Basic Malware Removal Guide   4 comments

Please read through this entire removal guide before starting, to avoid any mistakes. Things can and do go wrong. Proper Protection Prior to Infection avoids all this.

Computer and browser slowness are not always malware related

Slow PC? – Start here

Symptoms of a infected computer

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive. Disconnect the infected computer from the internet before transferring the files. This will cut the connection between it and the BotHerder@What is a Botnet?. When a computer is infected by Malware, it is being controlled by an actual person. The main goal by the Malware makers are to scam you out of money, steal your credit card information, spam/infect all your contacts, use your computer as a Bot and steal your email accounts. If you have been a victim of this, please contact your Bank ASAP about the possible fraud of your credit card, change your email passwords from a different computer and contact your Friends ASAP and advise them of what has happened so they can take the neccessary steps to protect their computer.

QUOTE:

“Computers in a botnet, called nodes or zombies, are often ordinary computers sitting on desktops in homes and offices around the world. Typically, computers become nodes in a botnet when attackers illicitly install malware that secretly connects the computers to the botnet and they perform tasks such as sending spam, hosting or distributing malware or other illegal files, or attacking other computers. Attackers usually install bots by exploiting vulnerabilities in software or by using social engineering tactics to trick users into installing the malware. Users are often unaware that their computers are being used for malicious purposes.”

Note:

If your computer is infected by any kind of Rogue/Ransomware DO NO CLEANING until the Removal is complete. Doing so could remove important Windows files/folders that have been moved or hidden by the Malware and cause you to reinstall the operating system.  Move to step 2

*****************************************

For Removal of Browser Hijackers, Please see HERE 

*****************************************

Added 10-14-12

Malware Families Cleaned by the Malicious Software Removal Tool

Two Steps that should be done before using ANY malware removal tool

No.1 Create a New Restore point

No.2 Back-up your registry with ERUNT

STEP No.1:

NOTE: At this time, The  Infected computer should be DISCONNECTED from Internet. You can transfer the files via a CD/DVD, external drive, or USB flash drive from a CLEAN Computer

Download ATF ing of Tmp Files & the Java cache
Screenshots

  • Close all open internet browser windows
  • Run ATF Cleaner user posted image by double clicking it.
  • Once the program opens, click the box next to Select All
  • Note: This will delete all cookies saved by sites that you have visited, so if you need to keep any cookies for automatic logins etc then uncheck the Cookies option
  • Once that’s all set click on the Empty Selected button and it will remove the temporary files from your system.
  • If you use Firefox or Opera browsers then click the appropriate button at the top of the program and delete the temp files from them as well following the same procedure.

STEP No.2:

Download Malwarebytes’ Anti-Malware, or MBAM, and save it to your Desktop:

  • Double-click mbam-setup.exe user posted imageand follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Update Malwarebytes’ Anti-Malware
  • Launch Malwarebytes’ Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • If it asks for a Restart DO SO, Very Important

What is the difference between the three scan types in Malwarebytes Anti-Malware?

Malwarebytes is the superhero of PC protection, but even superheroes need a little help every now and then. If you already have malware on your computer, it may prevent you from running Malwarebytes Anti-Malware. Their superhero sidekick, Malwarebytes Chameleon, can help you run their program on an infected system.
If the Malware blocks Malwarebytes’ Antimalware from installing, simply change the name on the installer(Before trying to install) to random numbers/letters(Example:R81fd76e) or what I use @FixThisNow. Once installed, remember to change the name back if it did not change back by itself.To open Malwarebytes Chameleon, Click Start>All Programs>Malwarebytes Anti-Malware>Tools>Malwarebytes Chameleon and follow the same instructions as indicated

Quote:
“Just click on the first button below and see if it runs. You’ll know it’s working if a black DOS window appears, Checks for updates(Let it run even if it does not update), slays malicious programs, and then starts Malwarebytes Anti-Malware. If the first button doesn’t work, try the next one. If that one doesn’t work, just keep trying until you find one that does! Then use Malwarebytes Anti-Malware as you normally would to run a Quick Scan and remove the malware.”

