Friday, September 7, 2012

10 Steps to Completely Removing a Virus

After my previous post, I feel it is only right that I assist those who already have an infected computer. Most likely those people can't read this post, but maybe you can print this out and save your friend $100 taking it to the shop for repair. My goal in this post is to demystify the process of what it takes to remove a virus. All you need to to be brave enough to try it. Yes anyone probably can do this (though there are a few instances where an average user should not try this at home.

Step #1: Troubleshoot

You remember that line from the Movie Ratatouille, "Anyone Can Cook?" Well it is also my opinion that anyone can troubleshoot as well. It is a logical pattern of thinking that doesn't take a genius to figure out. Here is a for instance. Can your machine connect to the Internet? If it can then great, all you need to do is go straight to Step #2  in the process. If you can't, you will need to access the Internet on another computer to accomplish Step #2, and then copy the anti-malware tools to a thumb drive.

Step #2: Download the Anti-Malware Tools

There is a list of really good tools out there are completely free and even more effective than some of the paid-for programs. These programs are not meant to be left on your computer, but are meant only to be used when you know you have a virus. If you are wondering about how to keep malware from getting on your computer, please read my last post called Six Common Sense Tips for Keeping Your Computer Safe.

Please download the following tools to your computer or to a flash drive:

  1. Rkill.exe - This program is meant to help stop any malicious programs so you can start the removal process
  2. Malwarebytes - This is a scanning tool when your anti-virus program fails.
  3. Tdsskiller.exe - This program is designed specifically to find Root Kit malware.
  4. SuperAntispyware - It is much better than it looks. Often it will catch things that other scanners won't.
  5. Combofix - This is the bazooka of malware scanners. Caution. Only run this program if your data is completely backed up.
  6. Unhide.exe - If the virus has hidden your files and or you think you are missing files, this program will "unhide" your files.
Step #3: Boot your computer in Safe Mode

You may be wondering, what is safe mode. Safe mode is a mode that boots your computer with the most basic settings to run (i.e. everything on your screen will look very big). If you are unsure how boot into Safe Mode, here are the steps:

  1. Restart Your computer
  2. Before your computer starts turning on, press the F8 key continuously
  3. So long as you pressed F8 as your computer was turning on, a menu will pop up with multiple options. You need to Safe Mode with Networking.
Your computer will now boot into safe mode

Step #4: Run Rkill.exe
Time: Approx. 2 minutes


Now it is time to start using our fancy tools that we downloaded. Hopefully you remember where you downloaded these files. Double Click on the file called rkill.exe. This will run on its own and hopefully stop any harmful programs.  

Step #5: Run tdsskiller.exe
 Time: Approx. 2 minutes

This program is mean to find root kits which historically are difficult to remove. This little program makes this process a little easier if it can find one. You only need to double click on the file labeled tdsskiller.exe and then click "Start Scan". This will not take more than a minute or two. If it does find something, allow it to remove the file and restart your computer. Just make sure to go back into Safe Mode. You should continue on to the next step as this program is only mean to remove one type of malware. 

Step #6: Install and scan with Malwarebytes
 Time: Approx.15 minutes for Quick Scan
Time: Approx. 1 hour to 2 hours  for Full Scan (dependent on state of computer)

This may be the last step for some of you, but I promise I will finish the article for the rest of you. First you need to install Malwarebytes. Don't be afraid, you can simply double click on the file you downloaded and follow the instructions. After Malwarebytes has been installed, open it up and if it asks you to install the database updates, please allow it to do so. I usually start with a quick scan, simply because I do not like waiting a long time for results and also because then if the full scan that I run later doesn't find anything, I call the computer clean and stop right here.

After running the quick scan, if there is anything showing up in red, then malwarebytes has found some infections on your computer. You can then click "Show Results". On the next screen, make sure that all the files found as infections have a check mark next to them. Once you have insured this, you may click, "Remove Selected".  It may ask you to restart your computer. Go ahead and allow your computer to restart, making sure that in the process you boot into Safe Mode.

Once you have finished this, repeat the previous instructions making sure to select full scan. If the full scan does not detect anything, Your computer is probably clean. If you do find more infections and remove them, it would be a good idea to use another tool to scan your computer.

Step #7: Install and Scan with SuperAntiSpyware
 Time: Approx. 1 hour to 2 hours  for Full Scan (dependent on state of computer)

This program doesn't look legitimate, but I assure you that it does a good job finding things that other programs cannot. If you have installed Malwarebytes without problem, then you are already a pro. SuperAntispyware acts much like a fake program in that it wants you to buy the full version, but please don't worry about that. Install the program and scan the full computer. Then allow the program to remove anything it finds.

Step #8: Run Combofix.exe

This program isn't for the fainthearted and this should only be run after you have tried all the previous steps and still have a problem. I would only stress that it is very important to backup any important data on your computer. Put your music, pictures, documents on something like a CD, backup hard drive, or even an online backup solution.

Once you know that your files are backed up, double click on ComboFix.exe. You may click yes to anything that pops up. It will now run a process that may restart your computer. Now is a good time to go get a cup of coffee and do something that doesn't require a computer. This program is doing some major things and you don't want to interfere.

Optional Step #10: Run unhide.exe

I stated earlier that the virus on your computer may have hidden your files. If this is the case, you can run this program and it will unhide all your files and you will be able to work as normal.

Mission Accomplished!

Congratulations! You have just done the same job a professional would have done. If you are still having trouble, then at this point it really is time to let a professional take a look at your computer. Sometimes the issue can't be solved with these steps, but 95% of the time this article will save you $100 at the repair shop. So why doesn't everyone do this. Most of the time it is because people are afraid to try. Don't be afraid. Be bold and try new things. If you already have a virus, what do you have to lose.

No comments:

Post a Comment