Full Malware Scan & Removal Guide to Clean Heavy Infected Computers

Nowadays, new viruses, adwares and malwares appear and disappear within days or weeks. When a new virus/adware/malware is released and users’ computers are infected, it takes several days for experts to identify them and then to specify the appropriate treatment/removal procedure.

During those days, users don’t have a way to try and remove them, but, instead, they have to wait for the solution to become public or they have to take their computer to an expert so that it can be cleaned. To avoid this, I decided to write down a generic article that presents you the most common steps and the most useful anti-virus/adware/malware tools used to clean your computers. So, in case your computer is infected by a virus you can’t identify, you can use these steps and tools to try and clean it. As you can all understand, it may not always work, but I am sure that it will help you in most cases.

ATTENTION: All the Anti-Malware programs and removal tools that suggested in this guide are totally FREE.

How to clean your computer from Malware, Adware, Spyware, Rootkits, Viruses, Trojans, etc.

Important: Before you continue with the removal procedure, make sure that you have an updated backup of all your important files.

Notice No1: If you cannot download any of the bellow suggested programs on the infected computer, then you can download them on another clean computer and transfer them (e.g. by using a USB flash disk) on the infected computer.

Notice No2: Add this page to your favorites (Ctrl + D) to easily find and follow the given instructions.

Malware Removal Guide Steps:

Step 1: Start your computer in “Safe Mode with Networking”.

Step 2: Terminate known running Malicious processes with RKill

Step 3: Remove Malicious Registry Entries with RogueKiller.

Step 4: Remove Malware programs from Windows Startup with CCLeaner.

Step 5: Scan and remove hidden malicious Rootkits with TDSSKiller.

Step 6: Delete Temporary files and folders from all users with TFC.

Step 7: Uninstall all unknown and unwanted applications.

Step 8: Clean Adware & Unwanted Browser Toolbars with AdwCleaner.

Step 9: Remove Junkware & Potentially Unwanted Programs (PUP) with JRT.

Step 10: Clean Malware programs and files with Malwarebytes Anti-Malware.

Step 11: Remove Temporary Internet files and Invalid Registry entries with CCleaner.

Step 12. Scan and Remove Viruses with your Antivirus Program.

Step 13: Delete infected Windows Restore Points.

Step 1. Start your computer in “Safe Mode with Networking”.

Start your computer in Safe mode with network support to avoid malicious programs and unnecessary services to run . To do that

Windows 7, Vista & XP users:

  1. Close all programs and reboot your computer.
  2. Press the "F8" key as your computer is booting up, before the appearance of the Windows logo.
  3. When the "Windows Advanced Options Menu" appears on your screen, use your keyboard arrow keys to highlight the “Safe Mode with Networking” option and then press "ENTER".

safe-mode-with-networking_thumb1_thu[1]

Windows 8 & 8.1 users*:

* Also works in Windows 7, Vista & XP.

1. Press “WindowsImage-201_thumb  + “R” keys to load the Run dialog box.

2. Type “msconfig” and press Enter.image

3. Click the Boot tab and check “Safe Boot” & “Network”.

image

4. Click “OK” and restart your computer.

Note: In order to boot Windows in “Normal Mode” again, you have to uncheck the “Safe Boot” setting by using the same procedure.

 

Step 2: Terminate known running malicious processes with RKill.

1. Download and Save RKill* to you desktop. RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections.

* Notice: RKill is offered under under different filenames because some malware will not allow processes to run unless they have a certain filename. Therefore when attempting to run RKill, if a malware terminates it please try a different filename.

image

2. Run RKill and let the program to terminate any malicious processes that may running.

image

3. When RKill is finished press OK and continue to the next step.

image

Step 3: Remove Malicious Registry Entries with RogueKiller.

1. Download and save RogueKiller utility on your computer'* (e.g. your Desktop). RogueKiller is an anti-malware program written in C++ and is able to detect, stop & remove generic malwares and some advanced threats such as rootkits, rogues, worms, etc.

Notice*: Download version x86 or X64 according to your operating system's version. To find your operating system's version, "Right Click" on your computer icon, choose "Properties" and look at "System Type" section.

ROGUEKILLER

2. Double Click to run RogueKiller.

3. Let the prescan to complete and then press on "Scan" button to perform a full scan.

roguekiller

3. When the full scan is completed, select all items found in 'Registry' & "Web Browsers" tabs and then press the "Delete" button to remove them.

roguekiller-delete

(If asked, press Yes to reboot your computer and reboot again in "Safe Mode with Networking")

roguekiller-reboot

Step 4: Remove Malware programs from Windows Startup with CCLeaner.

1. Download and run CCleaner.

2. At “CCleaner” main window, choose "Tools" on the left pane.

image

4. In "Tools" section, choose "Startup".

image

4a. Choose the "Windows” tab and then select and delete all unknown or malicious programs to prevent them from running on Windows startup: *

  • Tip No1: We suggest that you disable (and not delete) any unknown entry if you are not sure if it is malware.
  • Tip No2: Before deleting the malicious Startup entries, open Windows Explorer to find and delete manually the malicious folders and files from your computer. (e.g. RandomFolderName, RandomFileName.exe).

e24jjxfb_thumb1_thumb

4b. Then choose the “Scheduled Tasks” tab and delete (or disable) all unwanted tasks from there.

ccleaner scheduled tasks

5. Close “CCleaner” and reboot your computer to “Safe Mode with Networking” mode again as described at Step 1.

6. After rebooting, run Rogue Killer again to scan & clean remaining malicious entries as described at Step 2.

Step 5: Scan and remove hidden malicious Rootkits with TDSSKiller.

1. Download and save TDSSKiller Anti-rootkit utility by Kaspersky Labs on your computer (e.g. your desktop).

image_thumb29_thumb_thumb

image_thumb26_thumb_thumb

image_thumb17_thumb_thumb

2. When the download process is complete, go to your download location (e.g. your desktop) and double click on “tdsskiller.exe” to run it.

image_thumb23_thumb_thumb

3. At Kaspersky’s Anti-rootkit utility program click on “Change parameters” option.

tdsskiller-parameters_thumb1_thumb

4. At TDSSKiller settings, check to enable the “Detect TDLFS file system” option and press “OK”.

nb45qheh_thumb1_thumb

5. Press "Start scan" to start scanning for malicious programs.

tdsskiller-start-scan1[2]

When the scan process is complete, a new window opens with the scanning results.

6. Choose the "Cure" option and let the program finish the cure operation of the infected files.

7. When the "curing" operation is complete, reboot your computer.

8. After rebooting, run TDSSKiller again to scan one more time for Rootkits. If the previous curing job was completed successfully, the program now will inform you that "No Threats found".

tdsskiller-no-threats-found1[2]

Step 6: Delete Temporary files and folders from all users with TFC.

1. Download and save TFC by OldTimer to your computer.

2. When downloading is completed, run TFC and press the start button to clean all temporary files and folders from your computer.

Note: The detailed instructions on how to download and use TFC can be found here: How to delete temporary files using TFC.

TFC by old timer

Step 7. Uninstall all unknown and unwanted programs.

1. To do this, go to:

  • Windows 7 & Vista: Start > Control Panel.
  • Windows XP: Start > Settings > Control Panel

image

  • Windows 8 & 8.1:
  1. Press “Windows”  Image-201_thumb8_thumb_thumb_thumb_thumb  + “R” keys to load the Run dialog box.
  2. Type “control panel” and press Enter.

control-panel_thumb5_thumb_thumb_thumb_thumb_thumb

2. Double click to open:

  • Add or Remove Programs if you have Windows XP
  • Programs and Features (or “Uninstall a Program”) if you have Windows 8, 7 or Vista.

image

 

3. When the program list is displayed on your screen, sort the programs to be displayed by Installation date (Installed On) and then find and Remove (Uninstall)* any unknown program that was lately installed on your system.

* Notice: If you receive the “You do not have sufficient access to uninstall” error message or you face problems during program uninstall, then follow this guide to uninstall the program.

1pn5id2g

4. Close Add/Remove programs window and continue to the next step.

Step 8: Clean Adware & Unwanted Browser Toolbars with AdwCleaner.

