Malware Removal

with No Comments

There are plenty of articles scattered across the net on how to clean up and speed up your computer. The majority do an okay job but don't cover a lot of the basics or expect you to pay for products or services.

With that in mind, this is part one of a five part series.
The series will cover the steps I commonly take to clean up a computer and speed up performance. Along with procedures I use on my personal computer.

While I will try to be as thorough as possible, there are way too many advanced topics to cover in a single article and will just cover the basics that people may not already know but should.

Malware

By far the most frustrating and difficult issue to fix is Malware. Malware is any unwanted software that has a malicious or negative impact on your computer. Malware can do a variety of things. Such as display unwanted advertisements on your computer, allow a remote user to take control over or monitor your computer without you knowing, and obtain your personal information.

Before I help you get rid of some, if not all of the malware. Let's cover how you can avoid being infected in the first place.

 

Top of page

 

Avoiding Malware

The majority of the malware is downloaded software we think we want. The sources can be a trusted website, a file sharing application, or a not-so-trusted website.
Other sources can be from portable media, such as a USB drive or disk, you obtained from a friend or found.

 

If you don't trust it, don't do it

Unless you know how to prevent malware from being installed, never use a USB drive or disk that you happened to find. Portable media is one of the common ways of being infected by malware. The media may even be cleverly mislabeled as something you would want in order to entice you into using it. Just throw it away or return it to the owner and avoid the risk of being infected.

If you are on an untrusted website, watching movies, pornography, or downloading software. Avoid clicking on any notification that your plugin is out of date or prompts to download an installer to retrieve it. If you see this kind of prompt avoid them like they are the plague.

If you believe your plugin is out of date, go to the plugin website or application directly and perform an update from there.

A simple message to a computer savvy friend, asking if they think a file or link is safe, may save you from losing everything or having your identity stolen! Chances are you'll end up talking to them if you become infected anyway. A two minute conversation could save you both hours of hassle and lots of money in the long run. If neither of you are sure, it's best to just leave it alone.

You can also check a potentially harmful file or website URL by submitting it to VirusTotal. VirusTotal will check the submission using multiple Antivirus applications including some of those I recommend below.

 

Always have a backup

Creating frequent backups can save you from losing everything. This applies to hardware failures as well, not just a to protect against malware. It is best practice to create a backup at least once a week.

There are inexpensive services that can keep your important data safe on the cloud without needing to buy hardware. So even if you lose everything in a fire, buy a brand new computer and move out of state. You will be able to recover your data at any point-in-time you backed up. My personal favorite service is CrashPlan.

There are other services as well, such as Acronis a long-time storage drive utility company, made popular by it's drive cloning capabilities. Both of which will work with external storage drives as well.

I will cover backup methods and best practices in another article.

 

Always read what you're installing or agreeing to

Many common applications we use, including Java Runtime Environment and Adobe Flash, have prompts to install additional software such as McAfee Antivirus or Google Toolbar. Other software will come bundled with additional software and will install it without prompting you and even cease to function if you remove the unwanted software.

Simply read and follow the prompts to opt-out of installing any unwanted software. Don't just spam the next button until it finishes.

 

When you think they're not watching

There are additional things to watch out for that many people do not know. For example, Flash banner ads running in the background have the capability to monitor your keystrokes in other applications.

So while you have one tab running and you open another tab to your bank or online store, the banner ad is sending all the keys you pressed to someone on the otherside. Including your usernames, passwords, credit card information, or any other form that you fill out. Including those not in your browser.

This works because Flash, like Java, is an application installed on your computer that has control over certain functionality.

Always remember to close out all other tabs or your entire browser when entering in your passwords or other personal information.

 

Top of page

 

Removing Malware

So you've been infected and want to get rid of it. Below I will cover some basic steps to get you fixed. Keep in mind some of the more advanced malware will disable the ability to perform basic troubleshooting steps. They may even disable your Antivirus applications preventing them from detecting or scanning while the malware is still running. Others install multiple malware applications as a bundle or will periodically download more, so dont just think you're safe because you found the one giving you problems.

For the majority of the steps below you will need administrative access to your computer.

 

Uninstall Unknown Programs

A lot of malware will be listed in your installed programs. It's also a great way to help speed up your computer by removing software you don't use.

In order to check your installed programs you will need to go into your Control Panel and then Programs and Features.

For a shortcut you can press the windows key and R key at the same time to bring up the Run prompt.
In the Open input box type in appwiz.cpl

Run Control Panel
Run Control Panel


Then press enter

Go through the list and uninstall anything you don't use.

Programs and Features
Programs and Features

If you're not sure simply google the name of the application to find more information on it.

 

Google it

Most of the viruses will have a name or other way to identify them. You can normally use google to find in-depth instructions on how to remove the infection. It is usually the first step most technicians will perform when identifying the virus. If you have been locked out of your computer or can not access the internet. You can use your smartphone or call a friend to work on the issue together.

 

Disable Startup Programs

Nine times out of ten you can disable the programs starting up with your computer to disable the malware.
Every startup program and non-microsoft service can be disabled without harming your computer.

Windows 7

Press the start orb and in the search type msconfig

Search Msconfig
Search Msconfig


Then press enter.

Windows 8

Press the start button or navigate to the bottom left or top right charm.
Click the search button and type in msconfig

Search Msconfig Windows 8
Search Msconfig Windows 8


Then press enter.

msconfig window

Once you see the System Configuration window, click selective startup, And uncheck load startup items.

Msconfig Selective Startup
Msconfig Selective Startup

Click Ok and then reboot.

After reboot

If the malware is gone you know it's one of the items in the startup tab of the msconfig window.

Reopen msconfig and navigate to the startup tab to display the startup items.

Msconfig Startup
Msconfig Startup

Windows 8 will need to run the task manager by clicking the link to view the startup items.

Msconfig Startup Windows 8
Msconfig Startup Windows 8
Msconfig Startup Windows 8
Msconfig Startup Windows 8

If you notice that one of the startup items has been enabled in the startup items. This means the software detected that it was disabled and enabled itself. Some anti-virus and other desirable software also exhibit this behavior as does malware.
If it is malware you may be able to disable it by running windows in safe mode. Steps on starting in safe mode are below.

Otherwise you can then select Normal Startup from the msconfig General tab. Navigate to the startup tab. And disable all untrusted startup items.
If you are unsure, simply disable all items and enable one at a time until the malware returns. Once it returns you have pinpointed the infection.

Uncheck the suspected startup item. Then continue enabling the rest of the startup items until all but the malware item/s are enabled.

 

Safe Mode

By starting up in safe mode, the majority of your computer software will not start when you load into windows. This includes disabling the startup applications, hardware drivers, and services along with a lot of malware. Some of the more advanced Anti-Malware applications will also not run while in safe mode.

While in safe mode being able to remove identified infections may become easier.

In order to boot into safe mode follow the steps above to start msconfig.

Click the boot tab, then select Safe boot and select Minimal as the desired option.

Msconfig Safe Mode
Msconfig Safe Mode

Click Okay and reboot when prompted.

Msconfig Reboot
Msconfig Reboot

Once you are have completed troubleshooting enter msconfig again, and uncheck safe boot.

 

Last and Easiest Resort

Anti-Malware software, which I cover more in-depth below, can help to remove some computer infections. The only way to be sure is to wipe your system drive and start over. If you know you're infected; formatting and reinstalling everything is the sure-fire way to make sure it's gone.

Generally walking through every single step, performing scans, and validating takes hours to perform. If you have a proper backup of your system a format and reinstall can take significantly less time.

Be warned that this option will erase everything and revert back to when Windows was first installed.

Windows 7

You will need your Computer Operating System Disk or Recovery Disk you created earlier.

Follow the steps above to go to the Control Panel.

Click System and Security, then click Backup and Restore, click Recover system settings or your computer, then Click Advanced recovery methods, Finally select Reinstall Windows.

System and Security
System and Security
Backup and Restore
Backup and Restore
Backup and Restore Files
Backup and Restore Files
Reinstall Windows
Reinstall Windows

 

Windows 8

Use the top right charm, click Settings, click Change PC Settings, then Update and Recovery.

Settings
Settings
Change PC Settings
Change PC Settings
Update and Recovery
Update and Recovery

 

Next Click the recovery tab and select the option to Remove everything and reinstall Windows.

Remove Everything
Remove Everything

Be sure that after Windows is reinstalled that only trusted software is reinstalled.

There are special cases where you may need to delete your drive partitions to avoid being reinfected. Those infections are rare and you should seek the aid of a professional if you become infected by one.

 

Top of page

 

Anti-Malware Software

Many anti-malware applications can help safeguard our computers and your personal information from malicious threats.

Anti-Malware software applications have many different capabilities and functionality. Including Antivirus, Firewall, Heuristics, Immunization, Virtualization, Cloud scans and many others.

 

Anti-Malware Features
Antivirus

Covers detection of malware based on already known virus definitions that must be installed on the computer.
Some applications may refer to themselves as an Antivirus despite having multiple functions.

Firewall

Covers incoming and outgoing data transmitted from one computer to another. Usually allowing you to accept or reject a connection or blocking commonly vulnerable ports.

Heuristics

Covers undiscovered malware, known as zero-day viruses, and known malware variants. Commonly results in false positives, where a known trusted application is detected as a virus due to its functionality matching common malware signatures.

Immunization

Covers hardening your computer's security by preventing known vulnerabilities prior to becoming infected.

Cloud Scanning

Covers detection of malware by using a combination of virus definitions and user supplied data that has been evaluated as a threat.

Rootkit Scanning

Covers detection of malware that masquerades as a common application that executes additional unwanted functions, while still allowing normal functionality of the infected application.

Sandbox or Virtualization

Covers running individual processes and applications in a separate environment allowing the application to run without affecting your system.

Real-Time Monitoring

Covers monitoring of your computer's files and settings, alerting you of potentially unwanted changes. Usually runs in conjunction with Antivirus and Firewall.

 

Common Infections

Four applications I recommend to remove common infections are TDSSKillerMalwarebytes, Ad-Aware, and Spybot Search and Destroy. These applications have been around a long time and will find the majority of the known malware. However, they will not find everything but regularly update to detect newly discovered malware and variants.

All of the applications have free and paid options. For general usage, the free version is enough to remove the common infections. In addition the free versions will usually require you to manually start the scans.

Ad-Aware Free and the other paid options enable real-time scanning which will decrease your computer performance. Performance will decrease even more so if you have multiple running simultaneously. This is caused by the real-time scanning consuming additional resources and checking files and applications as they are accessed.

For those with alternative Antivirus software with real-time scanning, the real-time scanning can be disabled in the options of any or all of the applications. I recommend leaving your primary Antivirus software real-time scanning enabled.

 

Aggressive Infections

For some of the more aggressive malware you will need a more comprehensive Antivirus software. These applications will slow down your computer due to the real-time scanning, but will protect you from 90% of the malware found in the wild.

Free Antivirus

For free software (that also have paid options) I recommend COMODO Internet Security.  The main reason I recommend COMODO is that it was the only Antivirus that detected a port scanner I had written for penetration testing. I had also tested the same file with multiple more commercialized Antiviruses that I will not name at this time.

Be warned that it is for the more advanced user that wants greater control over their computer. The free version of COMODO has options to install multiple software and custom DNS servers which can be opted out of by going into the advanced installation options.

I personally disable sandboxing as it causes quite a few headaches with some software and enable HIPS to prevent potential intrusions.
Others free Antivirus software applications, in order of suggestion, are: Kaspersky (trial), Avast, Panda, AVG,and Microsoft Security Essentials.
Special note that Windows 8 comes with Windows Defender. I recommended ensuring that it is disabled after installing a third-party Antivirus.

Subscription Antivirus

The majority of the free Antivirus software applications have paid for versions that enable certain abilities to enhance your security. Aside from the upgraded free software, exclusively paid for Antivirus applications that may have trials, in order of suggestion, are  BitdefenderWebRoot, Kaspersky, and Norton Security.

I have a personal bias toward McAfee. I have seen many systems protected by McAfee become infected by viruses that other less known Antivirus software detected.

Please read each software application policy very carefully before you choose to pay for one. Some offer guaranteed protection and will reimburse you should you become infected with malware while using their product. Meaning if you need to hire someone to clean up your computer or lose money because of the infection they will pay for it.

 

Top of page

 

if you would like tips on more advanced techniques please comment below. I will be happy to help you to recover your system in greater detail.

I will continue to update this article as more information becomes available.

Leave a Reply