Viruses/Spyware/Malware Removal Guide

[kimsland]

Viruses/Spyware/Malware Removal Guide

Note:

• This Guide is intended for members who wish to clean their computers of Viruses/Spyware/Malware infections
• This Guide is designed as a first steps in cleaning your computer, and should not be used as a one stop fix all
• Users doing online banking, or who have sensitive data on their systems, may prefer to backup/reinstall clean

Many known Viruses; Spywares and Malware issues, may have a removal tool already available on the Net
If you are are aware of the specific infection(s) name, please search Google for the removal tool (if exists)
To install and run all the free tools below, your User Account should have Administrator privileges
To confirm if you are an Administrator privileged account holder, click on Start > Run > control nusrmgr.cpl
Note: Vista and Windows 7 come with "User Account Control" (UAC) You can read more about this HERE
Final Note: Before running the free updated program scans listed below, please disconnect from your Network/Internet
This will reduce the possibility of any further Malwares from being installed on your computer (during the scan process)

> Antivirus:
Your present single installed Antivirus software program, must be fully updated online (if possible)
Complete a full scan with your (fully updated) Antivirus software, and remove all found Viruses
If you are not using any Antivirus software you should download/install/update one immediately
Here are two recommended free Antivirus programs, to choose from:

• 
  
• 
  Avira free Antivirus
  
  
  • Direct 32Bit link
    >>
  http://dlce.antivir....personal_en.exe

• 
  Avast free Antivirus
  : (Note: you must also
  >>
  Register Avast
  )

If you cannot download or update your Antivirus, you can also do an online scan with Kaspersky scan HERE

> Temp Files:

Generally if a computer is infected, so are the many temp files located in many areas on your system

Removing these temp files is best done through one of the many cleaners on the Net, I recommend:

• CCleaner. Direct link here >>

http://www.ccleaner....loadbinportable

> AntiMalware:

Whilst many Antivirus programs also include AntiMalware removal, it is still strongly advised to scan with a specialized removal tool

• Malwarebytes. Direct link here >>

http://www.malwareby.../mbam-setup.exe

Once Downloaded and Installed, make sure to fully update Malwarebytes, or run the Manual Update file

Complete a QUICK scan, Once the scan is completed, remove all found malwares at the end of the scan

> AntiSpyware:

As above, it is still strongly advised to scan with a specialized AntiSpyware removal tool

• SUPERAntiSpyware. Direct link here >>

http://downloads.sup...AntiSpyware.exe

Once Downloaded and Installed, make sure to fully update SUPERAntiSpyware, or run the Manual Update file

Complete a full scan, Once the scan is completed, you may need to restart your computer to finalize the removal

> Further Specialized Malware Removal Tools:

Combofix

• • • You are advised to read the Combofix Instructions

HERE before using this specialized program
Your Antivirus software must be disabled before running a scan. Combofix download link HERE
After downloading and starting Combofix you will be given warnings and accepting to continue questions
Your Desktop may temporarily disappear during the scan (this is normal) Your clock settings may change as well
Allow Combofix to run a scan (usually lasting approximately 10mins) Your system may also restart once finished
Combofix will automatically save the log file to C:\combofix.txt, which may need to be attached to a new topic

RIES

(

R

eset

I

nternet

E

xplorer

S

ettings)

Even if you use another browser, RIES can

still

help.

This is because Internet Explorer is part of Windows itself.

RIES will

reset

all Internet Explorer's settings, and:

• All Internet temp files are removed
  
  
  All extensions are disabled (Toolbars, Browser Extensions, and Browser Helper Objects)
  
  
  All ActiveX controls are restored

IE8 Users can run the MS Fixit tool:

IE7 users can view the Video on how to Reset IE

HERE

Startup Control Panel

This program is useful in removing known Windows startup

shortcuts

(not the program itself)

This program is preferred over Windows MSconfig (a diagnostic utility

only

)

You can read more on why not to use MSconfig to disable Windows startups

HERE

Read more about Startup Control Panel

HERE

. Direct download

HERE

There is also another (much better, but extremely critical in use) program

HERE

You are advised to only use Startup Control Panel though

JavaRa

JavaRa removes old and redundant versions of the Java Runtime Environment (JRE)

It can also check for newest Java Runtime Environment (JRE) updates, and remove autostart update and icon entry

Read more about JavaRa

HERE

. Direct download

HERE

HijackThis

HijackThis on its own cannot remove Malware. It is designed to show support users certain settings in your computer

You are advised to read the warnings and excellent tutorial

HERE

. HijackThis direct download link

HERE

Support members may ask for a HJT "logfile", which can be provided by clicking on:

Do a system scan and save a logfile

> Restart

One more point of interest is Windows Updates. Once your system is clean, I highly recommend doing all MS Updates

This will help keep your Windows usage more secure online, and will likely keep you updated with Windows improvements

Hopefully, your system will be fully cleaned of any Viruses / Spywares / Malware from performing all of the above

Note that you can also perform most scans in Windows Safe Mode (accessed by pressing F8 key at system startup)

If you still require help in removing bugs, please create a new topic in the Software Discussion & Assistance forum

Also include what the fault is, and what steps you have already taken to resolve it. Good luck. and surf safe :)

This topic to be used as an initial removal guide only, it may not resolve all Virus/Malware infections on your system

[Yusuf M. Veteran]

Great guide! May I recommend adding Spybot-S&D? It's a great anti-spyware tool that works well with removing and preventing spyware infections. Best of all, it's 100% free and updated quite frequently.

[billymayshere]

In my experience Spybot S&D is bad at removing malware. Malwarebytes seems to be the best software package out there.

If you have multiple computers, it's also a good idea to scan the drive in a different system. It's especially useful for rootkits.

[TYT]

I have a PE install of Windows XP on a bootable CD, which I then use to boot the computer and scan the HDD with portable tools from a thumb drive. Very useful when files like winlogon.exe are compromised and the infection can't be cleaned because the file is in use.

[powerade01]

Avira and Avast? :laugh: I suggest fixing that because it ruins a (IMO) great guide.

[Yusuf M. Veteran]

Avira and Avast? :laugh: I suggest fixing that because it ruins a (IMO) great guide.

I'd love to know why it "ruins" the guide. And don't mention any anti-virus software that isn't free because that's the point here.

[kimsland]

Hm I wasn't assigned to my own guide!

Anyway, to answer the above

Spybots is not good

Avira is the best, and its what I use (I put Avast for an alternative free Antivirus ;))

The PE bootCD will not repair Registry (malware) entries

And I still have Edit rights on the Guide, but find it presently perfect :) But I'm open for friendly debate

[PermaSt0ne]

RIES (Reset Internet Explorer Settings

Startup Control Panel

SUPERAntiSpyware can do both of those, and reset MANY more settings back to default. all you have to do is go to the "tools" tab. it's why i think it's the #1 malware cleaner over MBAM

[kimsland]

Thanks PermaSt0ne

Yes they all have extra abilities, including CCleaner

Best still to follow each step one at a time (I also put them in order ;) )

Note SUPERAntiSpyware on its own will not be enough

[soldier1st]

super antispyware and malwarebytes together are very good but spybot does not have the edge it used to have.i do not recommend it these days but super antispyware and malwarebytes i do.

[ROM3000]

super antispyware and malwarebytes together are very good but spybot does not have the edge it used to have.i do not recommend it these days but super antispyware and malwarebytes i do.

Should they be used together, or can I get by by picking one? If you had to choose, which would you? Thanks.

[mikeaag]

Should they be used together, or can I get by by picking one? If you had to choose, which would you? Thanks.

you could get by with just one of them, but you are of course better off if you use both of them. if you only wanna use one i would pick malwarebytes myself as i find it just a tad bit better than super antispyware.

[soldier1st]

Should they be used together, or can I get by by picking one? If you had to choose, which would you? Thanks.

i would choose malwarebytes if i had to choose between them. but it would be better to use them together.

[Panacik]

Isnt it a bit risky to use two antispyware programs? Unless they are not both running real time that is... i am not sure as i dont use any on my machine (and never been infected either).

I know running two antivirus software is not recommended, so im guessing using two antispyware programs is not a good idea either.

[kimsland]

That's ironic, I have never thought of that.

Certainly you can only have 1 Antivirus installed (with live protect) at any one time

This is because if a Virus is found one Antivirus will try to move it to the quarantine folder. Just at the same time, the other Antivirus will see a Virus being moved to some strange folder and then try to move it to its quarantine folder. Basically an endless loop.

But with Antispyware most tech boards recommend running minimum 2 AntiSpyware/Malware programs (by the way, I run none as well, but I do start them up and scan (updated) every now and then)

I think this "2" Antispywar/malware programs comes from having 2 different scanners, ie where one scans for Spyware (specifically speaking) and one scans for say Trojans (only) Mind you, both being Malware.

I think this is the reason why users need to scan with one at a time. Antivirus first (that may contain some Antimalware scanning too. Then scan with another program, such as Malwarebytes, and therefore if Malwarebytes finds an infection, at least the Antivirus program won't jump in (ie its already done its full scanning)

But, (your question) What if there are 2 running together? (at the same time) As requested by most Virus/Malware removal forums.

There is some relief though. A full manual scan of any live protecting AntiMalware program will in actual fact repair/remove infections at the end of the scan, therefore passing by any other live protecting scanner already, that also may have removed the infection already, therefore no concern either way (and it follows the above guide ;) )

But (again) 2 live Antimalware programs running together (not under manual scan) That hypothetically find the same infection, and then both try to remove the infection (at the same time) can be a concern :/ Similar to AntiVirus programs (if two were incorrectly installed together)

You know, I've never had that issue. I suspect that one of them would win the battle (but they may not)

I might be missing something, but this does sound like a concern (even though we talk about installing different detection scanners) ?

At least the guide works ;)

Edit:

I think I worked it out

When 1 Antimalware finds a detection it will ask you first what to do.

Therefore allowing you to decide on allowing only 1 Antimalware detection to be moved (usually renamed) into its quarantine folder

By the pausing and asking by both Antimalware programs, both (hypothetically) at the same time. Will allow 1 option only by user input

That will work, therefore having 2 Antimalware programs installed at the same time, is still ok :)

Thank goodness for that !

Edited July 22, 2009 by kimsland

[Panacik]

The reason you cant have 2 antivirus programs with realtime protection is because when one scans an active file, the other will scan it because the other one has activated the file, this doubling on the CPU and HDD time and even possibly RAM.

I believe this would be the same for realtime protection on antispyware...

[ROM3000]

Coming from Ad-Aware, MalwareBytes seems to be much lighter on resources and scans much quicker. A definite keeper. Thanks fro the recommendation guys. :)

[Jack 0Neill]

I prefer the guide found here: http://wiki.lunarsoft.net/wiki/PC_Cleanup

The Anti-Malware Toolkit goes along with it really well.

[tom01]

Meh

Comodo should be up there to be honest. The way you can block processes, stop things escalating with Defense+ makes it perfect for cleaning up! The detection rate isn't brilliant but I use Malwarebytes to sweep up!

Plus it's free.

[kimsland]

I prefer the guide found here: http://wiki.lunarsoft.net/wiki/PC_Cleanup

The Anti-Malware Toolkit goes along with it really well.

There are no download links for any of the tools (except online Antivirus scan) !

Therefore that guide is not good. Unless you want users to go searching or something?

Please note there are many guides on the web, I have tried to simplify and give the best possible free tools above

Meh

Comodo should be up there to be honest. The way you can block processes, stop things escalating with Defense+ makes it perfect for cleaning up! The detection rate isn't brilliant but I use Malwarebytes to sweep up!

Plus it's free.

Comodo is a firewall, it also has a seperate free Antivirus (they basically wanted to get into this market about 6 months ago)

Unless you are talking about the paid version: Internet Security?

I only quote free tools (including the download links) as above

Note: No one needs to pay for anything to go through this guide

Thanks for the input though, but both of above are not required

[tom01]

Comodo is a firewall, it also has a seperate free Antivirus (they basically wanted to get into this market about 6 months ago)

Unless you are talking about the paid version: Internet Security?

No, your confused. Comodo Internet Security is 100% free. Their is not Comodo Firewall or Comodo Anti Virus. Just Comodo Internet Security with the option to install either component.

http://www.comodointernetsecurity.com/

[kimsland]

Doh ! My mistake :/

[+jamesyfx Subscriber²]

MalwareBytes' Anti-Malware is the most effective in my experience. Spybot S+D shouldn't even be considered for download anymore. It's lost it's edge.

[Jack 0Neill]

There are no download links for any of the tools (except online Antivirus scan) !

Therefore that guide is not good. Unless you want users to go searching or something?

Please note there are many guides on the web, I have tried to simplify and give the best possible free tools above

You must not have read the guide. They say to use the Anti-Malware Toolkit to get those apps.

So you can reread and try them:

Anti-Malware Toolkit

PC Cleanup

Anti-Malware Toolkit on the wiki.

[kimsland]

I had a better look, and even downloaded the program and apps and updates

I updated Malwarebytes (from Anti-Malware Toolkit "Download" folder created on my Desktop)

Then started Malwarebytes, and did a manual update and I got another 2.4 meg download (and higher revision defs)

Even so.. Yes the program looks good at downloading these programs and updates to one central location

Also it seems I was not subscribed to this Neowin thread again (luckily I was just checking it)

I read somewhere that you automatically unsubscribe after a month (I believe) Which I'm not all that happy with