1. Download and save AdwCleaner utility to your desktop. AdwCleaner is a powerful utility to clean all the Adware, Toolbars, PUP & Hijacker programs from your computer.

image

2. Close all open programs and Double Click to open ”AdwCleaner” from your desktop.

3. After accepting the “License Agreement”, press the “Scan” button.

image

4. When the scan is completed, press “Clean” to remove all the unwanted malicious entries.

image

4. Press “OK” at “AdwCleaner – Information” and press “OK” again to restart your computer.

image

5. When your computer restarts, close "AdwCleaner" information (readme) window and continue to the next step.

Step 9: Remove Junkware & Potentially Unwanted Programs (PUP) with JRT.

1. Download and run JRT – Junkware Removal Tool. JRT is a security utility that searches for and removes common adware, toolbars, and potentially unwanted programs (PUPs) from your computer.

ooiklzrb_thumb3

2. Press any key to start scanning your computer with “JRT – Junkware Removal Tool”.

rbqt5vao_thumb1

3. Be patient until JRT scans and cleans your system.

e3folbue_thumb

4. Close JRT log file and and then reboot your computer.

nt3i1nap_thumb

Step 10: Clean Malware programs and files with Malwarebytes Anti-Malware.

Download and install Malwarebytes Anti-Malware one of the most reliable FREE anti malware programs today to clean your computer from remaining malicious threats. If you want to stay constantly protected from malware threats, existing and future ones, we recommend that you install Malwarebytes Anti-Malware Premium:

Malwarebytes™ Protection
Removes Spyware, Adware & Malware.
Start Your Free Download Now!

Quick download & Installation instructions:

  • After you click the above link, press at the “Start My Free 14-Trial” option to start your download.

malwarebytes-downlaod_thumb1_thumb2_[1]_thumb_thumb_thumb

  • To install the FREE version of this amazing product, uncheck the “Enable free Trial of Malwarebytes Anti-Malware Premium” option at the last installation screen.

image

Scan & Clean your computer with Malwarebytes Anti-Malware.

1. Run "Malwarebytes Anti-Malware" and allow the program to update to its latest version and malicious database if needed.

image

2. Press the “Scan” option from the top menu.

mfggagod

3. Select “Custom” scan and then click the “Scan Now” button.

lxorni4d

4.  At  “Custom Scan Configuration” options, first check all available scanning options from the left pane, select the disk(s) to scan from the right pane and finally press the “Start Scan” button to scan your entire system for malware.

malwarebytes-anti-malware-full-scan

5. Now wait until Malwarebytes Anti-Malware finishes scanning your computer for malware.

image

6. When the scan has completed, press the “Quarantine All” button to remove all threats found.

image

7. Wait until Malwarebytes Anti-Malware removes all infections from your system and then restart your computer (if required from the program) to completely remove all active threats.

image

 

Step 11: Remove Temporary Internet files and Invalid Registry entries with CCleaner

1. Run CCleaner program and proceed to clean your system from temporary Internet files and invalid registry entries.*

*If you don’t know how to install and use “CCleaner”, read these instructions.

2. Restart your computer

Step 12. Scan and Remove Viruses with your Antivirus Program.

Open your Antivirus program and perform a full scan for viruses on your computer. *

* Suggestion: Before scanning your system with your antivirus program, download and run the ESET Online Scanner utility, a power Standalone Virus Removal tool, to clean your computer from threats. { At the "Computer Scan Settings" options select "Enable detection of potentially unwanted applications" and in Advanced settings check all available boxes. (Remove found threats, Scan Archives, Scan for potentially unsafe applications & Enable Anti-Stealth technology). Then press Start to scan and clean your computer}.

Eset Online Scanner

 

Step 13: Delete infected Windows Restore Points

After the removal process, you must remove all system restore points from your computer because they still contain malware that can harm your computer in the future.

1. To disable System Restore points and clean disk space read this article: How to Enable or Disable System Restore in Windows.

2. After doing that you must re-enable the System restore feature for safety and security reasons.

 

Conclusion: Hope that you find this article useful and effective and that your computer is now clean from all harmful programs running on it.  I will try to keep this article updated. From your side if you want to learn how to stay protected on the future from malware programs read this article: Ten+ tips to keep your computer fast and healthy.

 

If this article was useful for you, please consider supporting us by making a donation. Even $1 can a make a huge difference for us in our effort to continue to help others while keeping this site free: