Virus and Malware Removal Instructions

by **Abdulla** 12th April 2015, 9:22 am

For anyone who has a virus, trojan, or any kind of malware, before posting a new thread, please do the following:

Safe Mode

Several times throughout this process you will be required to restart your computer into Safe mode. Do this by repeatedly tapping F8 while your computer is starting up. Choose the "Safe Mode with Networking" option. If you have previously downloaded the required files to a USB stick or your computer, select the "Safe Mode" option. For many users, "Safe Mode" is the better choice and will prevent your infected computer from infecting other computers on your network.

Before you continue.....

Download and install Mozilla Firefox. This is so that when you are downloading the programs below, you do not arouse the malware to what you are doing! Once you have downloaded and installed Mozilla Firefox, remove your computer from your network. The safest method to achieve this is to simply remove the network cable. As you may need to connect to the internet at times during your disinfection, another option is to remove any other device from your network.

Also go through your all programs list (in Start>Control Panel>Add or Remove programs) or (Start>Control Panel>Programs and Features in vista) and remove anything that you have not installed, and anything that looks suspicious and is not published by a well known company. You can find out the publisher by clicking the "Click here for support information" link when the program is selected.

Another thing to note is you don't have to do all the scans if you don't want to. They are time consuming, and may seem rather pointless but trust me – if you do all these scans and your system is not clean, then you really need to reformat! Wink

Disable System Restore

As an optional step, you can Disable System Restore – go into Control Panel>System>System Restore tab>Disable System Restore on all drives>OK. System Restore can sometimes help with Malware problems, however in recent times Malware has become system restore aware so often restoring will not remove the malware.

Useful applications

There are a number of useful applications you will either rquire or greatly desire to assist in cleaning your infected system. A number of these are listed below:

Autoruns for Windows
Avast! anti-rootkit
CCleaner
DrWeb CureIT
Hitman Pro
Malwarebytes Anti Malware
Process Explorer
Sophos Anti-Rootkit
SuperAntiSpyware

Apart from the last entry, all of these programs can be installed in safe mode. If you have a friend with a CD or DVD burner, get them to download the most recent versions of the tools listed above and burn to a CD or DVD for you.

Run CCleaner

CCleaner will remove all temporary files and web history on your system and will make these scans run faster. On installation, de-select all options except "Add Desktop Shortcut" and "Add Start Menu Shortcuts". Open CCleaner and click "Run Cleaner".

Run MalwareBytes Anti Malware

MalwareBytes Anti-Malware will clean your hosts file of spurious entries often added by viruses and other malware. After installation, open it and click the "More Tools" tab. Under "FileASSASIN" click Run Tool. In the Window that pops up, navigate to C:\WINDOWS\system32\drives\etc and double click on "hosts". Repeat the above process, however navigate to C:\WINDOWS\system32\drivers\etc and double click on "lmhosts". Restart your computer, update MalwareBytes, then restart your computer in "Safe Mode with Networking".

Install Hitman Pro

Hitman Pro will require an active internet connection so you may need to reboot in Safe Mode and select the "Safe Mode with Networking" option prior to running this program. Run a full scan with Hitman Pro before re-opening MalwareBytes and doing a full scan of all your local drives.

Install SuperAntiSpyware

Install SuperAntiSpyware, update it and then run a full scan of all your local drives.

Run DrWeb CureIT

As DrWeb CureIT does not need to be installed, once you have downloaded the latest update you can run it directly.

Run the avast! antirootkit tool

Many malware infections also infect your file system in such a way that it allows full access to your computer. This is known as a "rootkit" and the avast! anti-rootkit tool is very helpful in removing these infections. Be sure to close all programs when running this tool, otherwise strange things may happen. Unfortunately, it is not compatible with 64-bit systems.

Remove your current anti-virus program (optional)

If you are unhappy with your current anti-virus you can remove your current anti-virus tool by going into Control Panel>Add or remove programs (Control Panel>Programs and Features in vista). If it is Norton, you will need to use the Norton Removal Tool

Install Microsoft Security Essentials (optional)

If you are unhappy with your existing antivirus and do not wish to pay for one Microsoft Security Essentials is probably the best free choice. If you don't have an antivirus installed it will also appear in the Optional Updates section of Microsoft Update.

Disable any untrusted Internet Explorer add-ons

Chances are that after cleaning your system, there will still be some adware addons loaded into Internet Explorer. Go to Start>Control Panel>Internet Options>Programs>Manage Add Ons. Disable any that you haven't explicitly installed – Some trustworthy authors are:

Microsoft Corporation
Sun microsystems
Adobe Systems Incorporated
Google Inc
Apple Inc

Your clean machine...

Even though you have cleaned your machine of malware and viruses, it is wise to not trust your computer in the future. While anti-malware and anti-virus authors work hard to ensure they capture all known viruses and malware, reality means that this is just not possible. Virus and malware authors are plentiful and very persistent and this means that you may still have an undiscovered infection on your system. Frequent scanning and using due diligence when downloading and installing programs should be practiced to limit your chance of future infection.

Ensure you have an anti-virus program installed and running and that the most important step is followed; UPDATE the program regularly. While Internet Explorer is getting better, many infections target this browser. A simple change to Mozilla Firefox, Opera or Google Chrome will reduce your chances of infection. If your browser claims that your computer is infected, a wise question to ask yourself is "How does a website know you are infected?" If you cannot answer this question, chances are that the website is attempting to get you to install malware or a virus.

By using a multi-prong approach to keeping your system clean you will have a better chance of achieving this result. If you download something for the internet, check it with your virus scanner (install two and keep them both updated if need be) to ensure that it is what you expect. Be cautious of which websites you visit and what you download. Consider purchasing Deep Freeze or a free alternative such as Returnil. These programs operate similar to System Restore and return your system to the state it was before you install a program.

Mon	Tue	Wed	Thu	Fri	Sat	Sun
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31