Share this question

Welcome to Teachnovice Q&A, where you can ask questions and receive answers from other members of the community.

This is a collaboratively edited question and answer site for computer enthusiasts and power users. It's 100% free, no registration required.

How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?

0 like 0 dislike
1,546 views

What should I do if my Windows computer seems to be infected with a virus or malware?

  • What are the symptoms of an infection?
  • What should I do after noticing an infection?
  • What can I do to get rid of it?
asked Nov 16, 2016 by Gnoupi  

18 Answers

0 like 0 dislike

With Reference to William Hilsum "How Do I Get Rid Of This: Using A Live CD" above: A virus wont be able to run in a live CD environment, so you can make temporary use of your computer without fear of further infection. Best of all you can access all your files. On June 20th 2011 Justin Pot wrote a booklet entitled "50 Cool Uses for Live CDs". The beginning of the booklet explains how to boot from CD, Flash Drive or SD Card, and pages 19-20 explain about scanning with different "antimalwares" some that were already mentioned. The advice given is invaluable for this scenario, and is explained in easy to understand english. Of course the rest of the booklet is invaluable for your other computing needs. (the link to the download (in pdf format) is provided from the link below. Always remember to be sensible when using the internet, dont be tempted to stray to "places" where malware is very likely to be lurking, and you should be fine. Any Antivirus, Internet Security Suites etc that you maybe using should have the latest updates, and whichever OS you maybe using should also be kept up to date.

http://www.makeuseof.com/tag/download-50-cool-live-cds/

Once you have clicked on or copied and pasted the above link, please then click on

DOWNLOAD 50 Cool Uses for Live CDs (written in blue)

Please Note I tried to write this in the comments section, but couldnt fit it in. So I have given it in an official answer, as it is invaluable

answered Nov 16, 2016 by Simon  
0 like 0 dislike

Two important points:

  1. Don't get infected in the first place. Use a good firewall and antivirus, and practice "safe computing" -- stay away from questionable sites and avoid downloading stuff when you don't know where it's coming from.
  2. Be aware that many sites on the web will tell you you're "infected" when you aren't -- they want to trick you into buying their junky anti-spyware, or, worse, they want you do download stuff that is, in fact, spyware disguised as a "free antispyware application". Similarly, be aware that many on this site, mostly out of stupidity, will diagnose any "odd" error, particularly the sort of registry corruption that Windows is famous for, as signs of spyware.
answered Nov 16, 2016 by Daniel R Hicks  
0 like 0 dislike

On December 8th 2012. Remove-Malware released a video tutorial entitled "Remove Malware Free 2013 Edition" together with a complementary Guide outlining how to get rid of malware from your infected PC for free.

They outline

  • Backup – How to backup up your important personal documents just in-case your PC become inaccessible.
  • Gathering the needed software for this guide.
  • Bootable Antivirus – Why bootable antivirus is the best way to remove malware.
  • Bootable Antivirus Disc – How to create a bootable antivirus disc.
  • Bootable Antivirus Disc – How to scan your PC with a bootable antivirus disc.
  • Cleanup – Round up the remnants and remove them.
  • Prevent it from happening again

The Video Tutorial is over 1 hour long in duration and together with the written guide is an excellent resource.

The video tutorial:link

Written Guide:link

Update:

A very informative article written today 1st February 2013 by J. Brodkin entitled "Viruses, Trojans, and worms, oh my: The basics on malware Mobile malware may be trendy, but PC malware is still the big problem." from arstechnica.com highlights the continual problem of malware & different types of malware with explanations of each, highlighting:

  • Backdoors
  • Remote Access Trojans
  • Information stealers
  • Ransomware

The article also highlights the spreading of malware, botnet operation and businesses under attack.

answered Nov 16, 2016 by Simon  
0 like 0 dislike

As suggested before in this topic, if you ARE SURE you are infected, use a linux live CD to boot your computer and immediately backup all your sensitive data.

It is also a good practice to have your sensitive files stored in a hard drive different from your OS boot drive. this way you can safely format the infected system and run a comprehensive scan on your sensitive data just to be on the safe side.

As a matter of fact, there is no best solution than to format the system partition to make sure you run a virus and malware free environment. Even if you run a good tool (and no doubt there are many out there), there are always leftovers left behind and your system may seem clean at the moment, but it surely becomes a time-bomb awaiting to explode later.

answered Nov 16, 2016 by Lorenzo Von Matterhorn  
0 like 0 dislike

Have You Try Virus Removal Tools?

Virus Removal Tool is a utility designed to remove all types of infections from your computer. It employs the effective detection algorithms used by Kaspersky Anti-Virus and AVZ. It cannot substitute a resident antivirus application.

It available in KasperSky website in
Home → Downloads→ Free Virus Scan→ Download Kaspersky Virus Removal Too

answered Nov 16, 2016 by AminM  
0 like 0 dislike

I do not think that AV programs such as MSE, MCAfee, Norton, Kaspersky, etc. can protect you 100% because their definition files always come after the fact - after the malware is already out there on the web and can have done a lot of damage. And many of those do not protect you against PUPs and Adware.

I also do not think that the scanners like Malwarbytes, Superantispyware, Bitdefender scanner and others can help a lot when the malware has already damaged your system. If you have enough scanners, you will be able to remove the malware but you will not be able to repair the damage that this malware has done.