How to Use Chameleon

If Malwarebytes’ Is not installed see this link:

Chameleon Gets Malwarebytes Anti-Malware Installed and Running

Tutorials and Troubleshooting

NOTE: For Optimine settings for PUP”s

  • Open the Settings Tab
  • Open the Scanner Settings Tab
  • Under Action for potentially unwanted programs (PUP), click the arrow and change to:
  • Show in results and check for removal

NOTE:Malwarebytes’ Anti-Malware is just what it says, an anti-malware scanner. It is intended to supplement an anti-virus program, not replace it. If you do not have a antivirus software installed, here are a few Free antivirus software’s:

STEP No.3:

Now please download SUPERAntiSpyware and save to Desktop

  • Once downloaded, close all programs and Windows on your computer, including this one.
  • Double-click the icon on your desktop named SUPERAntiSpyware.exe. This will start the installation. Keep following the prompts in order to continue with the installation process.
  • Please select your language you want the program to use and then press the OK
  • You will now be prompted to update the SUPERAntiSpyware definitions. Please press the Yes button to allow the program to download and install the latest updates
  • After the definitions are updated, the welcome screen for SUPERAntiSpyware will appear.
  • When you get to the screen asking if you would like to send the diagnostics, you can choose to allow it to or not. Either choice will have no affect on the effectiveness of its malware scan. When you get to the last screen, click on the Finish button.
  • You will now be prompted if you would like SAS to protect your home page. If you select the Protect Home page option, SUPERAntiSpyware will alert you if another program is trying to change your browser’s home page. Click Yes
  • Then you will be at the main screen for SUPERAntiSpyware. Click the Preferences button, then Scanning Control tab, and put a checkmark in the following options
    • Close browsers before scanning.
    • Scan for tracking cookies.
  • Now press the Close button to go back to the main screen.
  • Click on the Scan your Computer… button to begin the scanning process. You should select the Perform Complete Scan option and then press the Next button to start scanning your computer.
  • When the scan is finished a screen will appear showing the summary of what was detected. You should click on the OK button to close the summary screen box and continue with the removal process.
  • You should now click on the Next button to remove all the listed malware. If it displays a message stating that it needs to reboot, please press the Yes button to allow it to do so. VERY IMPORTANT to DO
  • Click the Repair Tab after the restart if any issues still remain and SAS will atempt to fix them.

Tutorials and Troubleshooting

STEP No.4:

Alternative Scanners that can also be used

Hitman Pro

Dr.Web CureIt!

ESET Online Scanner as a clean-up scan to remove any leftover’s

  • Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start again
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan and wait for the scan to finish

STEP No.5:

Download Ccleaner for a good clean-up, save to Desktop

  • Close all open internet browser windows
  • Double click on the ccsetup file user posted imageto start the installation of the program.
  • Select your language and click OK, then click Next.
  • Read the license agreement and click I Agree.
  • Click Next to use the default install location. Click Install then click Finish to complete installation.
  • Double click the CCleaner shortcut user posted imageon the desktop to start the program.
  • On the Windows tab, under Internet Explorer, uncheck Cookies if you do not want them deleted. (If deleted, you will likely need to re-enter your passwords at all sites where a cookie is used to recognize you when you visit)
  • If you use Firefox or any other Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.
  • Click on the Options icon at the left side of the window, then click on Advanced. uncheck Only delete files in Windows Temp folders older than 24 hours.
  • Click on the Cleaner icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: In Windows XP it is not recommended that you use the Registryfeature unless you are very familiar with the registry as it has been known to find legitimate items for removal, which can cause issues with other programs. In Windows Vista and Win 7 these issues have been fixed.
    • NOTE: Ccleaner during a Registry Clean-up will offer a Back-up of the Registry. Click Yes at the prompt. Default location of the Back-ups are in USER NAME/DOCUMENTS
  • After CCleaner has completed its process, click Exit.

CCleaner Tour: Using and Understanding CCleaner

Piriform Community Forum

STEP No.6:

  • NOTE:Only done when computer is in fact clean

  • NOTE:System Restore is NOT to be used as a virus removal as many of todays Rogue’s/Malware infect System Restore when loaded onto a computer
  • NOTE: Do NOT turn System Restore off prior to starting this removal process. If a mistake is made, System Restore may be the only way to fix what has been done without reinstalling the operating system
  • Turn System Restore Off
  • Restart Computer
  • Turn System Restore On
  • Create New Restore Point

See below for instructions on how to use System Restore.

XP

VISTA

WINDOWS 7

A great tool that can be used to scan your computer for outdated and vulnerable programs is the free Secunia Online Software Inspector program
When you scan your computer with this program it will display a report showing all programs and Windows updates that should be installed in order to fix security holes and vulnerabilities. It is advised that all users scan their computer with this program in order to prevent your computer from being infected again after you clean it.
How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector

This section is for those who are having Redirection of Web pages.

STEP No.1

  • Open Internet Explorer
  • Note: It MUST be Internet Explorer, not Firefox, Opera, Chrome or any other internet browser
  • Click on Tools at the top and select Internet Options
  • Note: If you do not see Tools, press the Alt key on your keyboard and it will show up
  • Click on the Connections tab
  • Click on the LAN settings button
  • Under Automatic configuration make sure that the box next to Automatically detect settings is checked, if it is not, then click the box next to it to check it
  • Click on the OK button to close the Local Area Network (LAN) Settings window
  • Click on the OK button to close the Internet Options window

NOTE: It may take several attempts to make this stick. If unsuccessful move to Step No.2

Step No. 2

Download Kaspersky’s Rootkit.Win32.TDSS Remover

How to remove a bootkit@TDL4

  • Complete instructions included in Links to Removal Tool

Malwarebytes’ Anti-Rootkit Beta

Alternative Solution

Kaspersky Rescue Disk 10

Windows Defender Offline       Or HERE

 

Windows Defender Offline  is not a replacement for a full antivirus solution providing ongoing protection; it is meant to be used in situations where you cannot start your PC due to a virus or other malware infection. It is a recovery tool that can help you start an infected PC and perform an offline scan to help identify and remove rootkits and other advanced malware. In addition, Microsoft Standalone System Sweeper Beta can be used if you cannot install or start an antivirus solution on your PC, or if the installed solution can’t detect or remove malware on your PC.

Screenshots/Note:  pics were taken when still in Beta

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Security Software,Online Scanners and Virus Removal Tools

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If all this has not Resolved your issues, then I suggest you ask for assistance at the following forums. A Trained EXPERT will assist you in cleaning your computer. Please only ask for assistance at one forum at a time

Bleeping Computer

Malwarebytes’ Forum

  • Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.
  • After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you’re alerted when someone has replied to your post.
  • One of the expert helpers there will give you one-on-one assistance when one becomes available.
  • Please refrain from making any further changes to your computer such as (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc…) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.

NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours.
Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you’re already being helped and thus overlook your post.

      o If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.

Or

      o You may send a Private Message to a Moderator asking for assistance.

NOTE:The 48 hr standard applies to both forums listed above

Other UNITE Removal Forums(Unified Network of Instructors and Trained Eliminators)

Geeks to Go
What the Tech
Malware Removal
HijackThis.nl
Security-X
SpywareHammer
Spyware Info Forum
Tech Support Forum
Clube do Hardware

Special thanks to: Bleeping Computer, Malwarebytes’, SUPERAntiSpyware, Attribune, Piriform, Microsoft, Secunia, ESET and Kaspersky
Statement from the Editor

Advertisements

Posted June 28, 2011 by Wide Glide

4 responses to “Basic Malware Removal Guide

Subscribe to comments with RSS.

  1. That not true that you have to use IE to scan you pc. I have whit chrome.

  2. The ESET Online Scanner works best in Internet Explorer. Please stick to the instructions given

  3. WG I can’t find where I put my last comment about Conduit!! Anyhow it was before I saw this page. Old fart here and I do things backwards. LOL. Found this page and used the Adware Removal tool. And it got the thing off my computer. Thanks WG. SWaT

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

All Things Equal

A fine WordPress.com site

Everything Anti-Malware!

Reviews, Step-by-Step Guides,Toolkits and News

TechNet Blogs

Malware Removal

SUPERAntiSpyware Blog

Malware Removal

Security Garden

Malware Removal

S!Ri.URZ

Malware Removal

miekiemoes' Blog

Malware Removal

Malwarebytes Labs

Malware Removal

Metallica's blog

About malware

Malware Removal

Opera News

Malware Removal

WordPress.com

WordPress.com is the best place for your personal blog or business site.

%d bloggers like this: