stage can take a very long time - I'm talking hours... It depends on how bad your infection is, how much data you have on your hard drive and other factors. I tend to kick each scanner off and then leave it running until completion whilst doing something else, like writing articles for steemit!

Scanner 1 - TDSSKiller from Kaspersky

The first scanner we will run is TDSSKiller from Kaspersky. This scanner tries to detect rootkit viruses on your PC. Rootkits are particularly nasty and difficult to remove as they are designed to behave as a normal Windows process. TDSSKiller is very effective at detecting and removing these, so we will install this first.

  1. Click on this link to download TDSSKiller directly. 
  2. You should save the file to your desktop
  3. Double-click the downloaded file and click on "Start Scan"
  4. The scan will start and if any infections are found they will be listed in the screen
  5. If threats are detected then you will be given options to remove them. 
  6. Click on the continue button and the threats will be removed
  7. You will need to restart the computer to complete the process

Scanner 2 - Malwarebytes AntiMalware (MBAM)

This scanner has been around for some time and is very effective at detecting and removing Trojan Horse, Potentially Unwanted Programs (PUPs) and other rogue software

  1. Download MBAM from here (you will be sent to the product page and download the free version)
  2. Once downloaded, double click on the program to install it.
  3. Accept all the defaults (you can choose to remove the tickbox for the trial PRO version)
  4. You may get asked to update the program and / or database. Allow this to happen.
  5. Once available, click on the Scan Now button and the scan will start.
  6. The scan may take anywhere up to an hour to complete as it checks system files, processes, user data, registry and even does "heuristic" checks to look for unknown malware using pattern matching
  7. Once scan is complete you may be presented with a list of the threats found.
  8. Ensure that there are ticks next to all the malware item you want to remove and then click on "Remove Selected"
  9. All the malicious items will be removed by MBAM and again this may take a few minutes to complete. 
  10. If prompted, you should restart your PC and allow the clean-up to continue
  11. Once you receive the successful removal dialogue box, this phase is complete

Well done for getting this far, your computer should already be running a little better.

Scanner 3 - AdwCleaner

This scanner specialises in removing AdWare (hence the name!) from your computer. AdWare is the annoying pop-up type adverts you get when connected to the Internet. They are not as malicious as some malware but they are still an irritation and slow your computer down considerably.

  1. Download AdwCleaner by click here and then by clicking on the download button
  2. Save the program to the desktop and then double-click to run it once downloaded
  3. Click on the Scan button
  4. AdwCleaner will now scan your files and registry and other items for infections
  5. If anything is found, the Clean button will be enabled.
  6. Click on the Clean button and allow AdwCleaner to works its magic.
  7. It may ask you to close all programs or reboot the PC. Click on OK to allow this.
  8. Once you get the message that the clean is complete, you are done with AdwCleaner

Scanner 4 - Zemana AntiMalware

Zemana is a cloud-based scanner and employs the use of a number of scanners to detect malware threats such as rootkits, trojans and keyloggers. It's a good final check to see if there's anything else hanging around that the other scans haven't found.

  1. Download the Zemana installer by clicking here and selecting download
  2. Save the file to your desktop and then double-click to open it
  3. Click on Next and allow the software to install
  4. Once complete, click on Scan and let the scan begin
  5. Zemana may scan for the next 10-20 minutes but once complete you will get a window showing any remaining infections and your options to clean them
  6. Click on Next to remove the malware and if a reboot is required, allow it to happen

Bonus Optional Extra Stage

You may need to perform this stage if your browser still isn't working correctly. Some hijacking malware puts the browser in such a bad state that you have to reset back to defaults. CAUTION: You may lose favourites, cookie data, etc when performing these steps.

Click on this link to find out how to reset your browser settings

Stage 4 - Am I clean?

By now, there's a very strong chance your PC will be clean. At this stage I usually run MBAM again (see scanner 2 above) and it should come back clean. If there are any remnants of malware, allow it to remove them and then scan again. 

Congratulations!

Your PC should now be free of all malware and your browser should be working as normal. 

Stage 5 - Are you adequately protected?

As mentioned at the top I have used these steps hundreds of times and they usually result in a faster and more stable PC. The key now is to keep your PC free of all the nasties out there. There are plenty of free anti-virus products and here are a few that I recommend  - I'm not affiliated with any of them.

Download and install one of these programs. You should not install more than one anti-virus product. It will severely reduce the performance of your PC and may put it in an unstable state.

Stage 6 - Update and scan

Once you have anti-virus installed you should set a regular scan schedule ie daily or weekly depending on the value of your data.

You should also ensure the updates are being applied regularly. I've seen it on numerous occasions where anti-virus software has been installed but has not been updated. Around 400,000 malicious files are released DAILY!

I always like to run MBAM once every two weeks, just as a second opinion. It doesn't take too long and it's a good piece of mind that everything is good.

Further Help

Feel free to leave any comments or feedback below. I'll try and reply to each query individually but it may take some time to get back to you.

Useful Links

Here are links to useful tools and websites I regularly use when fighting malware. Even if I've not been able to help you get 100% removal using the steps above, you can register at the site below and they will help you further, usually for free.

Software
TDSSKiller
MBAM
AdwCleaner
Zemana

Resources
Bleeping Computer

DISCLAIMER: I am not responsible for any loss of data on your computer if you choose to follow the steps in this guide. You should back up any sensitive / important data regularly to a external medium such as USB stick or Hard Drive. All the information below is given as advice only and I do not guarantee success.