Over the years, I’ve put together my own bag of tricks for removing malware.
I recently wrote my Ounce of Prevention post to help you harden your Windows system to protect it from malware infection. Once you complete these cleanup steps, I STRONGLY recommend that you give that post a read and complete the steps that apply to your system.
If you ever find yourself troubleshooting an infected system, these steps should help you get the system back up and running in no time.
Step 1: The Basics
Before installing or running any new security software, there are a few preliminary steps you need to take.
- Boot into Safe Mode
- Reboot your computer
- Before the Windows logo pops up, hit F8
- Select Safe Mode from the list and hit Enter
- Clean out the Startup folder
- Go to Start > All Programs > Startup
- Right-click on anything you don’t want there and click Delete
- Run the Microsoft System Configuration Utility
- Go to Start > Run
- Type msconfig
- Go to the Startup tab
- Uncheck items that you want to disable
Warning: Disabling legitimate apps and processes can do more harm than good. Check ProcessLibrary.com before making any changes using this utility.
- Cleanup the hosts file (C:WindowsSystem32driversetchosts)
- The hosts file is a legitimate system file that can be used to override a websites location. Unfortunately, some malware variants change the hosts file to prevent you from getting to antivirus vendor sites.
- Use this Microsoft utility to automatically reset the hosts file to its default state
Step 2: Removal
Now you’re ready to remove some malware. Install and run all three of these tools.
- Microsoft Malicious Software Removal Tool
- Download the MSRT and install it (next > next > finish)
- This tool cleans up a small list of known baddies. It’s not going to catch everything, but it will do a great job of eradicating some of the most common malware variants.
- Download Malwarebytes and run the installer
- Select the Update option before launching the program
- On the Scanner tab, choose Full Scan
- Once the scan completes, choose Show Results
- Review the results list to make sure it doesn’t contain any files you need to keep.
- Choose Remove Selected to have Malwarebytes remove the infected files automatically
- Download HijackThis and run the installer
- Do a System Scan with the Save a Logfile option selected
- HijackThis is arguably more powerful than msconfig, which means there’s a higher risk of unintentionally damaging your system.
- If you’re absolutely certain that you want to remove the items returned by the HijackThis scan, check the items you want to remove and select Fix Checked.
- If you want a second set of eyes to review that list, you can upload the logfile to the HijackThis forums and ask the online community for a hand.
On a side note, VirusTotal is a terrific resource for analyzing specific files. If you locate a file that you believe might be infected, you can upload that total to VirusTotal and they’ll scan the file for you.
Step 3: Validation
By now, you should have caught the nastiest malware on your system, but you’re not out of the woods yet. You need to install and run an antivirus program AND an antispyware program to clean up anything the previous tools might have missed.
Below are my top picks from each category for home users.
- Antivirus programs
- Antispyware Programs
Step 4: Prevention
With the malware removed and antivirus & antimalware agents running, you might want to consider running a few online vulnerability scanners to determine whether or not your machine is still at risk.
Below are a few of the more well-known scanners that you might want to check out.
- Online Vulnerability Scanners
You might also consider installing the Secunia Personal Software Inspector. This cool little utility checks your system for outdated software, software that might contain vulnerabilities that malware exploits to infect your system.
Hopefully, these steps have helped you get your system back in working order. If not, you might want to consider running RootkitRevealer.
But that’s a post for another day…