9 Steps to Purge Your PC of Malware

Submitted by Franco Santa-Maria on Tue, 07/13/2010 - 09:08


MalwareSo your Windows PC is running slow, crashing, or acting funny. You're sure there's no hardware issues. This leaves one big suspect: malware. When XP was ruling the roost, reinstalling operating systems once or twice a year was the norm for a lot of users. However, installing a fresh version of Windows is not always practical or possible. So what do you do? Put on your geek cap, be ready to bring a bevy of anti-virus hammers on the malware infecting your system, and read on!


 


9 Steps to Purge Your PC of Malware


 


1) Back up your data, or get a smack down


face-slap


There's a reason we list this first. Don't be a blockhead. You should be doing this all the time. You can be stubborn when it comes to not wearing your seatbelt or letting your dog poop in the neighbors' yard, but don't be stubborn about this. BACK IT UP! Don't make us slap you, because we will. We tell you this because even these scanners and popular anti-virus programs can sometimes delete and modify files that they shouldn't be messing with. And, unfortunately, if this does happen and you lose your data, well, don't say we didn't warn you.


 


2) SCAN and GO DEEP!


 


Ok, so you were never an all-star quarterback. Fortunately when we say "Go deep" we are referring to running a virus scan. Run a deep (or full system) scan with your current active Anti-virus scanner, be it McAfee, Norton, or another suite. While quick scans are usually sufficient for routine or scheduled maintenance, there's always the chance that a deep scan will turn up some malware that is more deeply entrenched than your average virus.


 


microsoft security essentials


 


If you don't already have an active Anti-virus suite (shame on you, tsk tsk), then it's not too surprising you're reading this, and you likely have some cleaning up to do. Fortunately, you don't have to pay for a solid active Anti-virus program. There are quite a few free anti-virus programs out there, including Microsoft Security Essentials. It is an excellent free Anti-virus that anyone with a valid copy of Windows is free to install on their system. If you're not running a valid copy of windows (can we use 'tsk tsk' a second time?), why not give the free version of AVG a try? By the way, it also works on valid systems too.


 


3) Search and Destroy


mushroom-cloud


 


SpyBot Search and Destroy is a fairly powerful free anti-malware tool that does a good job of rooting out  viruses and spyware on your system. Download the installer.


 


If your system is heavily infected, you may have to rename the installer or run the application in safe mode.


 


 


spybot


 


During the installation, be sure to deselect all installed components except for the “Download Updates Immediately” option, as we're not looking for active protection right now.


 


spybot


 


Again, deselect all the “Permanent Protection” options. Once installed, its usually best to simply click “next” through the wizard that pops up the first time you run the scanner. As long as you left the “Download Updates Immediately” option selected, there's no need to search for updates. After this, click on the “Check for Problems” button. This will scan your system for malware. After the scan has completed, remove any malware SpyBot finds.


 


4) Turn up the Heat with MalwareBytes' Anti-Malware


 


MalwareBytes' Anti-malware is somewhat more aggressive than SpyBot, though both are highly effective as scanners. Download it here.


 


Unfortunately, Malwarebytes' cannot be run without active protection, so you may have to disable your current active Anti-virus to prevent conflicts. Again, in a heavily infected system you may have to change the installer's name or run it in safe mode.


 


 


malwarebytes



Be sure to leave both of these options checked at the end of the install process. Malwarebytes' will then proceed to update its virus database. After it has finished updating, proceed with a full scan and remove any viruses Malwarebytes' finds.




5) Keep at it with SUPERAntiSpyware


Superman


SUPERAntispyware is also another highly effective scanner, and, best of all, this scanner has a portable version with no active component and does not require installation.


 


Once it is downloaded, run the executable and the scanner interface will come up. It's that simple.


 


 


superantispyware


 


Now, click the “Scan your computer” button, select all drives that aren't thumb drives, select the “Complete Scan” option, and click next. Once the scan is finished, remove any malware it turns up.


 


 


6) Still no dice? Time to bring out the big guns!


big-guns


 


If your system still isn't back to normal, its time to bring some pretty powerful utilities to bear. First we'll go with ComboFix. Download the executable from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe


 


Again, disable any Anti-virus you have running before you run ComboFix, as this can interfere with the execution of ComboFix. Once you run the file, agree to the various disclaimers and terms of use. If ComboFix asks you to install the Microsoft Recovery Console, be sure to click yes to allow it to scan and repair to its full potential. Once ComboFix begins scanning, it is best to leave the computer alone while it scans. Do not move or close any windows at this time. The infected machine's screen may flash, and the computer may have to restart. Once this is finished, ComboFix will bring up a logfile. Close this file without making any modifications.


 


In addition to ComboFix, we have Trend Micro's HijackThis. Download the executable (not installer) from here: http://free.antivirus.com/hijackthis/


 


 


hijackthis


 


Run the executable and accept the agreement. Click “Do a system scan and save a logfile.” This will identify all running processes and bring up a logfile with all of them displayed. Unless you know what you are doing, do not remove any of these processes. HijackThis does not distinguish between legitimate Windows processes and malware, so care is imperative.


 


 


hijackthis


 


If you do know what you're doing, you can go through the results page and google any entries that look obviously suspicious. If they prove to be malware, remove them. Aside from that, your best option is to post this logfile on one of the many forums on the list at http://hjt-data.trendmicro.com/hjt/analyzethis/index.php?report=12849233.


 


While this is largely a hit-and-miss method, with luck, a member of the forums will be able to tell you what to eliminate with HijackThis. If you don't get anything from the forums, your best bet is to go to http://www.hijackthis.de/ and copy-paste your logfile into the textbox. When you press the Analyze button, it will break down your list and show you any entries you may want to remove. If you want a second opinion, try doing the same at http://hjt.networktechs.com/.


 


7) The Dreaded Spring Cleaning


 


 


k9-poop-cleaning


 


Once you've gotten the viruses cleared out, your system may still need some cleanup to be back to full speed. Download CCleaner from here: http://www.piriform.com/ccleaner/download/standard


 


Install and run CCleaner, and select all of the system options and advanced options, as well as all application options. If any of the system or application options will have an adverse effect on the system, CCleaner will let you know. If you don't want to clear out said cache or temporary files because of this, you're free to deselect the field. It's not likely to make or break anything.


 


 


ccleaner



After you are done selecting, click the “Analyze” button. As soon as this is finished, click “Run Cleaner.” CCleaner will then proceed to delete the unnecessary files. Once this is finished, click on the “Registry” icon. Make sure all options are checked and click “Scan for Issues.” Once it is done scanning, click “Fix Selected Issues.” CCleaner will then ask you if you want to back up the registry. It would be wise to do so. In the dialog box following the backup, click “Fix all Selected Issues.”


 


Now its time to go a bit deeper into the registry with the COMODO system cleaner. This is a more aggressive registry cleaner that does a better job of keeping things shipshape and deleting unused keys. Download the portable version here:http://system-cleaner.comodo.com/download.html.


 


After this is downloaded, unzip the folder to the desktop and run the CSC.exe executable in the main folder.


 


 


comodo


 


All you have to do here is click “Scan.” Once the cleaner has scanned the registry, click “Clean.” Click yes on the next two dialog boxes. The cleaner will then proceed to repair or delete the entries. Once it is finished, click “Done.” You will have to restart your system to complete the cleanup process.


 


After this, it would also be a good idea to defragment your hard drive. With all the deleting that is going on, removing the fragmentation is likely to make a big difference in disk performance. You can use the integrated Windows utility or the free utility Defraggler, available from http://www.piriform.com/defraggler.


 


And that's it! Even the toughest malware on your system should have been incinerated by the combined force of these scanners.


 


8) Last resort reinstall




broken windows




 


Unfortunately, none of these methods are perfect. Sometimes, an install of Windows is simply damaged beyond recovery, and no amount of virus scanners and registry cleanup is going to fix it. In a situation such as this, a clean install of Windows is most likely your only option left. Since the death of boot sector viruses, a clean install is guaranteed to give you a clean, virus-free slate.


 


 


 


9) Use protection!


 


 


cat5condom




So you're feeling frisky and on top of the world huh? Nothing can permiate you! You ARE the man! ...We are still talking about malware here right? Yes. OK, so, your PC is fast and feeling brand-new now. But what's to stop it from becoming infected again? The answer? You. Here's some things you can do to ensure that you won't have to go through this process again and again:



  • Run an active Anti-virus. These programs go a long way towards blocking viruses from entering in the first place, and often have scheduled scans to immediately remove any malware that does get in.

  • Keep all your apps patched. Oftentimes, patches plug security holes that are discovered after release.

  • Keep Windows up-to-date. The vast majority of Windows updates plug security vulnerabilities.

  • Use a more secure browser. If you are still on Internet Explorer 6 or 7, now is the time to upgrade to a more secure browser, and you have plenty of options. Internet Explorer 8, Mozilla FireFox, and Google Chrome are a few of these options.

  • Lay off the torrenting. Illegal downloads/torrents are very often bundled with malware. Not only are illegal torrents, well, illegal, they often cause your system to become infected.

  • Browse responsibly. Avoid suspicious sites. If you are not sure about a particular site, you can look it up on the McAfee Site Advisor: http://www.siteadvisor.com/

  • AND FINALLY, go back to Tip #1 and back that data up! Hopefully it ends there without a repeat process.

 


Lastly, if you have any questions, concerns, issues, suggestions or any other non-asshatery type thing to say about this topic, stop by our forums and drop us a line.

Tags:

© All Rights Reserved. Copyright 2009-2010. Owned & Operated by Real Xtreme LLC