Saturday, April 23, 2011

how do i...remove malware

This was my attempt at a simplistic malware removal guide for someone who isn't technical, but is willing to roll up their sleves and give removal a shot before having to take more drastic measures (pay someone) -- it worked. My guess is that it will work for 50% of malware infections and can take 20 minutes to an hour.


Removing Malware



*You may want to print this before beginning. You may not. Who am I to say.

Run this first:



(1) http://download.bleepingcomputer.com/grinler/rkill.com
(save to desktop, then run)


…then, download, install (allow updates) and run a ‘quick scan’ with this:

(2) http://www.malwarebytes.org/mbam.php
(download and install free version)


…if it finds infections, show results >> remove selected (make sure they are selected – right-click > select all if they aren’t). Reboot if prompted.

…if it doesn’t work, you might be able to boot into safe mode…(reboot computer, tap ‘f8’ every two seconds…when prompted, select ‘safe mode with networking)…run (1), then download and run the following:

(3) http://www.bleepingcomputer.com/download/anti-virus/combofix
(save to desktop, then run, accept all defaults. Ignore if prompted to disable av software, unless you want to right-click on your av software and attempt to disable temporarily. Allow recovery console to be installed)


If that doesn’t work, you’ll have to get professional help, probably. See my site to run the remote help request, where I can remotely verify the infection...and, if necessary, attempt removal.
(http://chapmanit.com/computerwork/remotehelp/)

If you are rid of popups, but no longer have internet access, you can go to control panel >> internet options >> connections (tab) >> lan settings >> remove check from “use a proxy server…” (assuming you have Windows XP. the location will be similar, but maybe slightly different for Vista or Windows 7 -- search for 'internet options' from the start menu search bar)

Almost done...but


When you think you are done, you should probably re-download (the original download may be corrupted or comprimised since you were infected) (1), reinstall and update, then run a 'quick scan' again. Hopefully, you are clear or it is just cleaning up traces.

Additional Preparation Steps


To speed up the scan process, and as general recommended practice, run disk cleanup, ccleaner, or glary utilities prior to scanning for noticeably faster scan times.

Am I infected?


If you are reading this, probably so. The symptoms are too varied to be sure, but if you are getting popups from (what looks like) an antivirus program that wasn't on your computer a month ago...that wants you to pay for help, you are probably infected. Additional symptoms can be browser redirects (you click on a google search result and end up on a non-related page that wants money), or program malfunctions (fake system messages saying your program can't run...your disk is corrupt...your momma eats twizlers, etc.). Good luck at playing MD and making the diagnosis. General cleaning programs can be found above (additional prep steps)...and are recommended to clean a slow, but non infected, computer.

No comments: