Jump to content
NeutralHatred

Malware Removal Guide

Recommended Posts

1XnQjr4.jpg

 

I have decided to put together a guide for everyone in case you are having some issues with malware/viruses and are unsure of how to handle it. It is worth noting these steps are effective at cleaning malware but, it is not guaranteed to remove all traces. Always remember if your system is very slow, to the point where it is almost unusable, you're at a point where a reinstall of the OS is the best route to get your PC up and running optimally again. Do not assume these steps will fix any and all malware infections; reinstalling the OS is always the best way to remove malware. 

 

What is malware?

Malware is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software. Malware can hide in anything on the internet, be it a popup window, a hyperlink, or an email. Note that a popup window is generally nothing more than that, especially if it claims you have a virus and to call a number. Any popup window that claims you have a virus can be safely closed out of, task killed, or simply restarting your machine. These are scare tactics to get you to call the number and pay them to "fix" your system when in actuality, there is nothing wrong with it. This is known as a tech scam.

 

 

Note that these steps can only help if your PC can boot up successfully and should remove most malware infections. Not all malware is the same and sometimes, it may be missed. If a problem persists, make a post here and I or someone will attempt to help further. Helping via a forum is going to be difficult so, if we are unable to help, make sure you find a trusted tech to aid you or go to a nearby trusted repair shop. If the shop is trusted but seems expensive, remember you are paying someone with the skills (and likely certifications) to repair your PC. When you get your car fixed, it is expensive not only because of parts but, the people doing it are skilled professionals.

 

Here I will explain a few tools you can use to remove a majority of malware and fix your PC yourself. These steps are recommendations only. Many machines I have worked on have not experienced any lost files but, there's always risk, depending on how far the malware has taken hold. Always maintain a proper backup, whether a cloud storage service or external device.

 

If you're infected with Crypto malware (Cryptowall, Cryptolocker, TeslaCrypt, etc), do not attempt to follow this guide; your files are at risk. Make a post here or on this Reddit page and see if anyone is able to help but, in most cases, a Crypto malware is very difficult to crack and is easier to simply write off the data and reinstall the OS.

 

Be sure you run all these steps in Normal Mode. Only use Safe Mode if the program fails to scan. All programs must be run on the Administrator account.

 

Step One: Manual Removals and rKill

Remove any suspicious browser extensions and toolbars. If you did not install it yourself, it's suspicious. Also, in my experience, there is no such thing as a useful toolbar. Remove any unusual homepages and default search providers (in most circumstances, you only really need Google and, at the very most, Bing)

 

Run rKill. It may take a few minutes for the scan to complete. Once it does, do not reboot the PC.

  • Kills running malicious processes
  • Removes Polices in the registry that prevent normal OS operation
  • Repairs file extension hijacks.

 

Step Two: Malwarebytes

Download and install Malwarebytes. Make sure it is updated and enable "Scan for Rootkits" in Settings under Detection and Protection. Start the scan. Scan can take up to (on average) 10-30 minutes, depending on the system.

  • Successfully removes a majority of any and all kinds of infections.
  • Has an industry-leading built-in rootkit/bootkit scanning.
  • Built-in repair tools to fix damage done by malware.

 

Step Three: Adware Cleaner

Download and run AdwCleaner. Scan your system with the corresponding button then hit Clean once the scan is finished. It will also want to reboot your system at this point. Allow it to do so. (I mean, you don't have a choice)

  • Removes majority of adware, PuPs (Potentially Unwanted Programs), Toolbars, and browser hijacks.
  • Fixes proxy settings changed by malware
  • Removes certain non-default browser settings.

 

If you are having issues connecting to the internet, try running NetAdapter Repair Tool with all options checked. All these tools can be downloaded elsewhere and placed on a USB Flash Drive and installed onto the infected machine.

