This guide will help you remove malicious software from your computer. If you think your computer might be infected with a virus or trojan, you may want to use this guide. It provides step-by-step instructions on how to remove malware from Windows operating system. It highlights free malware removal tools and resources that are necessary to clean your computer. You will quickly learn how to remove a virus, a rootkit, spyware, and other malware. Signs of malicious software
Disclaimer: This malware removal guide is intended to be used as a self-help guide. It is not a substitute for professional malware removal.
I recommend that you back up all your important data before attempting to perform the malware removal process. In the event of a system failure, you will be able to restore your data. Do not back up any system files, programs (.exe), or screensavers (.scr) because they may be infected with malware. How do I back up my data? (Windows 7, 8, XP)
Note: If you are having problems downloading files, download the files in this guide on another computer, and then transfer them to the infected computer with a CD or USB flash drive.
1. Can't Open Programs / Can't Connect to the Internet
If you have malware that is blocking Internet access or preventing programs from opening, follow the steps on this page:
If you can't open programs after removing the malware, follow the steps in this guide: Programs Won't Open in Windows
2. Fix Internet Connection Problems
Certain types of malware will turn on an Internet proxy server and hijack Windows DNS cache, which can prevent you from accessing the Internet or downloading tools required for malware removal. Follow these instructions to fix this problem:
Select the following boxes: Flush DNS, Reset IE Proxy Settings, Reset FF Proxy Settings If you have Firefox open, close it before you click Go. It will open a log with the results. You can close the log.
Note: If you experience any problems after removing the malware, skip down to Fix Post-Disinfection Problems.
A rootkit is malware that hides itself from detection of antivirus software. Most rootkits will install other malware, redirect Google search results, or prevent files from opening.
Kaspersky TDSSKiller is an effective rootkit removal tool that is easy to use. The scan takes less than a minute to complete.
Follow these instructions to use TDSSKiller:
When TDSSKiller opens, click Start scan. If the scan finds nothing, click Close to exit. If malware or suspicious objects are found, just click Continue. Don't change any settings. It may ask you to reboot the computer to complete the rootkit removal process (save or bookmark this page).
Note: If TDSSKiller won't open, download and run FixTDSS from Symantec. If FixTDSS won't open, follow the instructions on this page. After you complete the steps, try opening TDSSKiller again.
Many malware removal tools will scan for and remove different types of malware, but unfortunately none of them are capable of detecting 100% of malware. Therefore, it's important to use more than one tool to find and remove all the malware.
The free tools listed below are highly recommended for removing all types of malicious software. They do an excellent job at detecting threats and completely removing them. The scans for each tool should take only 5 to 10 minutes, but it may be longer or shorter. The scan time depends on your computer and the number of files you have on it.
Unselect the box that says, "Enable free trial," and then click Finish. Perform a quick scan. Once the scan is complete, click Remove Selected to remove the malware from your computer (see image below). Make sure that everything is selected.
Note: If Malwarebytes won't update, download and run the offline database installer.
When HitmanPro opens, click the Next button. Select the second option that says "No, I want to perform...," and then click Next. Once the scan is complete, click Next. Click Activate free license, and then click Next to remove the malware.
Note: HitmanPro requires Internet access to detect malware. If you can't connect to the Internet, scan with Dr.Web CureIt.
Adware is software designed to show you advertisements. Although most adware is harmless, it can also be used for malicious purposes. Adware can hijack your web browser and redirect you to websites. It will typically change your Internet homepage and install a web browser toolbar.
AdwCleaner is an effective adware removal tool that is easy to use.
When AdwCleaner opens, click the delete button. Restart your computer.
Common adware threats: searchnu, babylon toolbar, claro search, mywebsearch, conduit search, incredibar, bProtector
Note: If you are in Windows safe mode, you can start the computer back to normal mode.
1. Remove Temporary Files
By removing your temporary files, you will delete any remaining malicious files from Windows temp folders. It will also free up hard disk space, which will help to speed up your computer.
Note: If your desktop icons are missing, skip this step and go on to Fix Post-Disinfection Problems.
Download and install CCleaner - Download here
Once installed, simply click the Run Cleaner button at the bottom right. You are warned that CCleaner is about to permanently remove files from the system. Click OK to proceed.
2. Change All Passwords
Certain types of malware will steal your personal data such as passwords, emails, and banking information. Change all your passwords immediately, especially if you do any banking or other financial transactions on the computer. Password Strength Checker
3. Clean up System Restore
Your system "restore points" may contain malware. The only way to remove the malware is to delete the restore points. To delete the restore points, follow the instructions here: Windows XP - Windows 7.
Note: If you're not experiencing any problems that are listed below, skip down to the Conclusion.
After the malware is removed, you may experience problems with your computer, such as problems with Windows Firewall, system performance, and Internet connectivity. Fortunately, there are simple ways to fix these problems.
1. Can't Connect to the Internet
If you are having problems connecting to the Internet, follow the instructions in this guide: Fix Internet Connection
2. Fix Windows Update and Firewall
If you are having problems updating Windows or turning on Windows Firewall, follow these instructions:
Download and install Windows Repair (All In One) - Download here
When Windows Repair opens, click the Start Repairs tab. Click Start. Unselect all the boxes except for the following five:
Then click Start. Once it's finished, restart your computer.
3. Programs and Files Won't Open
If you can't open any programs on your computer, follow the steps in this guide: Programs Won't Open in Windows
4. Bing/Google Search Redirects (Random Websites/Ads)
First, clear your Java cache. Malware remnants will frequently hide in the Java cache. How do I clear the Java cache?
If clearing the Java cache doesn't work, uninstall and reinstall your web browser. If that doesn't fix the problem, your computer is likely still infected with malware. Follow the instructions below in the Get Expert Analysis section.
5. Desktop Icons are Missing
Certain types of malware will hide all the icons on your computer. To unhide your icons, download Unhide.
Once downloaded, double-click on Unhide and allow it to run. It will remove the hidden attribute on all icons and attempt to restore the Start menu items to their correct location.
6. Slow Computer
If your computer is running slow, follow the steps in this guide: How to Speed Up a Slow Computer
7. Other Problems
Visit the following websites for more information:
If you want to be certain that your computer is completely cleaned or just want a second opinion, you can create a topic at one of the forums listed below and ask for help. These forums have people who are well trained and experienced in removing malware. Be sure to mention in your topic that you followed this guide. Please note that it may take a couple of days to receive a reply, so be patient. Note: You will need to register for a forum account to create a topic.
Free support forums: Bleeping Computer, Geeks to Go, What the Tech, Tech Support, MalWare Removal, TnT
If Windows won't start or if the computer won't start in safe mode, I recommend using an antivirus rescue CD. An antivirus rescue CD allows you to scan an infected computer without having to start Windows. Many antivirus companies provide free rescue CDs. They are extremely effective at removing malware from a computer.
Below are three highly recommended antivirus rescue CDs. I recommend using Kaspersky Rescue Disk.
Kaspersky Rescue Disk (270 MB) - How to create and use Kaspersky Rescue Disk
Avira Rescue CD (250 MB) - How to create and use Avira Rescue CD
Dr.Web LiveCD (230 MB) - How to create and use Dr.Web Live CD
If the rescue CD doesn't work, follow the instructions mentioned above in the Expert Analysis section.
Your computer should be completely cleaned of all malware after following this guide. If you believe your computer is still infected, seek professional help to remove the malware.
Once your computer is free from malicious software, keep it that way! Follow this security checklist step by step.
Common Malware Threats
Many computer users encounter the following malware threats:
- Fake antivirus: Win 7 Defender, Win 7 Antivirus Pro, File Restore, System Progressive Protection
- ZeroAccess rootkit (Google redirect virus) Removal tools: Yorkyt by Panda or FixZeroAccess by Symantec
- TDSS rootkit (aka Tidserv, Alureon)
- FBI MoneyPak ransomware (Citadel reveton)