So your Windows PC is running slow, crashing, or acting funny. You're sure there's no hardware issues. This leaves one big suspect: malware. When XP was ruling the roost, reinstalling operating systems once or twice a year was the norm for a lot of users. However, installing a fresh version of Windows is not always practical or possible. So what do you do? Put on your geek cap, be ready to bring a bevy of anti-virus hammers on the malware infecting your system, and read on!
9 Steps to Purge Your PC of Malware
1) Back up your data, or get a smack down
There's a reason we list this first. Don't be a blockhead. You should be doing this all the time. You can be stubborn when it comes to not wearing your seatbelt or letting your dog poop in the neighbors' yard, but don't be stubborn about this. BACK IT UP! Don't make us slap you, because we will. We tell you this because even these scanners and popular anti-virus programs can sometimes delete and modify files that they shouldn't be messing with. And, unfortunately, if this does happen and you lose your data, well, don't say we didn't warn you.
2) SCAN and GO DEEP!
Ok, so you were never an all-star quarterback. Fortunately when we say "Go deep" we are referring to running a virus scan. Run a deep (or full system) scan with your current active Anti-virus scanner, be it McAfee, Norton, or another suite. While quick scans are usually sufficient for routine or scheduled maintenance, there's always the chance that a deep scan will turn up some malware that is more deeply entrenched than your average virus.
If you don't already have an active Anti-virus suite (shame on you, tsk tsk), then it's not too surprising you're reading this, and you likely have some cleaning up to do. Fortunately, you don't have to pay for a solid active Anti-virus program. There are quite a few free anti-virus programs out there, including Microsoft Security Essentials. It is an excellent free Anti-virus that anyone with a valid copy of Windows is free to install on their system. If you're not running a valid copy of windows (can we use 'tsk tsk' a second time?), why not give the free version of AVG a try? By the way, it also works on valid systems too.
3) Search and Destroy
If your system is heavily infected, you may have to rename the installer or run the application in safe mode.
During the installation, be sure to deselect all installed components except for the “Download Updates Immediately” option, as we're not looking for active protection right now.
Again, deselect all the “Permanent Protection” options. Once installed, its usually best to simply click “next” through the wizard that pops up the first time you run the scanner. As long as you left the “Download Updates Immediately” option selected, there's no need to search for updates. After this, click on the “Check for Problems” button. This will scan your system for malware. After the scan has completed, remove any malware SpyBot finds.
4) Turn up the Heat with MalwareBytes' Anti-Malware
MalwareBytes' Anti-malware is somewhat more aggressive than SpyBot, though both are highly effective as scanners. Download it here.
Unfortunately, Malwarebytes' cannot be run without active protection, so you may have to disable your current active Anti-virus to prevent conflicts. Again, in a heavily infected system you may have to change the installer's name or run it in safe mode.
Be sure to leave both of these options checked at the end of the install process. Malwarebytes' will then proceed to update its virus database. After it has finished updating, proceed with a full scan and remove any viruses Malwarebytes' finds.
5) Keep at it with SUPERAntiSpyware
SUPERAntispyware is also another highly effective scanner, and, best of all, this scanner has a portable version with no active component and does not require installation.
Once it is downloaded, run the executable and the scanner interface will come up. It's that simple.
Now, click the “Scan your computer” button, select all drives that aren't thumb drives, select the “Complete Scan” option, and click next. Once the scan is finished, remove any malware it turns up.
6) Still no dice? Time to bring out the big guns!
If your system still isn't back to normal, its time to bring some pretty powerful utilities to bear. First we'll go with ComboFix. Download the executable from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
In addition to ComboFix, we have Trend Micro's HijackThis. Download the executable (not installer) from here: http://free.antivirus.com/hijackthis/
Run the executable and accept the agreement. Click “Do a system scan and save a logfile.” This will identify all running processes and bring up a logfile with all of them displayed. Unless you know what you are doing, do not remove any of these processes. HijackThis does not distinguish between legitimate Windows processes and malware, so care is imperative.
If you do know what you're doing, you can go through the results page and google any entries that look obviously suspicious. If they prove to be malware, remove them. Aside from that, your best option is to post this logfile on one of the many forums on the list at http://hjt-data.trendmicro.com/hjt/analyzethis/index.php?report=12849233.
While this is largely a hit-and-miss method, with luck, a member of the forums will be able to tell you what to eliminate with HijackThis. If you don't get anything from the forums, your best bet is to go to http://www.hijackthis.de/ and copy-paste your logfile into the textbox. When you press the Analyze button, it will break down your list and show you any entries you may want to remove. If you want a second opinion, try doing the same at http://hjt.networktechs.com/.
7) The Dreaded Spring Cleaning
Once you've gotten the viruses cleared out, your system may still need some cleanup to be back to full speed. Download CCleaner from here: http://www.piriform.com/ccleaner/download/standard
Install and run CCleaner, and select all of the system options and advanced options, as well as all application options. If any of the system or application options will have an adverse effect on the system, CCleaner will let you know. If you don't want to clear out said cache or temporary files because of this, you're free to deselect the field. It's not likely to make or break anything.
After you are done selecting, click the “Analyze” button. As soon as this is finished, click “Run Cleaner.” CCleaner will then proceed to delete the unnecessary files. Once this is finished, click on the “Registry” icon. Make sure all options are checked and click “Scan for Issues.” Once it is done scanning, click “Fix Selected Issues.” CCleaner will then ask you if you want to back up the registry. It would be wise to do so. In the dialog box following the backup, click “Fix all Selected Issues.”
Now its time to go a bit deeper into the registry with the COMODO system cleaner. This is a more aggressive registry cleaner that does a better job of keeping things shipshape and deleting unused keys. Download the portable version here:http://system-cleaner.comodo.com/download.html.
After this is downloaded, unzip the folder to the desktop and run the CSC.exe executable in the main folder.
All you have to do here is click “Scan.” Once the cleaner has scanned the registry, click “Clean.” Click yes on the next two dialog boxes. The cleaner will then proceed to repair or delete the entries. Once it is finished, click “Done.” You will have to restart your system to complete the cleanup process.
After this, it would also be a good idea to defragment your hard drive. With all the deleting that is going on, removing the fragmentation is likely to make a big difference in disk performance. You can use the integrated Windows utility or the free utility Defraggler, available from http://www.piriform.com/defraggler.
And that's it! Even the toughest malware on your system should have been incinerated by the combined force of these scanners.
8) Last resort reinstall
Unfortunately, none of these methods are perfect. Sometimes, an install of Windows is simply damaged beyond recovery, and no amount of virus scanners and registry cleanup is going to fix it. In a situation such as this, a clean install of Windows is most likely your only option left. Since the death of boot sector viruses, a clean install is guaranteed to give you a clean, virus-free slate.
9) Use protection!
So you're feeling frisky and on top of the world huh? Nothing can permiate you! You ARE the man! ...We are still talking about malware here right? Yes. OK, so, your PC is fast and feeling brand-new now. But what's to stop it from becoming infected again? The answer? You. Here's some things you can do to ensure that you won't have to go through this process again and again:
Lastly, if you have any questions, concerns, issues, suggestions or any other non-asshatery type thing to say about this topic, stop by our forums and drop us a line.