Malware Removal Guide & Tools for Beginners

Windows being the most popular OS in the world, malware writers want to target it. As a result, a lot of malware and malicious software are written for it. This makes people wrongly comment that Windows is not secure; when the fact is actually otherwise! Malware could be a virus, adware, spyware, ransomware, scareware, BOT, Backdoor, Exploits Trojan, Rootkit, Dialer, Trojan, Worms and even Potentially Unwanted Programs. You can read more about the differences here.

infected-computer

These malware typically spread through attachments in email messages or by instant messaging messages. You could even catch it while surfing dangerous websites or even reputed but compromised websites. You could end up downloading it to your computer unknowingly or even knowingly – or you could catch it if you were to connect your friends infected USB drive to your PC. They can be funny images, greeting cards, audio and video files or hide in pirated software, scareware or rogue software.

The typical symptoms that your computer may have been compromised are many, and there are ways to tell if your computer has a virus.

Starting with Windows Vista, Microsoft introduced many security features in the operating system which were further improved upon in Windows 7 and Windows 8. Nevertheless, should your computer get infected with malware, there are ways to remove malware infections, and they succeed in most cases! But before trying out anything, do back up all your important data to an external device, because, in the event of a system failure, you will be able to at least use that data.

Read: Windows files and folders you may exclude from Antivirus scans.

Malware Removal Guide for Windows

Make sure that your Windows OS is fully updated with the latest Windows Updates installed.

Run a Junk Cleaner to clear your PC junk and temporary files – including your Cookies, Flash Cookies, and Java Cache folder. CCleaner is a good freeware! The Temporary Internet Files folder used to be a typical place for Trojan Downloaders and other malware downloaded from the internet. However, since the Cache is now considered as a virtual folder with the low privileges – to mitigate against these threats. Removing all junk will also reduce the scan time.

Update your anti-virus and run a full in-depth system scan. A safe-mode or a boot-time scan is always the preferred way in case of a severe malware attack. So if your anti-virus has the option to run scans at boot time, best to do so. Else try to run the scans in safe mode. It’s easier for the antivirus to catch and delete the virus in Safe Mode.  To enter Safe Mode, you keep pressing the F8 Key when your computer is booting.

Some antivirus may not run in Safe Mode  In such a case you have no choice, but to run in normal mode. Remove all found infections when found. If your anti-virus is unable to delete the virus or infected file, use some freeware to delete the sticky infected file on reboot. This useful utility will delete the virus on reboot before it gets a chance to load in the memory. You may need to Show hidden files via your Folder Options.

Reboot. You need to do this so that files locked for deletion on reboot, will be deleted. Now you should again run CCleaner, to clear residual Registry keys and other junk.

This basic usually solves most cases of virus infections.

But if it doesn’t, here are a few more additional tips for special scenarios.

Online File Scanners

If your anti-virus does not detect a file to be a virus, but you suspect that it may be so, or if you want a second opinion on whether a file is a virus, then I suggest that you get that particular file scanned with Online Scanners with multiple anti-virus engines like Jotti or VirusTotal.

On-demand Scanners

Even though most of us may have an antivirus software installed on our Windows computer, there may be times of doubt, where you might want a second opinion. While one can always visit online antivirus scanners from well-known security software to scan one’s PC – or get a particular file scanned with an online malware scanner using multiple antivirus engines, some prefer to have a standalone on-demand antivirus scanner installed locally. At such times you may use these on-demand antivirus scanners.

Check identity of doubtful files

Malware can be named anything, and in fact, virus writers love naming them after some legitimate Microsoft processes or popular software. Check which folder it is located in. If the familiar sounding process is located in the System32 folder – where it should be, it could be the legit MS folder. But if it situated in some other folder, it may well be malware trying to pass itself as a Windows process. So do a search for the file, right-click on it and check its Properties and details.

Fix Internet issues

Some variants of malware will turn on an Internet proxy server and hijack Windows DNS cache, which can prevent you from accessing the Internet or downloading tools required for malware removal. So, download a tool that is capable of fixing issues related to the Internet. Try MiniTool Box.

Reset IE Proxy settings

Malicious software may change Windows Internet Explorer proxy settings, and these changes can prevent you from accessing Windows Update or any Microsoft Security sites. Reset the Internet Explorer proxy settings back to defaults using a Microsoft Fix It. You may also want to run the IE Troubleshooter to reset all security settings to its defaults.

Restore Windows features

If you find that your important Windows features like Task Manager, Registry Editor, Control Panel, Command Prompt, etc. have been disabled, you may use our freeware FixWin to enable them. Reset Windows Security settings to default. Reset Windows Firewall settings to default values.

Rootkits and removal

A Rootkit is a form of malware that prevents itself from getting detected by detection/removal software. So, install an effective Rootkit removal tool that is easy to use. Kaspersky TDSSKiller is reliable in this regard, but you can also try Malwarebytes AntiRootkit Tool. You can use Sticky Keys Backdoor Scanner to detect Sticky Key Backdoors.

Browser Hijacking & removal

Browser hijacking occurs when you find that your web browser’s settings have been changed without your permission. Read more here about Browser Hijacking and Free Browser Hijacker Removal Tool.

Ransomware removal

Ransomware virus locks access to a file or your computer and demands that a ransom be paid to the creator for regaining access, usually allowed via either an anonymous pre-paid cash voucher or Bitcoin. This post on how to prevent Ransomware will suggest steps to take to stay protected and offer links to free anti-ransomware tools. Here is a List of free Ransomware Decryptor Tools that can help you unlock files. And if you do get infected, then this post will show you what to do after a Ransomware attack.

Macro Virus removal

If the file icon for Word or Excel has changed, or you are unable to save a document, or new macros appear in your list of macros, then you may presume that your documents have been infected with a macro virus. In such a case you need to take urgent steps to remove the macro virus.

Vulnerability & Exploit protection

A computer Vulnerability is a ‘hole’ in any software, operating system or service that can be exploited by web criminals for their own benefits. Exploits follow “vulnerabilities”. If a web criminal detects a vulnerability in any of the products on the Internet or elsewhere, she or he may attack the system containing the vulnerability to gain something or to deprive authorized users from using the product properly. Enhanced Mitigation Experience Toolkit, Secunia Personal Software InspectorSecPod Saner FreeMicrosoft Baseline Security Analyzer, Protector Plus Windows Vulnerability Scanner, Malwarebytes Anti-Exploit Tool and ExploitShield are some of the better known free tools available for Windows., that can offer you protection against such threats. If you are looking for a free anti-executable security software to protect your Windows PC from malware, have a look at VoodooShield.

Rogue Software and removal

These days computer users are being subjected to a lot of Rogue Software and Ransomware,  which may have been downloaded by the users themselves, without realizing it. So remember, don’t be tricked into downloading just any software – and always download software and freeware from websites you know and trust. Moreover while installing, never blindly click on Next-Next. Remember to uncheck foistware and toolbars you do not want to install.

Rogue Software, also known as Rogues, Scareware, pretend to be security software and give out fake warnings to make you purchase the security software, which the pirates profit from. The downloaded software may include even a worse form of malware. Ransomware will encrypt personal user data or block your entire PC. Once you have paid the “ransom” through an anonymous service, your PC will be unblocked.

If infected, you may get to see such warnings in your system tray:

Warning! Your computer is infected! This computer is infected by spyware and adware

Also while browsing on the Internet, if you receive a message in a pop-up dialog box that resembles some warning, do not click anything inside the dialog box.

Are you sure you want to navigate from this page? Your computer is infected! They can cause data lost and file corruption and need to be treated as soon as possible. Press CANCEL to prevent it. Return to System Security and download it to secure your PC. Press OK to Continue or Cancel to stay on the current page

Instead, press ALT + F4 on your keyboard to close the dialog box.  If warnings, such as these keep appearing when you try to close the dialog box, it’s a good indication that the message is malicious.

While most antivirus software will also remove Rogues, you can if you wish also do the following: Boot into Safe Mode with Networking and try to uninstall the Rogue Software and Ransomware from Control Panel\All Control Panel Items\Programs and Features. Then navigate to the System Program Folder and delete all concerned folders. Run a registry cleaner after that. The Rogue may be easier to uninstall, but the Ransomware may not be!

Use Eset Rogue Applications Remover. This free tool will help you remove rogue software or scareware. HitmanPro.Alert is a free Ransomware Protection & Browser Intrusion Detection Tool. CryptoPrevent is another handy tool which provides your computer a shield against Cryptolocker or any other kind of ransomware. Anvi Rescue Disk for Windows will assist in ransomware removal. HitmanPro.Kickstart will help remove Ransomware.

Botnet Removal Tools

We have already seen what are Botnets.  These Botnets are controlled by remote attackers in order to perform such illicit tasks as sending spam or attacking other computers. The methods for detecting bots include Static Analysis and Behavioral Analysis. Botnet Removal Tools will help you remove Bot infestations from your Windows computer. You might to read this post on How do I know if my Computer has been Hacked.

Use specialized Malware Removal Tools

Malicious Code has become increasingly complex, and infections involve more system elements than ever before. Sometimes, when your antivirus software is not able to remove the virus from your computer, you may need to download and use these specialized standalone free tools which are released by well-known security companies like Symantec, Eset, Kaspersky, etc.

Remove persistent malware

If you need to remove persistent or stubborn malware infections and crimeware, try freeware Norton Power Eraser or Emsisoft BlitzBlank. If your malware is blocking your antivirus software from being installed or if installed, from being run, use Malwarebytes Chameleon.

Once your computer is clean, you may do the following:

Certain types of malware are designed with a wicked purpose – Stealing personal data such as passwords, emails, and banking information. So, it is recommended you change all your passwords, once you have cleaned up your computer.

Create new  System Restore point. Run Windows Disk Cleanup Tool to remove past Restore Points.

Microsoft has released two tools that may interest you. The Windows Malware Prevention Tool will help you harden your Windows security, whereas the Windows Security Troubleshooter will fix Windows security problems.

Remember, prevention is better than cure! Removing a malware can be difficult as some of its variants are resistant to some anti-malware removal tools. So do make sure that you are taking all the precautions required to protect your Windows computer.

Useful links to Microsoft resources:

Microsoft Safety & Security Center FAQ | Microsoft KB129972   | Microsoft KB2671662.

Useful links to security software:

  1. Free Antivirus software | Firewall software Internet Security Suites for Windows.
  2. Microsoft Safety Scanner
  3. Windows Defender Offline
  4. Windows Malicious Software Removal Tool
  5. Kaspersky Internet Security
  6. BitDefender Internet Security Suite.

If all fails, the only way to remove malware is to reformat and reinstall Windows. However, you should choose this as the last resort when all other options fail.

If you need help, you can always visit our Windows Security Forum.

Posted by on , in Category Security with Tags
Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP Awardee in Windows & a Windows Insider MVP. Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.