Removal Process

Need Help on Malware Removal? No Problem!

Now that you know what you’ re up against, what do you do next? Will it be costly? What software should you use?

Malware can be a tricky foe, so never go against it without a backup!

Always make sure you have an available computer backup aside in case the situation gets worse. Make sure your important and personal files are safely backed up online or extracted from the computer for safe measures!

With that done, you might consider investing in some software to tackle the malware.

Although this is an option, paying for your solution is not necessary!

There are hundreds of free solutions available online! Also, your computer may already have useful software installed!

If you have an antivirus solution installed (which you should), it might be able to help!

Once everything is installed, set and ready, you can begin the removal process.

By continuing, you do so at your own risk.

RYM’s Removal Tips

1) Consider reinstalling your antivirus

Any malware on the computer may have corrupted or disabled your existing security solutions. It might be wise to uninstall and reinstall your antivirus solution to make scans more reliable.

2) Disconnect the computer from the internet (optional)

If you’re certain that all your solutions are up-to-date,  you should take your computer off the internet. Bear in mind that some solutions require an active internet connection, so be prepared in case you need to reconnect at any point.

3) Consider going into Safe Mode

Go into “Safe Mode” by holding F8 at your computers start-up screen (before the operating system start-up screen) to remove the threats. This will prevent malware from interrupting the removal process and help to avoid damaging the computer.

If you need an internet connection, go into “Safe Mode with Networking”.

If you cannot go into safe mode, see Step 8 – Use a Rescue Disk.

4) Check for Adware

You should check for existing Adware that might affect the removal process or clutter up the computer.

Use “AdwCleaner” to detect and remove Adware: www.bleepingcomputer.com/download/adwcleaner

5) Scan for Malware

You can scan for malware by using an anti-spyware program.

RYM recommends that you use at least two of these anti-spyware solutions:

– Malwarebytes Anti-Malware – www.malwarebytes.org

– Hitman Pro – www.surfright.nl/en/hitmanpro

– SUPERAntiSpyware – www.superantispyware.com

– Emsisoft Anti-Malware – www.emsisoft.com/en

Do a full scan for each solution you use.

If you can, change the programs settings so that it detects potentially unwanted programs (PUP’s). If you have correctly backed up your system and important files, you can remove any malware found.

6) If asked, Reboot!

If you’re asked by the solution, reboot to remove anything left behind.

Once the computer restarts, do a quick scan with the same software you used.

If malware is still detected after three anti-spyware scan, move on to the next step. Otherwise, activate your antivirus and reset/reinstall your browser(s).

7) Check for Rootkits (Advanced)

If malware is still detected, it is possible there is malicious rootkit activity in the system. By this point, you have several options:

– Use the solutions you’ve used to find and follow the directory of where the malicious software is being found. You might be able to remove the malware manually. Take care when deleting files believed to be malware, as the directory may lead to a corrupted system file.

– Use another anti-spyware program to try to remove the problem.

– Find a tool online specifically designed to remove the malware on your system. Make sure you trust the solutions you download!

– Ask a professional for help. Call your security product providers support-line (if they have one), or create a thread in a security forum about the problem.

– Restore your computer to a backed up state or to its factory default settings to undo possible damage and remove malware. Make sure that ALL of your personal files and folders are backed up to prevent data loss.

– Use a rootkit scanner to tackle a possible rootkit infection.

By doing this, you do so at your own risk. It is recommended you are assisted by an advanced user or an expert to give a final say on what to do if rootkit activity is detected.

Available Rootkit Scanners:

Malwarebytes Anti-Rootkit: www.malwarebytes.org/products/mbar/

GMER Anti-Rootkit: www.gmer.net/

Kaspersky TDSSKiller: usa.kaspersky.com/downloads/tdsskiller

8) Use a Rescue Disk

If you own an empty USB or CD/DVD, you can make a Rescue Disk.

Download the rescue disk of your choice and place the files onto your USB or CD/DVD. Insert the storage device into your computer and restart the computer. You should be taken to a screen that allows you to run the Rescue Disk.

You can find specific guidance for running the rescue disk of your choice online.

The rescue disk prevents malware from starting on the computer by booting the recovery disk instead of the infected hard drive. The rescue disk includes several scanners and tools which can remove the inactive malware.

Available Rescue Disks

– Kaspersky Rescue Disk: support.kaspersky.co.uk/viruses/rescuedisk

– HitmanPro.Kickstart: www.surfright.nl/en/kickstart

– F-Secure Rescue Disk: www.f-secure.com/en/web/labs_global/removal-tools/-/carousel/view/142#

– COMODO Rescue Disk: www.comodo.com/business-security/network-protection/rescue-disk.php?

– AVG Rescue Disk: www.avg.com/us-en/avg-rescue-cd-download

9) Ask for help on a Forum

If your computer is still infected, you should create a thread on an online security forum. You should ask an available professional about Combofix.

Combofix is a command prompt based malware scanner. The scanner checks for known malware and tries to clean any infections it finds.

Combofix is a very powerful program that should never be used without professional assistance! Misuse can lead to permanent computer damage!

Recommended forums:

– bleepingcomputer.com

– www.geekstogo.com

– www.malwareremoval.com

–  www.whatthetech.com

– www.wilderssecurity.com

– forums.majorgeeks.com

10) Restore your Computer

If malware is still active and unable to remove, then you should consider restoring your computer with a backup or to its “Factory Default” settings. This will overwrite the hard disk, remove the malware and allow you and your computer to start-a-new!

——————————————————————————————————————————————————————————————–

After Removal

Now that the malware has been removed, you should reinstall or activate your antivirus (if you haven’t already). If you use a browser other than Internet Explorer, uninstall them and reinstall them, or consider using a different browser.

You can download browsers that are designed to be more secure than your usual browser:

COMODO Dragon – www.comodo.com/home/browsers-toolbars/browser.php

COMODO IceDragon – www.comodo.com/home/browsers-toolbars/icedragon-browser.php?

Bitdefender Safepay – www.bitdefender.co.uk/solutions/safepay.html

You should use a utility program to remove junk files and remnants of malware from the registry! This may help to speed up your computer.

Also, you should defragment your hard drive to remove errors and improve your computer’s performance.

RYM recommends that you use “CCleaner” and “Defraggler” to clean up and defragment your computers hard drive(s) – www.piriform.com.

An optional solution you can use is “TFC“, a temporary file cleaner – www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer.

——————————————————————————————————————————————————————————————–

By this stage, your computer should be safe to use. Congratulations!

For advice on how to keep your computer malware free, check out RYM’s Network and Computer Security page!

(Please note that I do not own the rights to any of the pre-mentioned websites or software. I am neither the creator or owner of any of the specified websites or software).