1) Download and Install Removal Tools! The following anti-malware apps are generally accepted as the best FREE removal tools right now. This list may change or it may not. If you think something should be on here that isn’t please let me know.
- CCleaner – http://www.filehippo.com/download_ccleaner/ – Useful tool for cleaning out all the crap that has built up on your computer from general use. This helps to decrease the amount of files that are scanned and can greatly speed up scanning.
- Malwarebytes Anti-Malware – http://www.filehippo.com/download_ma…_anti_malware/ – One of the best removal tools out there right now.
- SuperAntiSpyware – http://www.filehippo.com/download_superantispyware/ – Another great removal tool
- SuperAntiSpyware Portable Scanner! – http://www.superantispyware.com/portablescanner.html – This is the same SAS scanner and removal engine in a portable formfactor that does not require installation on the infected system. Haven’t had a chance to use this in the wild yet but looks promising.
- Spybot Search & Destroy – http://www.filehippo.com/download_sp…earch_destroy/ – Yet another good removal tool. Also useful for “inoculating” your web browsers against future attacks. New version seems to be able to clean temp files that CCleaner sometimes misses and some malware that Malwarebytes missed the last time I used it.
- ComboFix – http://www.combofix.org/ – This is a great tool for cleaning up a system that is messed up to the point you can’t run MBAM or anything else. After running this you should still run the other tools to clean up the left-overs.
- RootRepeal – http://rootrepeal.googlepages.com/ – Rootkit removal tool. Run this when you can’t get any other tool to run or install.
- Avira AntiVir Personal – http://www.filehippo.com/download_antivir/ – Arguably the best free Anti-Virus software out there. Say what you want about the annoying pop ups but it is free and really good.
- Microsoft Security Essentials – http://www.microsoft.com/Security_Essentials/ – Microsoft’s free Anti-Virus/Anti-Malware program. Has gotten great reviews and I’ve been using it on systems instead of Avira lately, nothing to complain about so far.
- Symantec UnHookExec.inf – http://www.symantec.com/security_res…050614-0532-99 – Tool to reset shell\open\command registry keys
- rkill – http://download.bleepingcomputer.com/grinler/rkill.com – Tool to try and kill and processes associated with running malware/rogue AV applications. Sometimes you have to run it several times before it will finally kill anything. Very useful if you can’t get MBAM os SAS to run. Here is a link to a renamed version in case the regular rkill won’t run: http://download.bleepingcomputer.com…r/iExplore.exe
- Avira AntiVir System Rescure CD – http://www.avira.com/en/support/support_downloads.html – Linux Boot CD that has Avira AntiVir anti-virus/anti-malware software with latest definitions preloaded. Download and burn to a CD and boot your computer from it to do some scanning and removing action.
- Sophos Anti-Rootkit – http://www.sophos.com/products/free-…i-rootkit.html – Free RootKit scanning and removal tool from Sophos. Makes you register to download but you can put in bogus information and it will still let you download.
- ESET Stand-alone Malware Removal Tools and RogueAV Cleaner – http://kb.eset.com/esetkb/index?page…nt&id=SOLN2372 – Malware removal tools from the makers of ESET NOD32. I’ve not had a chance to test the RogueAV Cleaner yet but it’s on my short-list for the next time I run across one of those lovely Vundo trojans.
- FixWin – http://www.thewindowsclub.com/repair…fixwin-utility – Free tool to reset task manager, desktop, shell stuff. Good for if you find your UI is a bit hosed up after removal all your computer herpies. This is for Windows Vista and Windows7 only. Does not appear to support Windows XP.
2) Turn OFF System Restore! Malware likes to hide in System Restore and come back from the dead after a reboot. If you really want to you can turn it back on AFTER you have removed all infections from your computer. Depending on how many restore points you have this can take anywhere from 1-15 minutes to complete. Don’t freak out if your system becomes unresponsive while it clears out all that garbage.
- Right-Click your “My Computer” or “Computer” icon and then select “Properties” from the menu that pops up.
- Click on the “System Restore” tab. Check the box that says “Turn off System Restore on all drives. Click on “Apply” and wait a few minutes, then click on “OK” to close the window.
3) Install and run CCleaner! Install CCleaner and run that pig!
- Check all the boxes for things to clean EXCEPT the “Wipe Free Space” one, that takes forever. Warning: This will wipe out all of your custom folder settings and saved passwords in IE/Firefox and clear out your start menu history. Click on the “Run Cleaner” button and click okay when it asks if you really want to do this. If your computer has multiple user accounts on it then you will want to run CCleaner when logged in as each user to clean out their temp files, too.
- Start the Registry Cleaner and run two passes with it. I usually choose the option to backup the registry and save to the c: drive somewhere, just in case.
- Go to the Tools\Uninstall section and start looking for goofy crap that shouldn’t be there. Uninstall all the MyWebSearch toolbars and screensavers and other garbage you have no idea what the crap it is. I’ve found some crapware can be uninstalled from CCleaner that fail to remove themselves from Add/Remove Programs.
- Go to Tools\StartUp and delete or disable all the obvious bad crap. If you’re not sure what is good and what isn’t try googling it or just leave it alone and the malware removal tools should remove it anyway.
4) Install and Run Removal Tools! Install Malwarebytes, SuperAntiSpyware and Spybot Search & Destroy. Run the update process for each of the programs. If you don’t have an Anti-Virus application or you’re using something that sucks then you should consider installing Avira AntiVir Personal.
- Boot into Safe Mode without networking
- Run Malwarebytes Anti-Malware. Set options for full system scan and go grab a beer, preferably a lager, this could take a while. Once it is finished it will give you a list of the malware it found and you can then remove it. After it is finished you will need to restart your computer.
- Boot back into Safe Mode and run SuperAntiSpyware. Do the full system scan and grab another beer. When it is finish follow the prompts to remove the crap and restart your computer again.
- Boot into Safe Mode one more time and run Spybot Search & Destroy. Run the inoculation thingy. Then do the search for crapware. If it asks you for permission to clean out temp files let it do that and then finish the scan. While the scan is running feel free to have another beer, this one’s on me. When it is done you can follow the prompts to remove the badware. If it says it needs to do a boot time scan to finish removing some junk then let it do it and restart your computer. If you do the start up scan you’ll have to wait until it finishes before you can log into your computer again. NOTE: By default Spybot installs the “Tea Timer” application. Some people like this tool as it alerts you to when an application is trying to make registry changes to your computer and will give you the option to cancel or allow the change. If you find yourself prone to getting infected with nasty computer herpies then you should probably leave this application alone and let it do it’s thing. If you don’t like it you can disable it from the advanced options in Spybot.
- Run your Anti-Virus program, do a full system scan. If you don’t have one then I would strongly suggest you install Avira Anti-Vir. If the pop ups bother you that much I’ve heard that there are ways to disable them, try searching the googler for a possible solution.
5) Run CCleaner Again! Boot into windows and login like you normally would. Run CCleaner again and the registry cleaner again. Sometime removing malware will leave a bunch of crap laying around and you need to clean it up.
6) Enjoy the Freshness That is Your Cleaned Computer! Your computer should now be free of infections. If you continue to have problems then it is time to backup your important data and wipe/re-install the Windows.
If you cannot run or install any of the tools listed above – Then you should try using the Avira System Rescure CD to boot your computer from and run a scan that way. Another option would be to try one of those fancy new Rootkit Removal applications. One such tool is RootRepeal! I don’t have any personal experience with this software but there is a guide on the MalwareBytes Forums for using it and others on these forums have attested to its effectiveness in cleansing the computer herpes.
- Guide: http://www.malwarebytes.org/forums/i…howtopic=12709
- Download: http://rootrepeal.googlepages.com/
Hopefully you found this post useful. Happy Hunting!Print