SECURITY EVANGELIST

For the past few days, you’ve noticed how your PC’s doing some strange things. For one, it’s a lot slower than before. It takes longer to boot up and for some reason many programs seem to crash or freeze up, even if they didn’t do that before.


After a few more days, pop-ups start to appear randomly in your browser. Even your homepage has been changed.

If you’ve been having these sort of symptoms and others like it, then there’s a very high chance your device might be malware infected. It’s certainly not a fun experience, but there are ways to fight back against the malware and take back your PC.

So how do you remove malware? Let’s not waste time and find out.

0.   Backup your documents and files before you start to remove the malware [OPTIONAL]

If you have a deep and severe malware infection, consider backing up your important files and documents. That’s because many malware programs might damage your system and delete important files if it senses a removal process taking place.

We strongly recommend you backup your files on an external source, such as a DVD/CD’s, USB sticks or external drives.

Backing up files and documents on cloud solutions such as Google Drive or Dropbox runs the risk of exposing your personal account information to keyloggers and screen grabbers.

Usually, the files you’ll backup such as Word documents, photos, videos and so on, will be clean. That’s because malware programs are just that, programs, and in order for (most of) them to launch an infection you need to run them.

Even so, if you want to be sure you don’t re-infect yourself with the backup, we recommend you use some of these specialized tools to scan the backup before you reuse the information.

1.   Start your PC in Safe Mode with Networking

The first step you should take is to boot up your PC in Safe Mode with Networking. This will make Windows boot up only critical processes, and prevent some malware ones from starting up. This gives you access to the PC in case of a severe and deep infection.

Here’s how you can get into Safe Mode on Windows 10 and 8, as well as older versions of Windows, such as Windows 7/XP.

2.   Clean your temporary files 

To make the scanning processes quicker and simpler, you’ll need to clear up unessential temporary files from your PC.

To do this, simply right click on a windows drive, such as C:/ or D:/, go to Properties, and go do Disk Cleanup. From the menu, choose which file types you want the cleanup to delete and remove.

3.   Here are some of the best free malware removal tools

In order to clean up your PC, you’ll need some specialized software to find and clean up the malicious scanning tools. Here’s a list of all the software you’ll need over the course of the cleanup. We’ll cover them more in-depth once we get to use them.

All of these programs are free, and most of them are fairly small in size, under 100 Mb. Some of them however, such as Malwarebytes 3.0 and HitmanPro have full functionality available only for a trial period.

4.   Use Rkill to freeze and stop any malicious processes

Many malware programs have built in survival measures. These are used to detect installation and activation of various security products such as antivirus or anti-malware software.

Rkill will bypass these measures and kill the malware processes, allowing you to install and use all of the other malware and adware remover tools we’ve mentioned above.

To use Rkill, simply download the program and run it. But be sure you don’t turn off or restart your PC after that, or else the malware processes will start again.

5.   Kaspersky TDSSKiller is a free malware removal tool for Windows

Rootkits are nasty types of malware that boots up at the same time as your PC and hide the activity of other malicious software. Rootkits will even gain administrator rights in order to provide deeper access to other types of malware. For this reason, rootkits are difficult to find and remove.

Kaspersky TDSSKiller is one of the better rootkit removal software out there. Thankfully, it’s free and easy to use. Simply download and follow the 3-4 steps required to start the scan and run the rootkit removal.

6.   Start removing malware with Malwarebytes 3.0

Malwarebytes Anti-Malware will scan and remove malicious software you have on your PC. It’s a free program, with a small 55 Mb installer and has a 14 day free trial with full features such as malware removal, ransomware protection, rootkit killer and even a repair function for any damaged files.

Use the “Scan now” feature and be sure to remove and kill any malware the product identified.

7.   Use ADWCleaner to remove any browser malware you might have on your PC.

ADWCleaner is a product that specializes in removing adware and browser hijackers. This includes corrupted toolbars, adware and other type of malware that have infected your browser.

This is an important step since an infected browser might try to download other malware programs on your PC.

8.   Junkware Removal Tool will clean up any leftover software on your PC.

This free malware removal tool will cleanup any leftover malicious software, and also clear up any remaining junk data used by the malware.

9.   Use HitmanPro to do a final double check for any remaining hidden malware

HitmanPro is an excellent second opinion scanner designed to find and identify malware programs other security products somehow skipped.

And best of all, it’s free! Just like all the other programs mentioned in this article. However, its full features are only enabled for a 30 day trial period, after which you will need to purchase the full license.

10.  Reset your browser settings

Malware will often change your settings in order to facilitate more malicious downloads. For this reason, you should review some of these settings, particularly your browser ones.

Fix any browser shortcuts the malware might have altered

First, Right click on your browser and then go to Properties.

Under the Shortcut tab you will see a Target field.

The malware might have altered the target field and included a URL in it. So what happens is that now your browser will start up on this page each time you boot it up.

In normal use, the browser target should look something like this:

Chrome: “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”

In our example case, the browser was targeted to go to a suspicious website, designed to download malware on your PC.

To fix this, simply remove the URL that comes after .exe”.

Browser hijackers will change your homepage

Instead of changing the “Target” field in the “Shortcut” tab, some malware will simply modify your browser homepage.

Chrome browser: Go to the Settings button in the top right corner of the browser. Once there, go to the On startup section.

The first two options don’t have any homepage whatsoever, so you can go ahead and select either one of those.

If however, you want to have your own homepage, then check the option to Open a specific page or set of pages and then click on Set pages. This should take you to this window where you can add or delete malicious links sneakily set as homepage.

Settings for Firefox: You can access the Options menu in the top right corner of the browser. This will immediately take you to the General tab, where you can reset your homepage as you see fit.


Double check your proxy settings

Some malware can even change what Internet server you use to connect to the web. Simply removing the malware won’t reset these proxy settings, so it’s something you should fix before considering your PC squeaky clean.

To access your proxy settings, first go to Control Panel, then Network and Internet and finally press Internet Options.

In the Internet Options menu, go to the Connections tab.  Press the LAN settings button.

Make sure that Automatically detect settings is checked in, and that the other two options, “Use automatic configuration script” and “Use a proxy server for your LAN” are empty.

Ideally, your settings should look like this:

11. Things to do after the malware cleanup

Your PC is now cleaned up, but it’s impossible to know just how much damage the malware might have caused. Some malware programs operate stealthily, and don’t visibly affect your PC. Instead, they may collect personal information of yours such as passwords, credit card data, completed forms and screenshots.

Here are some measures you should follow to limit any damage from such data leaks.

Start using two-factor authentication and change all your passwords

If among other things you were also infected with a keylogger, then there’s a high chance your passwords and accounts were compromised.

That’s why you should urgently change all of your passwords, before the malicious hacker has a chance to exploit them and lock you out of your accounts.

Secondly, start using two factor authentication to add another layer of protection to your account.

Keep your software updated

Outdated software are a major cause of malware infections, mostly because they come with many vulnerabilities exploited by cybercriminals.

Keeping your software permanently up to date will greatly limit any windows of opportunity a malicious hacker might have to infect your device.

We know it can be a chore to constantly update your software, particularly those that patch frequently. But our own Heimdal FREE will automatically update your software, without any annoying confirmation pop-ups. It’s light and unobtrusive, so it won’t slow down your system.

Use a good antivirus

An antivirus is a must-have piece of software if you want to keep your device safe and information secure. The real trick is to find the right one for your needs.

Once you’ve decided on one, be sure to keep it updated at all times. So that any vulnerabilities it might have are patched while also keeping an updated malware database.

A traffic filtering solution will keep a lot of malware away

Cybersecurity would be easy if an antivirus could detect 100% of malware out there, but it can’t. Fileless malware and some rootkits are so well programmed and obfuscated, they can be nearly impossible to detect.

traffic filtering software will nicely complement an antivirus, since it scans incoming and outgoing traffic for any malware, and then blocks that traffic from entering your PC. In other words, the malware never reaches your device.

We believe our own Heimdal PRO is a great security program for the job, and will guard your traffic to make you don’t get infected and also don’t leak personal information.

A few cybersecurity tips & tricks to help  keep you safe in the future

There’s a saying in the cyber security industry: “The best antivirus is you”. Not even security software can keep you safe if you keep putting yourself in harm’s way.

Here’s an in-depth list of articles on what types of threats lurk on the Internet and how you can keep yourself safe against them.

What other malware removal tools have you used?

Signs of Malware Infection
2017.07.21 SLOW READ

14 Warning Signs that Your Computer is Malware-Infected

where-malware-hides-featured
2016.10.27 SLOW READ

Practical Online Protection: Where Malware Hides

Why Your Traditional Antivirus Can’t Detect Second Generation Malware
2015.09.09 SLOW READ

10 Reasons Why Your Traditional Antivirus Can’t Detect Second Generation Malware [Infographic]

Comments

Excellent blog, thank to your for the kind information. you can add one more virusvanish.com..

No mention of SysInternal tools such as Autoruns or Process Explorer?

Hello, we did take into account adding Sysinternal tools, however it has a high level of complexity and we wanted to make this guide simple and straightforward for the average user.

Thank you for the feedback though, it is very much appreciated!

can your microsoft word documents carry malware or viruses when you email them as attachments…I am an editor…and I’m constantly sending emailed documents back and forth…I’m wondering if I can “catch” or “spread” viruses doing this

Hi Donna!

Cybercriminals often use infected documents to spread malware, which is why you should be very careful when receiving attachments from unknown senders, especially attachments you didn’t request. In order for a document to carry malware, it has to be “programmed” to do so, so you don’t have to worry that this can happen accidentally. Maybe this article we wrote will help paint a clearer picture: https://heimdalsecurity.com/blog/practical-online-protection-where-malware-hides/. I hope it helps and it’s wonderful to see that you are making sure that your inbox is safe and clean!

Yes, excellent, hard hitting advice. I notice you didn’t mention that “bootkits” are rootkit variants, and that TDSS KILLER is able to sniff them out. It’s nice that a lot of the utilities mentioned are FREE. Also, sometimes it is necessary (and easier) to use anti-malware software on a standalone (USB/CD) drive. Other than that, seems to be all we need to know, unless there’s a “bot” in there… Thanks.

That’s a load of great information.
Well researched.
Excellent ideas on tackling the Malwares.
Many thanks …Mr Paul Cucu..!

Very usefull article.
Thanks

Excellent Guide, Thankyou.

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP
177 queries in 3.253 seconds