CYBER SECURITY EVANGELIST

Malware infection. Nobody wants that on their computer and almost everyone might think: “this can happen to me”. Until it does and you don’t know exactly what’s the first thing you should do.

Maybe you’ll call the IT guy, ask help from a friend or maybe try to disinfect the computer by yourself. Or maybe you want to address this issue on a security forum where other people encountered the same problems as yours and find a solution.

Warning symptoms: You noticed for a while that your PC started to slow down, crashes often, pop-ups appear randomly in your browser,  or you noticed unusual messages or programs that start automatically. These signs can tell that your computer might be infected with malware.

So, a malware infection has taken your computer prisoner: What do you do now?

In this article we’ll show you all the steps you need to follow so you can easily clean up and restore your PC to a functional mode.

Step 1. Backup all your documents and files before you start removing the malware infection

Regardless of your malware infection, the first thing to do is backup all your important files and documents. You can do that by saving your essential data on external source such as DVD/CDs, free cloud storage services, USB sticks or external drives. Use this guide to better backup your online data.

With the help of a backup procedure, you can save your essential data on an external source to keep them safe. You can do it manually or automatically and we recommend using software backup tools like these ones.

Also, if you want to be sure you don’t re-infect yourself with the backup, make sure you use some of these specialized tools to scan the backup before you start reusing the information.

Step 2. Enter your PC in Safe Mode with Networking

Here’s what you should do:

  • Unplug DVDs, CDs or other USB drives from your PC and then shut it down.
  • Restart by pressing F8 key over and over again until it takes you to the Safe Mode with Networking
  • This will make your system boot up only critical processes and prevent certain malware infections from starting up.

Safe Mode Windows

If you are using Windows 8 and/or Windows 10, here’s how you can start your PC in Safe Mode. For older versions of Windows, such as Windows 7 or XP, follow these steps.

Step 3. Delete your temporary files

To make the scanning process smoother and simpler, you should delete all unessential temporary files from your computer.

You can do this by right click on a Windows drive, such as C:/ or D:/ – > Properties -> Disk Cleanup. From the Menu, choose which files you want to delete and remove.

Step 4. Use these free malware removal tools

In order to clean up your PC, you’ll need some specialized software to find and clean up the malicious scanning tools. Here’s a list of all the software you’ll need over the course of the cleanup.

SUPERAntispyware malware tool has a free edition that can detect different forms of malicious software, adware and spyware, and efficiently scan and remove unwanted files from your PC. You can control the scanning options by choosing which files you want the tool to analyze. Scans will be performed manually, but the full control over scans makes it a good choice for users.

Kaspersky TDSSKiller is a free malware removal tool for Windows. It was designed to remove the rootkits which are malicious malware that boots up at the same time as your PC and hide the activity of other malicious software.

Rootkits can gain access administrator rights on an infected computer and provide deeper access to other types of malware. Online attackers can maintain the infection for a long time and are difficult to find and remove.

Kaspersky TDSSKiller is a free program which is easy to download and use. Simply download and follow the 3-4 steps required to start the scan and run the rootkit removal tool.

Source image: https://support.kaspersky.com/viruses/disinfection/5350#block1

Malwarebytes 3.0 anti-malware tool can detect, scan and remove malicious software found on your PC.  It is free for a limited period of time and has a 14 day free trial with full features such as malware removal, ransomware protection, rooter killer and even a repair function for any damaged files. Use the “Start Scan” button to help you remove and kill any malware found with a manual scan. We recommend running this program at least once a week to check things you might have missed or when you notice your PC runs slowly or acts strangely.

ADWCleaner is a free software tool specialized on removing adware, browser hijackers and other potentially unwanted malicious programs that have infected your browser. The product was acquired by Malwarebytes in 2016 and includes features like toolbar removal functionality, light footprint.

If you’ve been using Junkware removal tool for a while, you should know that Malwarebytes has chosen to discontinue development for this free software. However, Malwarebytes “will continue to provide service and support for JRT until End of Life (EOL) on April 26, 2018.” As an alternative, you can use the free ADWCleaner tool that includes all major JRT features.

Here’s a list of malware removal online tools you can use to better protect your computer:

Product name Suitable for: Availability Price
Hitman PRO Beginners Windows OS Free 30-day trial
RKill  Beginners Windows XP/ Vista/ Win 7/ Win 8/ Windows 10 Free
Avira PC Cleaner Beginners Windows Free
Microsoft Safety Scanner Beginners Windows 7 / Vista / XP Free
TrendMicro HouseCall Beginners MacOSX / Windows Free
Emisoft Emergency Kit Beginners Windows 7 / 8.1 / 10 Free
Spybot Search & Destroy Beginners Windows Free
CCleaner * Beginners Windows Free
McAfee Rootkit Remover Beginners Windows Free
IBM X-Force Exchange Malware Analysis Advanced Cloud-based Free for 30-day trial

 

Note: It is worth mentioning that CCleaner was recently compromised by cybercriminals, but the tool is safe now.

5. Reset your browsing settings

In many cases, malware will change your browser settings in order to re infect your computer, show advertisements, or facilitate any other malicious downloads. This is why, you need to review some of your browser settings.

Here’s how to fix browser shortcuts the malware might have altered

First of all, access your browser, Right click on your browser, then go to Properties. 

Browser shortcut

Under the Shortcut tab, you’ll see the Target field.

Browser target

What can actually happen is that the malware might have altered the target field and included a malicious URL in it. So what happens is that now your browser will start up on this page each time you boot it up.

Normally, the browser target should look something like this:

Chrome: “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”

In our example case, the browser was targeted to go to a suspicious website, aimed at downloading malware on your PC.

Chrome properties

You can fix that by simply remove the URL that comes after .exe”.

Browser hijackers will change the homepage 

Instead of changing the “Target” field in the “Shortcut” tab, some malware might just modify your browser homepage.

For Chrome browser:

Go to the Settings in the top right corner of the browser. Once there, go to the On startup section. The first two options don’t have any homepage whatsoever, so you can go ahead and select either one of those.

Chrome settings in browser

If however, you want to have your own homepage, then check the option to Open a specific page or set of pages and then click on Set pages. This should take you to this window where you can add or delete malicious links sneakily set as homepage.

Hijacking chrome browser

Settings for Firefox:

You can access the Options menu in the top right corner of the browser. This will immediately take you to the General tab, where you can reset your homepage as you see fit.

Firefox settings

Malicious hackers can also take control of your accounts through session hijacking by entering the server and access its information without having to hack a registered account. Additionally, he can also make modifications on the server that to help him hack it in the future, or to simplify a data stealing operation.

Verify your proxy settings

There is malware that can even change what Internet server you use to connect to the web. Simply removing the malware won’t reset these proxy settings, so it’s something you should fix before considering your PC squeaky clean.

To access your proxy settings, go to Control Panel -> Network and Internet and then press Internet Options.

proxy settings 1

In the Internet Options menu, go to the Connections tab and press the LAN settings button.

Internet properties

Make sure that Automatically detect settings is on, and that the other two options, “Use automatic configuration script” and “Use a proxy server for your LAN” are unmarked.

Here’s how your settings should look like:

LAN settings

Protection measures after a malware infection

Now that you’ve managed to clean up your PC and remove malware, it is important to take some protection measures to prevent getting another infection.

Some malware programs operate stealthily, and you may not know the infection is there. They don’t visibly affect your PC. Instead, they may collect sensitive information of yours such as passwords, credit card data, completed forms and screenshots.

We recommend following these protection measures to prevent getting your computer infected:

  • Use two-factor authentication management system

If among other things you were also infected with a keylogger, then there’s a high chance your passwords and accounts were compromised. One of the first things you should do is start using the two-factor authentication management system and manage your passwords safely. There are some malware that can take full control of your passwords.

This password security guide will provide all the details needed to set strong and unique passwords to prevent malicious hackers exploiting them and lock you out of your accounts. With the two factor authentication system you will add another layer of protection to your account.

  • Always keep your software up to date

Outdated software is one of the major cause of malware infections out there, mostly because they come with many vulnerabilities exploited by cybercriminals. Keeping up your software permanently up to date will lower the chances for malicious hackers to get inside your device or limit any possibility for them to infect computers.

We know it can become a tedious, yet necessary task to constantly update your software, particularly those that patch frequently. You can use our Heimdal FREE product that will automatically (and silently) update your software, without any annoying confirmation pop-ups. It’s light and unobtrusive, so it won’t slow down your system.

  • Make sure you have an antivirus program installed

An antivirus is a must-have piece of software if you want to keep your device safe and data secure. The real challenge might be when you need to find the right one for your needs. This guide will provide all the needed details to find the best antivirus program.

Once you’ve decided on one, be sure to keep it updated at all times. So that any vulnerabilities it might have are patched while also keeping an updated malware database.

  • Use a traffic filtering solution to keep malware at bay

Cybersecurity would be easy if an antivirus could detect 100% of malware out there, but it can’t provide full protection. Fileless malware and some rootkits are so well programmed and obfuscated, they can be nearly impossible to detect.

One layer of protection is not enough, and you need multiple layers of security to better protect your PC. A traffic filtering software will nicely and efficiently complement an antivirus, since it scans incoming and outgoing traffic for any malware, and then blocks that traffic from entering your PC. In other words, it gets difficult for new malware to reach your device.

We suggest trying our Heimdal PRO product to better protect you from brand new and unlisted malware antivirus software can’t detect. It will also sanitize your Internet traffic and block malicious traffic, making sure you have your both financial and confidential information data safe.

There’s a saying in the cyber security industry: “The best antivirus is you”. Not even security software can keep you safe if you keep putting yourself in harm’s way.

BONUS:

We also added a list of in-depth articles we recommend reading so you can better know how to recognize different signs of malware infection and protect your computer with multiple layers of security.

What other malware removal tools have you used? Let us know in a comment below.

 

This post was originally published by Paul Cucu in January 2017 and received relevant updates by Ioana Rijnetu in November 2017.

Signs of Malware Infection
2017.07.21 SLOW READ

14 Warning Signs that Your Computer is Malware-Infected

where-malware-hides-featured
2016.10.27 SLOW READ

Practical Online Protection: Where Malware Hides

Why Your Traditional Antivirus Can’t Detect Second Generation Malware
2015.09.09 SLOW READ

This Is Why Antivirus Can’t Detect Second Generation Malware [Infographic]

Comments

Hi,

Thanks for sharing such a informative post with useful step by step malware removal process…!!

Hello, Sandeep! Many thanks for your kind words, it means a lot for us. If you want to gain more knowledge in cyber security, you may be interested in our free educational resources: https://heimdalsecurity.com/security-education-resources Thank you!

Hey, just recently few computers in our office seemed having a same issue… well, my PC would work fine, I would open few applications on my desktop such as, outlook, MS word, chrome, Media players etc…. suddenly the pop up came and all the open applications on my desktop were all gone at once…. the pop up window was written in Spanish ” El Sistema etc… ” and I close the error window and restart all the application again… and after some time, it happens again……. the icon of the error window seemed look like something like word document or word pad or something….. anyone having the same issue? or anyone know about this? I search the internet but I can’t find anything related to it…. I really need your help….

file description: EL y yo_descripcion grafica
file type: exe

when it crashes all the application, the pop up was written in Spanish and I quote
” EL Sistema ha vuelto al ” and others….. need help right now to figure it out….

I’m not a computer guy or something….

Hello Skella! We recommend to update your operating system and do not click or download unknown files that could infect your devices. Can you, please, send more details to our support team: support@heimdalsecurity.com ? They will respond in a timely manner. Thank you!

Thanks indeed for this valuable information!
Do you know of any program that can restore encrypted documents that got changed into THOR files?? Oh, if you can help us with this, then a heavy burden will be lifted!!
With appreciation – KF

Excellent blog, thank to your for the kind information. you can add one more virusvanish.com..

No mention of SysInternal tools such as Autoruns or Process Explorer?

Hello, we did take into account adding Sysinternal tools, however it has a high level of complexity and we wanted to make this guide simple and straightforward for the average user.

Thank you for the feedback though, it is very much appreciated!

can your microsoft word documents carry malware or viruses when you email them as attachments…I am an editor…and I’m constantly sending emailed documents back and forth…I’m wondering if I can “catch” or “spread” viruses doing this

Hi Donna!

Cybercriminals often use infected documents to spread malware, which is why you should be very careful when receiving attachments from unknown senders, especially attachments you didn’t request. In order for a document to carry malware, it has to be “programmed” to do so, so you don’t have to worry that this can happen accidentally. Maybe this article we wrote will help paint a clearer picture: https://heimdalsecurity.com/blog/practical-online-protection-where-malware-hides/. I hope it helps and it’s wonderful to see that you are making sure that your inbox is safe and clean!

Yes, excellent, hard hitting advice. I notice you didn’t mention that “bootkits” are rootkit variants, and that TDSS KILLER is able to sniff them out. It’s nice that a lot of the utilities mentioned are FREE. Also, sometimes it is necessary (and easier) to use anti-malware software on a standalone (USB/CD) drive. Other than that, seems to be all we need to know, unless there’s a “bot” in there… Thanks.

That’s a load of great information.
Well researched.
Excellent ideas on tackling the Malwares.
Many thanks …Mr Paul Cucu..!

Very usefull article.
Thanks

Excellent Guide, Thankyou.

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP