The number one computer repair i perform is malware (malicious software) removal. It comes in many forms: virus, trojan, worm, spyware, scareware, rootkits… the list goes on. My last post on this topic was a little outdated and unclear so i figured i would start from scratch on the steps i take to perform this chore. These methods are by no means full proof and the only guaranteed method is replacing your machine with a new one.
-Machine is still operating but appears to be infected:
1: Less severe infections like adware and scareware (ads or a program that try to convince you to purchase their product) can be removed by doing a system restore and performing scans. This is not always the case because the system restore files can also be infected, cross your fingers. On Vista and Windows 7: Click the start button and type “System Restore” in the search box and click enter. Choose an earlier date before the infection occurred and let the program do its work. On XP: Click on the start button->Help and Support->Type “System Restore” in the search box.
2: Next we will perform scans to make sure the malware is gone. Using another computer, download (free) scanning tools to a USB drive or CD. Download the program (do not install), go to your downloads folder, and click and drag the program (.exe file) to your removable device (USB stick, CD, etc.) I recommend SuperAntiSpyware, SpyBot, and Malwarebytes.
*Optional: Run CCleaner beforehand to speed up scans
3: Before we run the scans we must boot into Safe Mode. To do this: restart the machine, tap f8 when it is starting back up (this works on most computers, if not Google your model along with “how to safe mode”), and select “Safe Mode”. The resolution will look odd but stick with me. Plug in the USB stick/ put the CD in the tray and run the installation of the scanning programs. The rest is pretty self explanatory; run the scanners, wait until they are finished, and remove any malicious items that are found.
-Machine freezes or does not boot into Windows
1: Using another computer, download (free) scanning tools to a USB drive or CD. Download the program (do not install), go to your downloads folder, and click and drag the program (.exe file) to your removable device (USB stick, CD, etc.) I recommend SuperAntiSpyware, SpyBot, Malwarebytes, AVG, and Avast.
2: Before we run the scans we must boot into Safe Mode. To do this: restart the machine, tap f8 when it is starting back up (this works on most computers, if not Google your model along with “how to safe mode”), and select “Safe Mode”. The resolution will look odd but stick with me. Plug in the USB stick or put the CD in the tray and run the installation of the scanning programs. The rest is pretty self explanatory; run the scanners, wait until they are finished, and remove any malicious items that are found.
-Machine will not boot into safe mode/ Infection cannot be removed with previously shown methods.
1: Using another computer, download the Avira Rescue Live CD ISO here: http://www.avira.com/en/support-download-avira-antivir-rescue-system.
Once the download is finished, take out a blank CD/DVD and put the disc in the tray. In Windows 7: double click the ISO file to burn to disc. For XP and Vista I recommend using ImgBurn. Once the file is burned to the disc: restart your machine and tap F12 (this works on most machines, if not Google your model along with “how to boot to CD/DVD”), select boot from CD/DVD. Once Avira starts up, click on the British flag in the bottom left hand corner to change language. Next we want to make sure configuration is set to remove infected files and check the box that says to change the name of the file if it cannot be removed. Once that is done we can run the scan. The scan will take a long time so let the machine sit and do its job. Once the scan is done feel free to skim through the log and take note of files that were removed or renamed. Reboot the machine and hopefully windows boots up. If not, follow the directions below.
–This process can also be done by making a bootable USB device with Avira
*I have left out a very powerful program called ComboFix. In my opinion it is for more advanced users because of the destructive problems it can cause. Here is a guide if you are interested.
-The above directions didn’t work
Malware can do very destructive things to a machine and mess with a ton of settings that are exhaustive to troubleshoot. Instead of wasting a ton of time on this I recommend starting from scratch by reformatting your hard drive and re-installing the operating system (Windows). Hopefully you have all your files backed up, if not try using a Live CD like Ubuntu to recover them. This is a great time to upgrade the operating system if you want to. If not, find the installation disc that came with your machine or purchase one. Restart the machine and tap f12 to boot from the CD/DVD drive and follow the step-by-step installation process.
Feel free to comment below if any of the steps above are not clear.
*Side note: for an always running anti-virus program i recommend Microsoft Security Essentials (FREE). Make sure to uninstall your previous anti-virus program before installing because they can conflict with each other and cause problems.
