"Simple and Free Guide to Removing Malware?"
aford10 said:We often get questions on how to remove various malware. We get asked for help when someone's computer is acting funny. They are sure it isn't malware, because they've run regular scans. What people don't always realize, is there are some ways of scanning that are more effective than others. There are also some anti-virus software and some malware scanners that are more effective than others. I've seen some people desperate to remove malware, and are paying lots of money to some websites that are supposed to 'optimize' and 'clean' their computer.
I've cleaned up a lot of infected systems, and there are some real effective and free software out there that can clean up most any infection. Here's a simple guide to scan and remove malware. If you follow this guide step by step, you can clean up most any infected computer.
1. Boot into safe mode with networking. To do this, tap the appropriate function key repeatedly on startup. It's usually F8.
Once in safe mode with networking, download, install, and update Malwarebytes. Do a full system scan.
This is a great program that will detect and remove most any malware. It's very important to do this in safe mode with networking. There are far less services and programs running in safe mode, it's less likely that there will be an active infection running, that will suppress your malware scan. This is why people can run scans all day long, and never find anything. The malware is suppressing the scan before it even starts.
2. Download and run Combofix.
This is a powerful tool for removing malware. It runs several stages to systematically scan and purge any and all infections. This is a good way to verify that malwarebytes has removed everything.
Combofix doesn't run well on 64bit operating systems. So, if you have a 64bit OS, substitute Spybot Search and Destroy.
3. Download and install ccleaner. Use the registry tool to scan and repair all issues. You may need to run this several times to resolve all the issues.
This will attempt to repair any registry damage, inflicted by the malware. In addition to the registry tool, it has several other useful optimization tools to help keep your PC clean. There is also a nice uninstaller.
Any registry editing can be risky. If it makes you feel better, you can backup your registry before using this registry tool. However, this program is fairly conservative, and very reliable. I've never seen it cause adverse effects.
4. Install a quality anti-virus software.
There are a ton of different options out there. Some use more resources than others. Some catch and stop more potential threats than others. Some have optimization features. Some have annoying pop-ups. The choice here may vary from user to user. However, I'll list what I believe to be the best options, in my order of preference.
Microsoft Security Essentials
Avira AntiVir Personal - Free Antivirus
If your browser is being hijacked try CWShredder Thanks to 4Ryan6 for the suggestion!
If your computer won't boot into safe mode, create a bootable rescue disc, using this guide. You can remove most malware without having to boot into windows. Once done, I would recommend running through this guide, starting with step #1.
Thanks to Shadow703793 for this suggestion!
Once you have removed any and all infections, a good anti-virus software will help keep you from having to go through this again. However, if you need to remove an infection, just start at #1.
Thanks, for this aford10. Unfortunately, I have fallen at the first hurdle and can't boot into 'safe mode with networking' (neither is my disc-drive working; so creating a back-up copy on disc is not an option.) When I try to boot in safe-mode a blue screen flashes up (I don't have time to read what is on the screen) and then my computer restarts. Could you suggest an alternative method or suggest what may be stopping me from booting in safe-mode?
Hello and welcome to Tom's Hardware Forums.
Try again to boot into Safe Mode using the Function 8 key and this time, select "Disable automatic restart on system failure" from the menu. Doing that forces the system to stall at the blue screen so you can note the Stop Error message and post some of it back here.
We'd like to see the alpha-numeric 0x0000?? and ANY_WORDS_JOINED_UP by underscores. Malware doesn't often lead to a blue screen - most of it depends for its living on you being able to go online and pay them. Obviously you won't want to but stopping you is not in their interests.
Thanks, for your response, Saga. I tried what you have suggested, but it seems after pressing F8 one is only permitted to select one option from the list. When I select any of the 'secure-mode' options I get the expected outcome (blue-screen, shut-down, restart.) When I select the other option ("Disable automatic restart on system failure") windows starts as 'usual.' Perhaps, I'm doing something incorrectly?
I already have Malwarebytes on my computer, and have run it (though not in 'safe-mode,') and still have malware. This is why the running of Malwarebytes in safe-mode seems like a valid way to proceed....
So selecting the one option in the Advanced Boot menu that's designed to find a blue screen makes the system open normally?
I haven't seen any malware that can exclude Safe Mode or cause a blue screen but it's a possibility. Perhaps slaving the disk to another computer to scan it with MBAM without the system acually running might find something. It's what I'd try if it came in here but it's not so easy if you don't havethe faciliities.
When it starts normally, go Start then Run and type msconfig into the box then hit Enter. Click the BOOT.INI tab and tick /SAFEBOOT then click Apply and OK. Restart and it will boot into Safe Mode. Scan with MBAM and fix anything it finds then reverse the change you made to System Configuration or Safe Mode is all you'll ever see again.
Unfortunately, that didn't work . And, not only did it not work, but now I cannot access my computer at all (whichever option I select after pressing F8 causes the blue screen to flash up and restart and so on.) What I have been able to do is get the alpha-numeric strings that appeared on blue screen: 0x0000007B (0xF8A2A524, 0xC0000034, 0x00000000, 0x00000000.) I hope there is enough information here or you have something that will get me back into my computer.
(Edit: When I start-up using 'Last Working Configurations' the Windows begins to open but doesn't become fully 'lit.'
I should have one somewhere; one that came with the computer: shouldn't I? Two things present significant challenges to my being able to use it: I've not unpacked since moving house, so finding said disc will possibly be looooong; and I don't have a working disc player! That said, should I find it I will look to invest in a removable disc drive.