 

Here's a few tools to help prevent any future problems:

 

Free Anti-Virus Recommendations:

 

Paid Anti-Virus Recommendations:

 

Helpful Tools:

  • Unchecky - Unchecks options in installers that install PuPs
  • uBlock Origin Browser Extension - Chrome and Firefox versions available. (Blocks ads. Adblock Plus has been known to unblock certain ads due to being paid)
  • CCleaner - Technically, not a tool for malware removal but, it is useful at cleaning up old registry errors and junk from you PC leftover from malware or just temporary files cluttering up your system. This is entirely optional and only my recommendation. People seem to differ on its usefulness. Avoid the registry cleaner on Windows 10. It is known to, sometimes, remove some registries that it shouldn't and even makes the login screen unstable and unable to log in.

 

Tip on avoid possible infections in the future: Use common sense. Many cases I get are as simple as they opened an email they weren't sure about or clicked on a link from a random site they googled. If it seems sketchy, don't do it. Many anti-viruses out there have a website scanner that can help you prevent malicious websites. The first line of defense at preventing malware infection is always the user. Enable User Access Controls, keep Windows up to date, and never download publisher software from a separate site; use their website.

 

 

(Original Reddit Post)

Edited by NeutralHatred
Grammar tweaking.
  • Like 3

Share this post


Link to post
Share on other sites

Yup. I re-worded most of it to reduce its length and because I'm not the original publisher. I mostly only took the description of each program. This is a step-by-step process I use myself anyway.

Edited by NeutralHatred

Share this post


Link to post
Share on other sites

A couple of pointers for those who do follow this guide (comes from working with these tools/cases everyday for the past 1.8 years now)

 

Before anything, make a system restore point. A system image will be better yet.

 

Re: Crypto malware

Avast has put out a few decryption tools that will "supposedly" recover/decrypt your files from some of the major crypto malware that have come out

http://lifehacker.com/unlock-ransomed-files-with-avasts-four-free-ransomware-1789577598?utm_campaign=socialflow_lifehacker_twitter&utm_source=lifehacker_twitter&utm_medium=socialflow

 

Re: Malewarebytes addition

Hitman Pro also does a great job of nuking those malicious programmes and anything else that trips its detection parameters. A side note to this, it can cause you to lose explorer.exe at boot. I believe the fix was to boot into safe mode and/or run a repair from your windows 7 install disk.

 

Re: Adware Cleaner

A bit like Hitman Pro, this has also caused the explorer.exe process to stop working at boot. Only repair I have found to fix this is a complete reinstallation of Windows. 

 

After doing all your repairs, open CMD as Admin, type "sfc /scannow" and hit enter. After that's run, you may also want to type "chkdsk /f /x", hit enter, hit "y", reboot. Wait for Windows to check and repair at next startup.

 

 

  • Like 1

Share this post


Link to post
Share on other sites
1 hour ago, Moodkiller said:

A couple of pointers for those who do follow this guide (comes from working with these tools/cases everyday for the past 1.8 years now)

 

Before anything, make a system restore point. A system image will be better yet.

 

Re: Crypto malware

Avast has put out a few decryption tools that will "supposedly" recover/decrypt your files from some of the major crypto malware that have come out

http://lifehacker.com/unlock-ransomed-files-with-avasts-four-free-ransomware-1789577598?utm_campaign=socialflow_lifehacker_twitter&utm_source=lifehacker_twitter&utm_medium=socialflow

 

Re: Malewarebytes addition

Hitman Pro also does a great job of nuking those malicious programmes and anything else that trips its detection parameters. A side note to this, it can cause you to lose explorer.exe at boot. I believe the fix was to boot into safe mode and/or run a repair from your windows 7 install disk.

 

Re: Adware Cleaner

A bit like Hitman Pro, this has also caused the explorer.exe process to stop working at boot. Only repair I have found to fix this is a complete reinstallation of Windows. 

 

After doing all your repairs, open CMD as Admin, type "sfc /scannow" and hit enter. After that's run, you may also want to type "chkdsk /f /x", hit enter, hit "y", reboot. Wait for Windows to check and repair at next startup

 

I haven't come across any crypto malware cases yet but, I may look into those Avast tools. Just in case.

 

I never used Hitman Pro yet so, I didn't want to mention it until I've tried it myself.

 

Thanks for the extra pointers, MK. :D

  • Like 1

Share this post


Link to post
Share on other sites
35 minutes ago, NeutralHatred said:

 

I haven't come across any crypto malware cases yet but, I may look into those Avast tools. Just in case.

 

I never used Hitman Pro yet so, I didn't want to mention it until I've tried it myself.

 

Thanks for the extra pointers, MK. :D

 

Ditto to that, one colleague of mine has had to deal with then all, so you and I are fortunate from that aspect :) 

 

Hitman Pro does ask for an email to validate it/activate. You can put any email in, its just used for marketing. My personal favourite is ThisIsSpam@gmail.com

 

No problem. 

  • Like 1

Share this post


Link to post
Share on other sites

I would recommend a combo of Nano Adblocker + Nano Defender as an alternative to uBlock Origin. Though it won't offer any real advantages to novices, geeks like me benefit by its much more precise filtering abilities and scriptability.

Share this post


Link to post
Share on other sites
3 hours ago, dealvidit said:

I would recommend a combo of Nano Adblocker + Nano Defender as an alternative to uBlock Origin. Though it won't offer any real advantages to novices, geeks like me benefit by its much more precise filtering abilities and scriptability.

It's based off uBlock anyway. Besides, this is my guide with my own knowledge so, since I am unfamiliar with it, I won't recommend it, regardless of its validity.

Share this post


Link to post
Share on other sites
12 hours ago, NeutralHatred said:

It's based off uBlock anyway. Besides, this is my guide with my own knowledge so, since I am unfamiliar with it, I won't recommend it, regardless of its validity.

Fair enough. Didn't mean to offend you in any way, just wanted to share some new stuff.

Share this post


Link to post
Share on other sites
59 minutes ago, dealvidit said:

Fair enough. Didn't mean to offend you in any way, just wanted to share some new stuff.

You didn't, I understand. Thank you for your contribution to the topic.

  • Like 1

Share this post


Link to post
Share on other sites

According to my experience with malware, having a good Linux live CD helps a lot to eliminate files that can not be deleted from the same operating system that is usually malware. It is also advisable to use a live Live CD of some antivirus, there are several, and they are very good, they eliminate the malware without having to install them in the system and they are quite efficient in what they do.
I also recommend a good firewall, in my case I use a similar one to outpost firewall, since not only does it allow me to choose the program that will have permissions to connect to the internet, but it helps me to know what programs work or what each program does the operating system, allowing me to stop any type of suspicious activity that a program performs in the same operating system.

 

Share this post


Link to post
Share on other sites
1 minute ago, Ligroso said:

According to my experience with malware, having a good Linux live CD helps a lot to eliminate files that can not be deleted from the same operating system that is usually malware. It is also advisable to use a live Live CD of some antivirus, there are several, and they are very good, they eliminate the malware without having to install them in the system and they are quite efficient in what they do.
I also recommend a good firewall, in my case I use a similar one to outpost firewall, since not only does it allow me to choose the program that will have permissions to connect to the internet, but it helps me to know what programs work or what each program does the operating system, allowing me to stop any type of suspicious activity that a program performs in the same operating system.

This guide was intended for users with limited technical knowledge. If they knew how to use a Linux Live CD, they probably don't need a guide on how to install and scan with MalwareBytes. Eset does have an online scanner that you download, update, then run without actually installing it. I have used it on several occasions but, dislike it simply due to how long it actually takes for the whole process. Updating, scanning, then removal can take up to 45 minutes, depending on hardware and level of infection. Granted, it isn't a live CD but, it is an on demand scanner that isn't already installed, possibly eliminating it from being comprised by the malware.

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×