Malware Removal Guide for Windows

Last Updated: January 2, 2013



This guide will help you remove malicious software from your computer. If you think your computer might be infected with a virus or trojan, you may want to use this guide. It provides step-by-step instructions on how to remove malware from Windows operating system. It highlights free malware removal tools and resources that are necessary to clean your computer. You will quickly learn how to remove a virus, a rootkit, spyware, and other malware. Signs of malicious software
 
Disclaimer: This malware removal guide is intended to be used as a self-help guide. It is not a substitute for professional malware removal. 

I recommend that you back up all your important data before attempting to perform the malware removal process. In the event of a system failure, you will be able to restore your data. Do not back up any system files, programs (.exe), or screensavers (.scr) because they may be infected with malware. How do I back up my data? (Windows 7, 8, XP)

Notes:
  1. In some cases, the only way to remove malware is to reformat and reinstall Windows. 
  2. Save or bookmark this page so you can easily refer to it if needed. Add bookmark = Ctlr + D
  3. This guide will continue to be updated, so please check back often. Latest updates
  4. If you have any questions or comments about this guide, please contact us leave a comment. 


Preparation for Removal

Note: If you are having problems downloading files, download the files in this guide on another computer, and then transfer them to the infected computer with a CD or USB flash drive.


1. Can't Open Programs / Can't Connect to the Internet

If you have malware that is blocking Internet access or preventing programs from opening, follow the steps on this page:

If you can't open programs after removing the malware, follow the steps in this guide: Programs Won't Open in Windows


2. Fix Internet Connection Problems

Certain types of malware will turn on an Internet proxy server and hijack Windows DNS cache, which can prevent you from accessing the Internet or downloading tools required for malware removal. Follow these instructions to fix this problem:

 
Download and open MiniToolBox - Download here - Homepage

Select the following boxes: Flush DNS, Reset IE Proxy Settings, Reset FF Proxy Settings If you have Firefox open, close it before you click Go. It will open a log with the results. You can close the log.



Removal Process

Note: If you experience any problems after removing the malware, skip down to Fix Post-Disinfection Problems.

Step 1 - Scan for and Remove Rootkits

A rootkit is malware that hides itself from detection of antivirus software. Most rootkits will install other malware, redirect Google search results, or prevent files from opening. 

Kaspersky TDSSKiller is an effective rootkit removal tool that is easy to use. The scan takes less than a minute to complete.


Download and open TDSSKiller - Download here or here - Homepage  It requires no installation.

Follow these instructions to use TDSSKiller:

When TDSSKiller opens, click Start scan. If the scan finds nothing, click Close to exit. If malware or suspicious objects are found, just click Continue. Don't change any settings. It may ask you to reboot the computer to complete the rootkit removal process (save or bookmark this page).


Note: If TDSSKiller won't open, download and run FixTDSS from Symantec. If FixTDSS won't open, follow the instructions on this page. After you complete the steps, try opening TDSSKiller again.

Step 2 - Scan for and Remove Malware

Many malware removal tools will scan for and remove different types of malware, but unfortunately none of them are capable of detecting 100% of malware. Therefore, it's important to use more than one tool to find and remove all the malware.

The free tools listed below are highly recommended for removing all types of malicious software. They do an excellent job at detecting threats and completely removing them. The scans for each tool should take only 5 to 10 minutes, but it may be longer or shorter. The scan time depends on your computer and the number of files you have on it.

Important notes:
  • Make sure the malware scanners are up to date before you scan with them. 
  • Do not use your computer for anything else during the scan.
  • Do not run more than one scan at a time.
  • You may need to restart your computer to complete the malware removal process (save or bookmark this page).
  • If the tools won't open, follow the instructions on this page.


Download and install Malwarebytes Anti-Malware - Download here or here - Homepage

Unselect the box that says, "Enable free trial," and then click Finish. Perform a quick scan. Once the scan is complete, click Remove Selected to remove the malware from your computer (see image below). Make sure that everything is selected. 
Note: If Malwarebytes won't update, download and run the offline database installer.


 Download and open HitmanPro - Download here (32-bit), (64-bit) - Homepage  It requires no installation. 

When HitmanPro opens, click the Next button. Select the second option that says "No, I want to perform...," and then click Next. Once the scan is complete, click Next. Click Activate free license, and then click Next to remove the malware. 
Note: HitmanPro requires Internet access to detect malware. If you can't connect to the Internet, scan with Dr.Web CureIt.

Step 3 - Scan for and Remove Adware

Adware is software designed to show you advertisements. Although most adware is harmless, it can also be used for malicious purposes. Adware can hijack your web browser and redirect you to websites. It will typically change your Internet homepage and install a web browser toolbar.

AdwCleaner is an effective adware removal tool that is easy to use. 


Download and open AdwCleaner Download here - Homepage

When AdwCleaner opens, click the delete button. Restart your computer.


Common adware threats:  searchnu, babylon toolbar, claro search, mywebsearch, conduit search, incredibar, bProtector


After the Removal Process

Note: If you are in Windows safe mode, you can start the computer back to normal mode.


1. Remove Temporary Files

By removing your temporary files, you will delete any remaining malicious files from Windows temp folders. It will also free up hard disk space, which will help to speed up your computer.

Note: If your desktop icons are missing, skip this step and go on to Fix Post-Disinfection Problems.


Download and install CCleaner - Download here 

Once installed, simply click the Run Cleaner button at the bottom right. You are warned that CCleaner is about to permanently remove files from the system. Click OK to proceed.


2. Change All Passwords

Certain types of malware will steal your personal data such as passwords, emails, and banking information. Change all your passwords immediately, especially if you do any banking or other financial transactions on the computer. Password Strength Checker


3. Clean up System Restore

Your system "restore points" may contain malware. The only way to remove the malware is to delete the restore points. To delete the restore points, follow the instructions here: Windows XP - Windows 7

Note: If you're not experiencing any problems that are listed below, skip down to the Conclusion.


Fix Post-Disinfection Problems

After the malware is removed, you may experience problems with your computer, such as problems with Windows Firewall, system performance, and Internet connectivity. Fortunately, there are simple ways to fix these problems.


1. Can't Connect to the Internet

If you are having problems connecting to the Internet, follow the instructions in this guide: Fix Internet Connection


2. Fix Windows Update and Firewall

If you are having problems updating Windows or turning on Windows Firewall, follow these instructions:


Download and install Windows Repair (All In One) - Download here 

When Windows Repair opens, click the Start Repairs tab. Click Start. Unselect all the boxes except for the following five:
  • Reset Registry Permissions
  • Reset File Permissions
  • Repair WMI
  • Repair Windows Firewall 
  • Repair Windows Updates
Then click Start. Once it's finished, restart your computer.


3. Programs and Files Won't Open

If you can't open any programs on your computer, follow the steps in this guide: Programs Won't Open in Windows


4. Bing/Google Search Redirects (Random Websites/Ads)

First, clear your Java cache. Malware remnants will frequently hide in the Java cache. How do I clear the Java cache? 
If clearing the Java cache doesn't work, uninstall and reinstall your web browser. If that doesn't fix the problem, your computer is likely still infected with malware. Follow the instructions below in the Get Expert Analysis section.


5. Desktop Icons are Missing

Certain types of malware will hide all the icons on your computer. To unhide your icons, download Unhide

Once downloaded, double-click on Unhide and allow it to run. It will remove the hidden attribute on all icons and attempt to restore the Start menu items to their correct location.


6. Slow Computer

If your computer is running slow, follow the steps in this guide: How to Speed Up a Slow Computer


7. Other Problems

Visit the following websites for more information:

Get Expert Analysis

If you want to be certain that your computer is completely cleaned or just want a second opinion, you can create a topic at one of the forums listed below and ask for help. These forums have people who are well trained and experienced in removing malware. Be sure to mention in your topic that you followed this guide. Please note that it may take a couple of days to receive a reply, so be patient. Note: You will need to register for a forum account to create a topic.

Free support forums: Bleeping Computer, Geeks to Go, What the Tech, Tech Support, MalWare Removal, TnT


Windows Won't Start

If Windows won't start or if the computer won't start in safe mode, I recommend using an antivirus rescue CDAn antivirus rescue CD allows you to scan an infected computer without having to start Windows. Many antivirus companies provide free rescue CDs. They are extremely effective at removing malware from a computer.

Below are three highly recommended antivirus rescue CDs. I recommend using Kaspersky Rescue Disk.

 Kaspersky Rescue Disk (270 MB) - How to create and use Kaspersky Rescue Disk
 Avira Rescue CD (250 MB) - How to create and use Avira Rescue CD 
 Dr.Web LiveCD (230 MB) - How to create and use Dr.Web Live CD
  1. Burn the antivirus ISO file onto a CD using CD burning software.
  2. Insert the CD into the infected computer's CD-ROM drive.
  3. Go to the computer's BIOS, set it to boot from the CD, and restart the computer. How to Boot from a CD
  4. Scan for and remove malware using the rescue CD.
If the rescue CD doesn't work, follow the instructions mentioned above in the Expert Analysis section.


Conclusion

Your computer should be completely cleaned of all malware after following this guide. If you believe your computer is still infected, seek professional help to remove the malware. If you like this guide, please share it or leave a commentIf you wish to make a donation, please visit this page.

Once your computer is free from malicious software, keep it that way! Follow this security checklist step by step.


Common Malware Threats

Many computer users encounter the following malware threats:

- Fake antivirus: Win 7 Defender, Win 7 Antivirus Pro, File Restore, System Progressive Protection
- ZeroAccess rootkit (Google redirect virus) Removal tools: Yorkyt by Panda or FixZeroAccess by Symantec
- TDSS rootkit (aka Tidserv, Alureon)
- FBI MoneyPak ransomware (Citadel reveton) 


Notable Links