Malware Removal Guide
Clean Adware, Crimeware, Dialers, Keyloggers, Rootkits, Spyware, Trojans, Viruses and Worms. Malware is short for malicious software. It is a general term that refers to any software or program code designed to infiltrate or damage a computer system without the owner's informed consent. This guide will show you how to remove and protect yourself from future infections using free software.
FACT: 89% of consumer PCs are infected with spyware
Key
- Windows 2000 (Microsoft ended support and security updates on July 13, 2010)
- Windows XP (Microsoft will continue support through April 8, 2014)
- Windows Vista
- Windows 7
OS Support - Only applications listing the supported operating system icon will work on your system.
Step 1 - Cleanup
This first step will delete temporary and other unnecessary files from your harddrive to reduce scan times.
CCleaner
- Download
- Home Page
CCleaner (Crap Cleaner) removes unused and temporary files from your system, including cleaning the registry.
Instructions - Download the Slim version and install. Go to the "Windows" tab, then select "Run Cleaner". Finally select the "Registry" button and select "Scan for Issues" when it finishes scanning select "Fix Selected Issues", then "Fix All Selected Issues".
Installation Warning - Do not install the standard version of CCleaner which bundles useless Yahoo Toolbar. Get the Slim version instead. If you accidentally do install it, simply use add/remove in the windows control panel to remove the Yahoo Toolbar.
Prefetch Cleaning Warning - The Advanced section has a performance slowing cleaning option "Old Prefetch data", never select this option for cleaning as it will increase application and Windows load times. Cleaning the Prefetch folder is a Myth and actually hurts performance. Windows XP automatically cleans this folder at 128 entries back to the 32 most used prefetch files. Anyone who claims this should be cleaned for ANY reason does not understand how Windows Prefetching works. -
Source
Step 2 - Scan and Clean
This second step will clean your system of Malware.
Kaspersky Anti-rootkit TDSSKiller
- Download
- Home Page
Kaspersky Lab has developed the TDSSKiller utility specifically for removing rootkits. A rootkit is a program that penetrates deep into the operating system and hides its presence by intercepting and modifying low-level Windows API functions. They are used to hide the presence of malware in the system by stealthing particular processes, folders, files and registry keys.
Instructions - Unzip, Select Start Scan and remove any infections that it finds.
Malwarebytes' Anti-Malware
- Download
- Home Page
Malwarebytes' Anti-Malware is a high performance anti-malware application that thoroughly removes even the most advanced malware and spyware. With one of the fastest, most effective quick scans and malware removal capabilities on the market, this program is the perfect addition to your PC's defenses.
Instructions - Install, Update and Perform a Full Scan. When finished remove any infections.
Once you have completely cleaned your system, if you are infected with any key loggers, you need to immediately change all your passwords you have typed in from that computer. (Banking, Facebook, Windows ect...)
Step 3 - Protection
This third step will protect you from future infection.
Microsoft Security Essentials
- Download
- Home Page
Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software. Microsoft Security Essentials is a free download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It's easy to tell if your PC is secure - when you're green, you're good. It's that simple. Microsoft Security Essentials runs quietly and efficiently in the background so that you are free to use your Windows-based PC the way you want-without interruptions or long computer wait times.
Instructions - Install. (that's it)
Windows Update
- Home Page
Installing security updates is critical so that you do not get infected again. Confirm that your system is 100% clean before proceeding.
Instructions - Install All Critical Updates. This may have to be run multiple times. Run it over again until it says 0 Critical Updates available. You may also need to reboot.
Windows Firewall
- Home Page
Windows XP, Vista and 7 come with a built-in firewall. Confirm that it is enabled.
Instructions - Go to "Start", "Settings", "Control Panel", "Windows Firewall", select "On (recommended)".
Windows XP - The Windows XP Firewall is more then sufficient for most users with full inbound protection. In Windows XP there is no way to guarantee 100% outbound protection once your system is compromised.
- At Least This Snake Oil Is Free (Jesper Johansson, Ph.D. Management Information Systems)
- Windows Firewall: the best new security feature in Vista? (Jesper Johansson, Ph.D. Management Information Systems)
When Step 3 is completed you will only have one application running all the time, Microsoft Security Essentials.
Advanced Cleaning
SmitFraudFix
- Download
- Home Page
SmitFraudFix is an advanced malware removal tool for difficult to remove infections like Smitfraud, SpyAxe, SpySheriff and many more.
Trend Micro RootkitBuster
- Download
- Home Page
Trend Micro RootkitBuster scans for hidden files, registry entries, processes, services, drivers, kernel code patches, ports, operating system service hooks, and Master Boot Record (MBR) rootkits. Clean or remove hidden files, registry entries, and services. The latest version features an even more sensitive detection system.
Trend Micro Sysclean
- Download
- Home Page
(32-bit Only)
Trend Micro Sysclean is a stand-alone fix package that incorporates the Trend Micro VSAPI Malware and Spyware scanning engines as well as the Trend Micro Damage Cleanup Engine and Template. It will terminate all detected malware instances in system memory, removes malware registry entries, removes malware entries from system files and scans for and deletes all detected malware copies in all local drives.
Advanced Detection
Autoruns
- Download
- Home Page
Autoruns has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them.
- Startup Applications List (Sysinfo.org)
- Startup Programs Database (Bleeping Computer)
Process Explorer
- Download
- Home Page
Process Explorer shows you information about which handles and DLLs processes have opened or loaded.
Process Monitor
- Download
- Home Page
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.
Trend Micro HijackThis
- Download
- Home Page
- Online Log Analyzer
Trend Micro HijackThis is a free utility that generates an in depth report of registry and file settings from your computer. HijackThis makes no separation between safe and unsafe settings in its scan results giving you the ability to selectively remove items from your machine. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer.
Trend Micro RUBotted
- Download
- Home Page
Trend Micro RUBotted monitors your computer for potential infection and suspicious activities associated with bots. Bots are malicious files that enable cybercriminals to secretly take control of your computer. Upon discovering a potential infection, RUBotted will identify and clean them with HouseCall.
TCPView
- Download
- Home Page
TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections.
- Port Authority Database (GRC)
Advanced Repair
Dial-a-fix
- Download
- Home Page
"An advanced utility for Microsoft Windows that repairs various Windows problems, such as: Windows Update, Windows Installer, Permissions and more."
Windows XP Security Console
- Download
- Home Page
"Windows XP Security Console allows you to assign various restrictions to specific users, whether you're running XP Pro or XP Home. XP Home leaves you completely without the Group Policy Editor, while XP Pro lacks the ability to use the Group Policy Editor to selectively apply policies to specific users."
End
This guide will be revised as needed. Comments: OptimizeXP@comcast.net. Do not send Technical Support Questions.
Legal Notice - Reproduction of this guide in whole or in part is strictly forbidden. This guide and ALL versions thereof are protected by copyright under the Digital Millennium Copyright Act (DMCA). Feel free to link to this Guide.