Full Malware Scan & Removal Guide to Clean Heavy Infected Computers

Last updated on January 14th, 2019

Nowadays, new viruses, adwares and malwares appear and disappear within days or weeks. When a new virus/adware/malware is released and users’ computers are infected, it takes several days for experts to identify them and then to specify the appropriate treatment/removal procedure.

During those days, users don’t have a way to try and remove them, but, instead, they have to wait for the solution to become public or they have to take their computer to an expert so that it can be cleaned. To avoid this, I decided to write down a generic article that presents you the most common steps and the most useful anti-virus/adware/malware tools used to clean your computers. So, in case your computer is infected by a virus you can’t identify, you can use these steps and tools to try and clean it. As you can all understand, it may not always work, but I am sure that it will help you in most cases.

ATTENTION: All the Anti-Malware programs and removal tools that suggested in this guide are totally FREE.

How to clean your computer from Malware, Adware, Spyware, Rootkits, Viruses, Trojans, etc.

Important: Before you continue with the removal procedure, make sure that you have an updated backup of all your important files.

Suggestions:
1. 
If you cannot download any of the bellow suggested programs on the infected computer, then you can download them on another clean computer and transfer them (e.g. by using a USB flash disk) on the infected computer.
2. If you like, a
dd this page to your favorites (Ctrl + D) to easily find and follow the given instructions.

Malware Removal Guide Steps:

Step 1: Start your computer in “Safe Mode with Networking”.

Step 2: Terminate known running Malicious processes with RKill

Step 3: Remove Malicious Registry Entries with RogueKiller.

Step 4: Remove Malware programs from Windows Startup with CCLeaner.

Step 5: Scan and remove hidden malicious Rootkits with TDSSKiller.

Step 6: Delete Temporary files and folders from all users with TFC.

Step 7: Uninstall all unknown and unwanted applications.

Step 8: Clean Adware & Unwanted Browser Toolbars with AdwCleaner.

Step 9: Remove Junkware & Potentially Unwanted Programs (PUP) with JRT.

Step 10: Clean Malware programs and files with Malwarebytes Anti-Malware.

Step 11: Remove Temporary Internet files and Invalid Registry entries with CCleaner.

Step 12. Scan and Remove Viruses with your Antivirus Program.

Step 13: Delete infected Windows Restore Points.

Step 1. Start your computer in “Safe Mode with Networking”.

Start your computer in Safe mode with network support to avoid malicious programs and unnecessary services to run.

To start Windows in Safe mode with Networking:

1. Simultaneously press the Win image + R keys to open the run command box.
2. Type msconfig and press Enter.

msconfig

3. Click the Boot tab and then check the Safe Boot & Network options.
4. Click OK and restart your computer. *

* Note: When you done, with the malware cleaning, then open the System Configuration (msconfig) utility again and at General tab, select Normal Startup and then click OK, to start Windows normally.

safe mode networking

 

 

Step 2: Terminate known running malicious processes with RKill.

1. Download and Save RKill* to you desktop. RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections.

* Notice: RKill is offered under under different filenames because some malware will not allow processes to run unless they have a certain filename. Therefore when attempting to run RKill, if a malware terminates it please try a different filename.

image

 

2. Run RKill and let the program to terminate any malicious processes that may running.

image

 

3. When RKill is finished press OK and continue to the next step.

image

 

Step 3: Remove Malicious Registry Entries with RogueKiller.

1. Download and save RogueKiller utility on your computer'* (e.g. your Desktop). RogueKiller is an anti-malware program written in C++ and is able to detect, stop & remove generic malwares and some advanced threats such as rootkits, rogues, worms, etc.

* Note: Download the portable version 32-bits or the 64-bits according to your operating system's version. To find your operating system's version, right click on your computer (This PC)icon, choose Properties and look at System Type section.

image

 

2. When the Download is completed, double click at the downloaded file, to run RogueKiller.
3. Then press the Scan button.

image

 

4. At Scan options, click Start at 'Scan Everything' section to perform a full scan.

image

 

5. Wait until RogueKiller scan your PC.
6. When the scan is completed, click the Results button.

image

 

7. Review the malicious items and registry entries found, and then click the Removal button. *

 

image

 

8. When the removal process is competed, reboot your PC.

 

Step 4: Remove Malware & Unknown programs from Windows Startup with CCLeaner.

1. Install and run CCleaner. *

* Note: If you don’t know how to download and install CCleaner, read these instructions.

2. At the main window, choose Tools on the left pane and then click Startup.

image

 

3a. At Windows tab, select and delete all suspicious (unknown) or unwanted programs to prevent them from running on Windows startup: *

  • Tip No1: We suggest that you disable (and not to delete) any unknown entry (program) if you are not sure if it is malware.
  • Tip No2: Before deleting the malicious Startup entries, open Windows Explorer to find and delete manually the malicious folders and files from your computer. (e.g. RandomFolderName, RandomFileName.exe).

image

 

3b. Then choose the Scheduled Tasks tab and disable (or delete) all unwanted or unknown tasks.

image

 

5. Close CCleaner and reboot your computer to Safe Mode with Networking mode again as described at Step 1.

6. After rebooting, run Rogue Killer again to scan & clean remaining malicious entries as described at Step 2.

 

Step 5: Scan and remove hidden malicious Rootkits with TDSSKiller.

1. Download and save TDSSKiller Anti-rootkit utility by Kaspersky Labs on your computer (e.g. your desktop).

image

 

2. When the download is complete, go to your download location (e.g. your desktop) and double click on “tdsskiller.exe” to run it.

image_thumb23_thumb_thumb

3. At Kaspersky’s Anti-rootkit utility program click on “Change parameters” option.

tdsskiller-parameters_thumb1_thumb

4. At TDSSKiller settings, check to enable the “Detect TDLFS file system” option and press “OK”.

nb45qheh_thumb1_thumb

5. Press "Start scan" to start scanning for malicious programs.

tdsskiller-start-scan1[2]

When the scan process is complete, a new window opens with the scanning results.

6. Choose the "Cure" option and let the program finish the cure operation of the infected files.
7. When the "curing" operation is complete, reboot your computer.
8. After rebooting, run TDSSKiller again to scan one more time for Rootkits. If the previous curing job was completed successfully, the program now will inform you that "No Threats found".

tdsskiller-no-threats-found1[2]

 

Step 6: Delete Temporary files and folders from all users with TFC.

1. Download and save TFC by OldTimer to your computer.
2. When downloading is completed, run TFC and press the start button to clean all temporary files and folders from your computer. *

* Note: The detailed instructions on how to download and use TFC can be found here: How to delete temporary files using TFC.

TFC by old timer

 

Step 7. Uninstall all unknown and unwanted programs.

1. Open Windows Control Panel. To do that:

  • In Windows 10/8: Open the Search box and type Control Panel.

image

 

  • In Windows 7 & Vista: Go to Start > Control Panel.
  • In Windows XP: Go to Start > Settings > Control Panel

 

image

 

2. Set the View By to Small icons and then click at:

  • Programs and Features (or “Uninstall a Program”) if you have Windows 10, 8, 7 or Vista.
  • Add or Remove Programs if you have Windows XP

image

 

3. When the program list is displayed on your screen, sort the programs to be displayed by Installation date (Installed On) and then find and Uninstall (Remove)* any unknown program that was lately installed on your system.

* Notice: If you receive the “You do not have sufficient access to uninstall” error message or you face problems during program uninstall, then follow this guide to uninstall the program.

1pn5id2g

4. When you remove all the unknown or unwanted programs, continue to the next step.

Step 8: Clean Adware, Unwanted Browser Addons & Toolbars with AdwCleaner.

1. Download and save AdwCleaner utility to your desktop. AdwCleaner is a powerful utility to clean all the Adware, Toolbars, PUP & Hijacker programs from your computer.

image_thumb

 

2. Close all open programs and Double Click to open AdwCleaner from your desktop.

3. After accepting the “License Agreement”, press the Scan Now button.

image_thumb[2]

 

4. When the scan is completed, press Clean & Repair to remove all the unwanted malicious entries.

image_thumb[3]

 

4. When asked, click Clean and Restart Now.

image_thumb[4]

5. After restart, close AdwCleaner's information (log) window and continue to the next step.

 

Step 9: Remove Junkware & Potentially Unwanted Programs (PUP) with JRT.

1. Download and run JRT – Junkware Removal Tool. JRT is a security utility that searches for and removes common adware, toolbars, and potentially unwanted programs (PUPs) from your computer. *

* Note: JRT is not longer supported or updated, but you can use it's latest version to clean the junkware on your computer.

image

 

2. After running JRT, Press any key to start the scan/clean process.

rbqt5vao_thumb1

 

3. Be patient until JRT scans and cleans your system.

image

 

4. When the scan is completed, close the JRT log file and and then reboot your computer.

image

 

Step 10: Clean Malicious Programs, Files and Registry Entries with Malwarebytes Anti-Malware.

Click the link below, to download and install Malwarebytes Premium one of the most reliable FREE anti malware programs today in order to clean your computer from remaining malicious threats. If you want to stay constantly protected from viruses and malware threats, existing and future ones, we recommend to buy the Malwarebytes Premium.

Malwarebytes™ Protection
Removes Spyware, Adware & Malware.
Start Your Free Download Now!

How to download & Install Malwarebytes:

1. Click the Free Download button at Malwarbytes Download page to download the Malwarebytes Premium TRIAL version. *

* Note: After the 14-day trial period, Malwarebytes reverts to a free version but without real-time protection for ransomware, viruses or malware programs.

download Malwarebytes 3.0 FREE

 

2.When the download is completed, double click at the downloaded file, to install Malwarebytes Premium.
3. At the installation screens, choose your preferred language, and just press the Next button in all installation screens, to install the product.

install Malwarebytes 3.0 FREE

4. When the installation is completed, click Finish.

install Malwarebytes 3.0 premium

 

How to Scan & Clean your computer with Malwarebytes Anti-Malware 3.0.

1. Launch Malwarebytes Premium Trial and wait until the program updates its antivirus database.
2. When the update process is completed, press the Scan Now button to start scanning your system for malware and unwanted programs.

scan Malwarebytes 3.0 free

3. Now wait until Malwarebytes finishes scanning your computer for malware.

scan Malwarebytes 3.0 premium

4. When the scan has completed, select all detected malware infections (if found) and then press the Quarantine Selected button to remove all threats from your computer.

remove infections Malwarebytes 3.0

5. Wait until Malwarebytes removes all infections from your system and then restart your computer (if required from the program) to completely remove all active threats.

scan for infections Malwarebytes 3.0


Step 11: Remove Temporary Internet files and Invalid Registry entries with CCleaner

1. Run the CCleaner program again.
2. At the main screen (Cleaner) press the Run Cleaner button to remove all the Temporary Internet files, history, cookies, etc.

image

3. When done, click Registry on the left and then click Scan for issues.

image

 

4. When the scan is completed, press the Fix selected issues button, to remove all the invalid registry entries.

image

 

5. When done, close CCleaner and Restart your computer.

 

Step 12. Scan and Remove Viruses with your Antivirus Program.

After restart, open your Antivirus program and perform a full scan for viruses on your computer. *

* Suggestion: Before scanning your system with your antivirus program, download and run the ESET Online Scanner utility, a power Standalone Virus Removal tool, to clean your computer from threats. { At the "Computer Scan Settings" options select "Enable detection of potentially unwanted applications" and in Advanced settings check all available boxes. (Remove found threats, Scan Archives, Scan for potentially unsafe applications & Enable Anti-Stealth technology). Then press Start to scan and clean your computer}.

Eset Online Scanner

 

Step 13: Delete infected Windows Restore Points.

After performing the above instructions, check if your computer is working smoothly and then proceed and remove all the previous system restore points from your computer, because they still contain malware that can harm your computer in the future. So proceed and…

1. Disable the 'System Restore' feature on the disk C:\ in order to remove the infected System Restore points.
2. Then proceed and re-enable the 'System Restore' feature for safety and security reasons.

Conclusion: Hope that you find this article useful and effective and that your computer is now clean from all harmful programs running on it.  I will try to keep this article updated. From your side if you want to learn how to stay protected on the future from malware programs read this article: Ten+ tips to keep your computer fast and healthy.

If this article was useful for you, please consider supporting us by making a donation. Even $1 can a make a huge difference for us in our effort to continue to help others while keeping this site free: