Home

Someone's Malware Removal Guide

Thu, 07/03/2008 - 09:21 — JonathanT

 

If you think your computer is infected with malware, you can follow these instructions to check that your computer is clean. Malware includes viruses, trojans, spyware, adware, keyloggers or other intrusions that damage a system, tries to steal financial data, or other such malicious behaviour. Common symptoms of malware are popup ads on your desktop, programs you did not install appearing, redirection to particular pages when you open your browser, changes in system or browser settings such as your browser home page, or general sluggishness.

The safest way to clean your computer is to reinstall your OS, but this is quite time-consuming and all your data and settings will be gone (unless you have backed it up beforehand). You can also revert back to previous images from image-backup software (such as Acronis True Image, Norton Ghost, ShadowProtect or Paragon Hard Disk Manager). However, malware might have already infected your computer when your image was made, so this is also not foolproof.

If you have valuable data, you should back it up to removable storage, but also scan the disk for malware after you scan your computer.

Remember, no security product can detect/remove ALL malware.

Use a rescue disk if your computer cannot boot into Windows or your security programs cannot install/scan/remove. I recommend you choose one antivirus, both of the anti-malware and at least one anti-rootkit. Boot into Safe Mode by repeatedly pressing F8 on startup and then download all your chosen security programs, update, scan, and remove any malware they find.

1. Rescue Disks (one)

AntiVir Rescue System

F-secure Rescue CD

BitDefender 2008 RescueCD

2. Anti-virus (one)

Avira AntiVir Personal

If you already have a real-time anti-virus, select custom install and uncheck "Enable Guard". This will make it an on-demand scanner.

Go to Configuration, check Expert mode at the top of the screen, then:
Scanner, Scan, Archives, tick Scan Archives and All Archives Type
Scanner, Scan, Heuristics, Win32 Detection, change it to High Detection Level

Run a rootkit scan and then a full scan.

Avira AntiVir Personal Edition main screen

Kaspersky AVP Tool

Kaspersky AVP Tool main screen

Dr. Web CureIt!

Dr.Web CureIt! main screen

3. Anti-malware (both)

SUPERAntiSpyware Free

Go the Preferences, Scanning Control, Scanner Options:

Un-check all except for the bottom six (Scan Alternative Data Streams to Display Scan Option in Explorer Context menu), "Scan for tracking Cookies", and "Resolve Links/Shortcuts during scan (.Ink)"

SUPERAntiSpyware Free main screen

Malwarebytes' Anti-Malware free

Malwarebytes' Anti-Malware main screen

4. Anti-rootkit (at least one)

Panda Anti-rootkit               

Panda Anti-Rootkit main screen

F-secure Blacklight

F-Secure BlackLight main screen

Trend Micro Rootkit Buster

Trend Micro Rootkit Buster main screen

Sophos Anti-Rootkit

Sophos Anti-Rootkit main screen

5. Hijack This

If you still feel your computer is infected then scan with this. However, this is an advanced tool and you should just scan it, post the results on a malware cleaning forum, and wait for help.

There are many forums which have experts to help clean your computer by analysing HijackThis logs. Some of the forums are:

WhattheTech

Bleeping Computer

Gladiator Security Forum

CastleCops

Geeks to Go

SpywareInfo

Smokey’s Security Forum

A great site with a lot of information on how to remove specific malware is Bleeping Computer.

HijackThis main screen

6. System Restore

Now that the computer should be functioning, disable System Restore and enable it again. This is to stop malware which hides itself in System Restore Points. To do this in Windows XP, go to:
"Start" menu > right click on "My Computer" > "System Properties" will show up > click on the tab "System Restore" > click on "Turn off System Restore on all drives" > click "Apply" > click on "Turn off System Restore on all drives", this should de-select it > click "OK".

System Restore in Windows XP

That’s it!

Related Topics

 This category is maintained by volunteer editor JonathanT. Registered site visitors can contact JonathanT by clicking here.

Bookmark/Search this post with:
#1Submitted by Anonymous on Fri, 08/22/2008 - 11:42.

Thanks ! Way to go what a wonderful set of tools. Keep up the good work, Just waht I was looking for all in one spot.

#2Submitted by JonathanT on Fri, 08/22/2008 - 12:08.

Thanks!

#3Submitted by JonathanT on Fri, 07/04/2008 - 01:41.

Hi

Thanks for the information of AntiVir Rescue System.

Kaspersky AVP Tool is an anti-virus. I think it uses their version 7 engine.

#4Submitted by Anonymous on Fri, 07/04/2008 - 11:22.

But it is not a full featured AV, like KAV or KIS, right?

#5Submitted by JonathanT on Fri, 07/04/2008 - 11:30.

Hi

No, it only has on-demand scanning and is not very configurable. I think it's mainly for cleaning up systems with malware.

#6Submitted by Anonymous on Thu, 07/03/2008 - 22:06.

I wouldn't recommend Antivir Rescue System to anyone because it renames files that cannot be disinfected: you have big chances of getting your system unbootable. What does this Kaspersky AVP Tool do, is it a specific anti-malware removal tool?

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <b> <address> <blockquote> <br> <caption> <center> <code> <dd> <del> <div> <dl> <dt> <em> <font> <h2> <h3> <h4> <h5> <h6> <hr> <i> <img> <li> <ol> <p> <pre> <span> <strong> <sub> <sup> <table> <tbody> <td> <tfoot> <th> <thead> <tr> <u> <ul> <tr>
  • Lines and paragraphs break automatically.

More information about formatting options