I therefore have developed a two layer strategy:

  1. I make weekly images (I use free Macrium) of my system partition and my data partition to two external disks that are only connected during the imaging. Thus no malware can get to them. Should something not work in my system, I can always restore the latest image. I usually keep half a dozen full images in case I have to go back further than last week. In addition I have system restore enabled in my OS so that I can quickly set back in case of a faulty update. But system images (shadows) are not very reliable because they can disappear for various reasons. Relying on system images alone does not suffice.

  2. Most of my internet work I do from a virtual Linux partition. Linux itself is not the target of malware and Windows malware cannot effect Linux. With that system I do

all my downloads and checking them with Virus Total before I move them to the Windows system. Virus Total runs the file thru 60 of the best known AV programs and if it comes out clean, chances are very high that it is clean.

all internet access to websites where I am not 100% certain that they are clean - like e.g. this website here.

all my mail. That is the advantage of Gmail and AOL. I can check my mail with my browser. Here I can open any piece of mail without being afraid to get a virus. And attachments I run thru Virus Total.

all my on-line banking. Linux provides me with an extra layer of security

With this approach I have not seen any malware in years. If you like to try a virtual Linux partition, here is how.

answered Nov 16, 2016 by whs  
0 like 0 dislike

SHORT ANSWER:

  1. Backup all your files.
  2. Format your system partition.
  3. Reinstall Windows.
  4. Install antivirus.
  5. Scan your backup with antivirus before starting to use it.

Today you can never be sure that you've completely removed an infestation, except if you wipe your drive and start over.

answered Nov 16, 2016 by svin83  
0 like 0 dislike

Ransomware

A newer, particularly horrible form of malware is ransomware. This kind of program, usually delivered with a Trojan (e.g. an e-mail attachment) or a browser exploit, goes through your computer's files, encrypts them (rendering them completely unrecognizable and unusable), and demands a ransom to return them to a usable state.

Ransomware generally uses asymmetric-key cryptography, which involves two keys: the public key and the private key. When you get hit by ransomware, the malicious program running on your computer connects to the bad guys' server (the command-and-control, or C&C), which generates both keys. It only sends the public key to the malware on your computer, since that's all it needs to encrypt the files. Unfortunately, the files can only be decrypted with the private key, which never even comes into your computer's memory if the ransomware is well-written. The bad guys usually state that they will give you the private key (thereby letting you decrypt your files) if you pay up, but of course you have to trust them to do so.

What you can do

The best option is to reinstall the OS (to remove every trace of malware) and restore your personal files from backups you made earlier. If you don't have backups now, this will be more challenging. Make a habit of backing up important files.

Paying up will probably let you recover your files, but please don't. Doing so supports their business model. Also, I say "probably let you recover" because I know of at least two strains that are so poorly written that they irreparably mangle your files; even the corresponding decryption program doesn't actually work.

Alternatives

Fortunately, there's a third option. Many ransomware developers have made mistakes that let the good security professionals develop processes that undo the damage. The process for doing that depends entirely on the strain of ransomware, and that list is constantly changing. Some wonderful people have put together a big list of ransomware variants, including the extensions applied to the locked files and the ransom note name, which can help you identify which version you have. For quite a few strains, that list also has a link to a free decryptor! Follow the appropriate instructions (links are in the Decryptor column) to recover your files. Before you begin, use the other answers to this question to make sure the ransomware program is removed from your computer.

If you can't identify what you got hit with from only the extensions and ransom note name, try searching the Internet for a few distinctive phrases from the ransom note. Spelling or grammar mistakes are usually fairly unique, and you'll likely come upon a forum thread that identifies the ransomware.

If your version isn't yet known, or doesn't have a free way to decrypt the files, don't give up hope! Security researchers are working on undoing ransomware and law enforcement is pursuing the developers. It's possible that a decryptor will eventually appear. If the ransom is time-limited, it's conceivable that your files will still be recoverable when the fix is developed. Even if not, please don't pay unless you absolutely have to. While you're waiting, make sure your computer is free of malware, again using the other answers to this question. Consider backing up the encrypted versions of your files to keep them safe until the fix comes out.

Once you recover as much as possible (and make backups of it to external media!), strongly consider installing the OS from scratch. Again, that will blow away any malware that lodged itself deep inside the system.

Additional variant-specific tips

Some ransomware-variant-specific tips that aren't yet in the big spreadsheet:

  • If the decryption tool for LeChiffre doesn't work, you can recover all but the first and last 8KB of each file's data using a hex editor. Jump to address 0x2000 and copy out all but the last 0x2000 bytes. Small files will be completely wrecked, but with some fiddling you might be able to get something helpful out of larger ones.
  • (others will be added as they are discovered)

Conclusion

Ransomware is nasty, and the sad reality is that it's not always possible to recover from it. To keep yourself safe in the future:

  • Keep your operating system, web browser, and antivirus up to date
  • Do not open e-mail attachments you weren't expecting, especially if you don't know the sender
  • Avoid sketchy web sites (i.e. those featuring illegal or ethically dubious content)
  • Make sure your account only has access to documents you personally need to work with
  • Always have working backups on external media (not connected to your computer)!
answered Nov 16, 2016 by Ben N  
...