Microsoft Windows Troubleshooting Guide
- Introduction
- Malware Removal
- Fixing Networking Problems
- Repairing a System that Won't Boot
- Optimizing Windows
Removing Trojans, Adware, Fraudware, etc.
To remove Malware, there are quite a few applications that will automatically scan for and remove various infections for you. Unfortunately there is not one "silver bullet" application that removes everything automatically, so you must run a few different applications that scan the system in various ways to find different infections.
This page covers all the applications that I run in order to clean a system of Malware, these applications usually get rid of all Adware, Fraudware, etc. from your system. You should run these in order as this has tested to be the fastest way to get rid of Malware.
Keep in mind that sometimes it may be required to boot the computer into "Safe Mode" in order to run these applications if your computer is severely infected. Also, you may have better luck if you immediately run these applications after a system boot, before the Malware has a chance to stop applications from starting.
Also note that all of these applications on this page can be used cost-free (although donations to these organizations would probably be helpful).
Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
Combofix is the Swiss Army Knife of Malware applications. This program has the quickest scan and will get rid of the majority of the resource-hogging malware that is out there. This program doesn't get "installed", you simply run the program and it does various system checks, then starts to scan the system.
Combofix asking to install the Recovery Console and Combofix scanning the system
Combofix is being constantly updated, so if you download a copy from a few days ago, it is a good idea to download a new copy of it. To run Combofix, simply download it, then select run after it is downloaded, or double-click the file. Ocassionally some Malware will prevent Combofix from running, most of the time you can bypass this by simply renaming it to something else, like CF.exe. Also, if your system is infected with a Malicious Virus, Combofix will inform you of this and you should immediately skip to the next section to get rid of it.
Overall, Combofix will do the following:
- Create a System Restore Point
- Check to see if any Antivirus Applications are running (you should disable these first)
- Ask you to install the Recovery Console (if it is not installed) - I usually don't recommend this unless you are highly technical
- Scan the computer for Malware
For a more thorough guide on combofix, visit
http://www.bleepingcomputer.com/combofix/how-to-use-combofix.
Malwarebytes' Anti-Malware
The next application I use to remove Malware is Malwarebytes' Anti-Malware. Where combofix fails to remove certain malware, such as Antivirus 2009 and other similar ones, Malwarebytes usually picks them up and removes them. This appliation also gives you the opportunity to run a quick scan or a full scan, which is very helpful if you need to quickly clean a system.
Scanning a System with Malwarebytes' Anti-Malware
To install this application, simply download the installer and run it, once the installation is complete, it will ask if you want to check for updates and start the program, it is a good idea to do this as the installer does not get updated very often.
Once Malwarebytes is running, it will ask you if you want to do a Quick or a Full scan. The Quick scan usually picks up any major infections that you may have, so if you are in a hurry select Quick Scan, otherwise run a Full System Scan.
Removing Infections with Malwarebytes' Anti-Malware
Once the scan is complete, it will tell you how man infections it has found. In order to clean these infections, click on "Show Results" which will bring up a detailed view of all the infections that the program has found. To remove the infections click on the "Remove Selected" button. It may ask to restart the computer if you had a major infection.
Malwarebytes' also comes in a "Paid" version, which allows you to have it run in the background to prevent Malware infections. If you tend to always catch Malware, it may be a good idea to purchase this application.
Spybot - Search & Destory
http://www.safer-networking.org/
The last application I usually use to clean up Malware is Spybot Search & Destroy. This is probably one one the oldest Adware Removal Utilities around, but it is still one of the most thorough. I especially like it because you can set it to do an automated scan which will automatically remove any infections (see below for details). This allows you to quickly clean the system using the 2 above programs, then simply start an automated scan and go do something else (or leave if you are on the clock).
Installation Options and Immunizing a System with Spybot
To use this, download the installer file and run it, note that the installer does require a connection to the Internet to get an updated database. Also, during the installation, you will be prompted to use "SDHelper" and "Teatimer", if you are an advanced user these applications may quickly become annoying, so I usually don't use these features. Once the program is installed and you first run it, it will go through a "Startup Wizard" which includes:
- Creating a Registry Backup
- Searching for Updates
- Ask to Immunize the System
Immunizing the system simply "tweaks browser settings to use their methods of blocking cookies, malware installations, bad websites and more". It is usually a good idea to apply the Immunization every once in a great while.
Scanning a System and Removing Infections with Spybot
Once you finish with the Startup Wizard and once the application is running, to scan the system just go to the Search & Destroy tab and click on "Check for Problems". In later versions, the program may detect an abundance of temporary files and may ask you if it is alright to clear them out. Again, this will speed up the scans.
Once the scan is complete, to remove the infections click on "Fix Selected Items" and the program will remove the infections. In some instances, it may not be able to totally remove the infections and will ask you if it would be alright to run Spybot on system restart, if you say yes it will automatically schedule a scan when you restart the computer.
Note: You can make Spybot do an automated scan by issuing the following commands:
cd "C:\Program Files\Spybot - Search & Destroy" SpybotSD /allhives /autocheck /autofix /autoclose /onlyspyware
You can also use the /taskbarhide option to have spybot run in the background
