How to Remove Malware

Introduction

Whether you are vigilant in your efforts to protect your computer from malware or you bought a computer with an antivirus program on it and thought you were all set, anyone can become a victim of malware.  Malware is experiencing explosive growth and it is becoming increasingly sophisticated.  What this means for you sadly is that it is becoming increasingly difficult to stay safe online, and the threats posed by malware are much more impactful than they have ever been before.  Particularly alarming are the latest forms of ransomware that will, once they have infected your machine, encrypt all of its contents and lock you out of the system!  You are then forced to pay several hundred dollars to unlock your computer and get your data back.  For those people that pay however, there is not guarantee that the attackers won’t simply repeat the attack.

There are many different forms of malware, most of which I am sure you are familiar with: viruses, trojans, keyloggers, spyware, etc.  Each of these forms of malware can pose a different threat to you, your computer, and your data.  They can infect your computer through many different avenues, such as email attachments, infected download files, even simply visiting a webpage with an infected ad!  Oftentimes, different forms of malware will work in conjunction with one another to provide the attacker with more control over your computer.  For example, an attacker might use a virus to infect your computer so that they can install spyware on it which will allow them to show you their ads on the sites that you visit.  Many forms of malware serve to deliver a payload of other malware.  For more in-depth information about malware, its different forms, and how it works, please read my article.

How to Tell if You Have Malware

The sophistication of the malware that is currently out there makes if very difficult sometimes to determine whether or not your computer has been compromised.  Malware has evolved to use encryption and obfuscation techniques to avoid detection.  These are some of the things to look for if you think that you might be infected with some form of malware:

  • Freezing or crashing computer
  • Appearance of strange programs, desktop shortcuts, or files
  • Your homepage has changed or you get redirected to pages you didn’t intend to visit
  • You receive a lot of popup messages
  • You see a lot of unusual error messages (such as messages saying there are missing or corrupt files)
  • Slower computer
  • Slower web browsing or the web browser hangs
  • Increased CPU usage (listen for a louder than normal fan)
  • Emails sent without your knowledge
  • Problems connecting or maintaining a connection to your network
  • Other weird computer behavior such as random restarts

This article will provide you with a thorough guide on how to remove malware from your computer.  It is dangerous stuff that can expose you to having your financial account stolen, your social media accounts hacked into, or worse.  If you have malware, you want to remove it as soon as possible and with this guide, you won’t have to pay someone for something that you can easily do for free.

How to Remove Malware

Your computer is infected – now what do you do?  Don’t panic.  This happens to millions of people every day and is something that you can fix on your own without bringing your computer somewhere where they will charge you $79.95 to run a virus scan.  We are going to operate under the assumption that your current antivirus program is either compromised, expired, out of date, or hasn’t ran in awhile.  Most modern antivirus programs will actively protect your computer from malicious programs, but given that there are almost 400,000 new pieces of malware created every day, it is possible for one to find its way onto your system.  You can find a list of the available antivirus programs for your platform here:

Antivirus Programs

For a listing of all of the available antivirus programs for Windows:

More info

Antivirus Programs

For a listing of all of the available antivirus programs for Mac OS X:

More info

Antivirus Programs

For a listing of all of the available antivirus programs for Linux:

More info

This might seem a little scary to some of you, but I promise you that you can do this!

Step 1: Entering Safe Mode

Microsoft Windows includes an option to boot into something that it calls “Safe Mode.”  Safe Mode loads a minimal version of the operating system and the most basic drivers needed to operate your computer and nothing more – this is why your screen will look weird in Safe Mode (your video driver is not loaded – only a basic one).  While not guaranteed, it is likely that your malware will not be loaded into Safe Mode either.  This is why we will perform our fix from this environment.

Please remove any CD/DVD, SD/Compact Flash card, or USB thumb drive from your computer.

To enter into Safe Mode, restart your computer and keep pressing the F8 button (above the number keys) before Windows boots (before you see the Windows logo).  Please don’t hold down the key, just tap it continuously.  The following screen will appear:

Microsoft Windows Advanced Boot Options Screen

Select Safe Mode with Networking

It is important that you select Safe Mode with Networking – you will need to be able to connect to the internet to fix your malware problem.

Running Windows 8?

To enter Safe Mode in Windows 8:

1. Press the Windows key + C

2. Click Settings

3. Click Power

4. Hold down the shift key and click Restart

5. Then click on Troubleshoot – Advanced Options

Step 2: Removing Rootkits and Trojans

There are a couple of different programs that you could use at this point, but this guide is going to use Kaspersky’s TDSSKiller (a great alternative is Microsoft’s Malicious Software Removal Tool) to remove any malicious software that you might have on your computer.

Download the latest version of Kaspersky’s TDSSKiller

Double-click the downloaded file to open the program.  You will need to agree to two pages of terms and conditions:

Kaspersky TDSSKiller Antirootkit Utility End User License Agreement

Kaspersky TDSSKiller EULA

The program will then launch the main page – please click on the Change parameters link:

Kaspersky TDSSKiller Antirootkit Utility Program Screen

Click on the Change parameters link

In the Change parameters window, please check the option to Detect TDLFS file system and click OK:

Kaspersky TDSSKiller Antirootkit Utility Settings Page

Check the Detect TDLFS file system option

We are now ready to scan your computer.  Go ahead and click the Start Scan button:

Kaspersky TDSSKiller Antirootkit Utility Start Scan Page

Click Start Scan

The scan will scan your computer looking for rootkits and similar malware:

Kaspersky TDSSKiller Antirootkit Utility scan screen

TDSSKiller will now scan your computer

If Kaspersky’s TDSSKiller finds malware on your computer, it will display a results screen similar to the one below:

Kaspersky TDSSKiller Antirootkit Utility threats detected screen

Malware found!

To remove the malware from your computer, simply click the Continue button.  TDSSKiller will then attempt to remove the infection from your computer.  Please be aware that you might need to reboot your computer in order to completely remove the malware from your computer.

Step 3: Running RKill

RKill is a program that will scan all of the running processes on your computer and attempt to terminate all of the malicious ones.  This will allow you to run a full antivirus scan without worrying that the malware will interfere with the results.

Please be aware that RKill only stops running processes.  It does not delete any files.  You should not reboot your computer yet since any malware on your system that has been configured to start up automatically will just do so again.

Please download the latest version of RKill.  Since some malware is programmed to look for the programs designed to remove it, I have linked to the renamed version to help avoid detection by the malware.  Once you have downloaded the program (called iExplore.exe), right-click on it and choose Run as Administrator.

RKill will now scan your running processes looking for anything malicious:

DOS screen when RKill is scanning for malicious processes

RKill Scanning

Once complete, you will see the following success message:

RKill scan finished screen confirmation window

RKill scan complete

Step 4: Running an Antivirus Scan to Remove Malware

We have now created an environment in which we can trust that our antivirus program can do its job and remove the malware from our computer.  In this guide, we will be using the free version of Malwarebytes.  Not only is this because I trust them, but because their program also works well alongside any other antivirus program you may already have installed on your computer.

First, download the free version of Malwarebytes Anti-Malware.  Once you have downloaded it, double-click on the file (called mbam-setup-consumer-X.XX.XX) to install it to your computer.

If a windows pops up asking you if you are sure that you want to run this file, go ahead and click Yes.

The installation wizard will launch – please select your language and click Ok:

Malwarebytes language selection screen

Select your language

The next step of the installation wizard will launch – please click Next:

Malwarebytes Installation Wizard screen

Click Next

Agree to the conditions:

Malwarebytes license agreement

Agree to the license agreement

Continue clicking the Next button until Malwarebytes begins to install on your computer:

Installation screen from Malwarebytes

Installing Malwarebytes

While it is up to you, I would un-check the option to enable the free trial of the premium version of Malwarebytes (You might wish to buy their premium version just to thank them for cleaning up your computer after this however):

Malwarebytes installation complete screen

Note the free trial of the premium offering

You will now be presented with the program screen alerting you that a scan has never been run for your system.  The program will automatically update its virus definitions.  Simply click the Fix Now button in the upper right corner:

Malwarebytes program launcher screen

Click Fix Now in the upper right corner

Malwarebytes will now scan your computer rooting out malware:

Malwarebytes scanning screen

Malwarebytes scanning

Once Malwarebytes has finished scanning your computer, you will be presented with a screen displaying the results.  All of the malware that was detected will be listed here.  To remove the malicious software from your computer:

  • Click on the Quarantine All button and then
  • Click on the Apply All button
Malwarebytes threats detected screen

Threats Detected!

Malwarebytes will now quarantine all of the malicious programs, files, and registry keys that it has found on your computer.  Please be aware that Malwarebytes might require a reboot of your computer to finish removing some of these files.  If a window displays asking to reboot, click Yes, and your computer will restart.

Step 5: Final Check

Once you have restarted your computer (either do so because Malwarebytes asked you to, or do so manually if it did not), we need to confirm that we are now virus free.  To do this, we will do two things:

  • Run a scan of our computer with Malwarebytes once again
  • Run a scan of our computer using one of the free online antivirus scanners (I recommend ESET’s Online Scanner)

Your computer should now be free of any and all of the typical variants of malware that you are likely to come across.

Linux as a Last Resort

There are some forms of malware out there that are particularly nasty and might not be able to be removed through the methods described above.  In instances such as these, we can turn to our friend Linux.  You don’t need to hyperventilate, this isn’t anywhere near as bad or bothersome as it used to be.  In fact, our friends at Kaspersky have created a special rescue disk explicitly for this purpose!  It even has a nice interface.

  • First, download the Kaspersky Rescue Disk and burn it to a CD/DVD/USB
  • Next, insert the CD/DVD/USB into your computer and restart (make sure that your computer automatically boots from the CD/DVD or USB drive first in your BIOS)
  • Then select your language and agree to the terms of service
  • Select Kaspersky Rescue Disk – Graphic Mode (Please click here for more thorough instructions)
  • Click the large K icon in the lower left corner to launch the program
  • Make sure to update to the latest virus definitions by clicking the Start Update button under the My Update Center tab
  • Under the Objects Scan tab, select all of the options for hard drives, disk boot sectors, and hidden startup objects and click Start Objects Scan
  • Lastly, click Delete for anything that Kaspersky Rescue Disk finds on your computer

For more information on how to use this tool, please visit Kaspersky’s help page.

Remove the CD/DVD/USB from your computer and restart.  You will now boot into a clean Windows machine!

Ransomware

If you happen to be a victim of a form of ransomware, please read these guides on how to rescue your computer and its data:

How to Prevent Malware

Whew…You can rest easy now that your computer is once again malware free.  That sure was a lot of work though wasn’t it?  I’m proud of you for sticking with it and learning how to clean up your computer on your own.  Not only did you save yourself at least $80, but you also learned an important skill.  With that being said, you don’t want to do it again, do you?  I didn’t think so.

Preventing malware from infecting your machine is incredibly important and Help From a Geek has got you covered.  Please check out my guide on How to Prevent Malware to learn some of the things that you can and should be doing to remain free of malware.  Once you have done that, I strongly recommend that you read my article on Secure Computing Habits.  Learning some skills and behaviors to keep you safe online will do more than anything else to keep you safe from the bad guys out there try

About jvaudio

I have masters degrees in information systems management, project management, and computer science. I have bachelors degrees in technical management and finance.

I love to learn. I love to write. I love technology. I love math.

Visit My Website
View All Posts