Malware Removal

This post was written by admin on December 18, 2009
Posted Under: Malware Removal, PC Security, Technology

Many users have compromised their pc security by downloading malware and in some cases this can also be through backdoor downloads that the user is unaware of until such times as they start getting popups to purchase a rogue program.

Using System Restore is a BAD idea, as the Restore Points are frequently infected too. A good idea, which few seem to consider is to create a complete ghost image of their computer when it is in a good and clean state. When malware does strike it is much easier in many cases to restore a clean image than spend hours going around in circles.

Many users contact me with a malware problem, browser redirects and so on. The biggest problem? LACK of information! Operating system, security programs installed, browsers used and what rogue popups they are getting. Simple things like this can narrow it down and save a lot of emails going back and forth to pry the information out of users.

So, you have a malware infection, antivirus programs do NOT remove these in many cases simply because they are NOT viruses, they are rogue applications containing malware -- trojans, backdoor bots, password stealers and so on. In many cases the browser is being redirected, which can lead to further malicious downloads.

What can you do?

Stop the process from running through Task Manager.

DELETE your Hosts: open your C: Drive and double click, then double click on the Windows folder, open the system32 folder, locate the drivers folder and open the etc folder. Delete ALL of the hosts files, DO NOT delete lmhosts, networks, protocol or services.

Use CCleaner to clean ALL Temp files and folders, it is important to open the program and click Options then click Advanced and UNTICK ‘Only delete files in Windows Temp folders older than 24 hours’, then click Cleaner and then Run Cleaner.

Turn OFF System Restore. Download or update Malwarebytes Anti-Malware Free and perform a Quick Scan, remove ALL infections found and reboot your computer. Create new Restore Points.

If using Spybot Search & Destroy or SpywareBlaster, update and re-apply the passive protection. Download a good Hosts file from hpHosts or mvps using HostsXpert or HostsMan.

Browser hijacks: Open your browser.

If using Firefox open a new tab and type in about:config, click on ‘I’ll be careful, I promise’ and beside Filter, type in keyword.url, right click any entries and click Reset.

Then click on Tools, then click Options, click the Advanced tab then click Network, then click Settings. Click radio button beside No proxy click OK on open windows to close them. Close Firefox.

If using Internet Explorer, click Tools, Manage Add-ons, click on Toolbars and Extensions and click on any that should not be there and click Disable, click on Search Providers and if there are any that do not belong there, click to highlight and then Remove. Also open Internet Explorer, click on Tools then Internet Options, click the Advanced tab and click on Reset. You will need to change your homepage but it will restore Internet Explorer to its default settings but keeps your bookmarks etc.

Click on Tools then Internet Options. Click on the Connections tab, then click LAN Settings. If you are NOT using a proxy and the box is ticked, untick the Proxy server and tick Automatically detect settings. Click OK on open windows. Close Internet Explorer.

Open your browser and the hijack should have gone.

Download CCleaner free here

Download Malwarebytes Anti-Malware Free here

Another tool to use is VundoFix -- click here for the homepage and details

Related Posts:
Malware -- The Growing Enemy - includes more free tools for backup and cleaning.
Basic Computer Security