Malware and Virus Removal

If you suspect you are infected with Crypto malware (Cryptowall, Cryptolocker, TeslaCrypt, etc) DO NOT follow this guide! Your files are at stake.

Malware Remediation Steps:

Before proceeding, go into your browser’s extensions and remove all suspicious items. Also go into your browser’s settings and remove any default search providers and unusual homepages. If you are unsure how to do this, proceed to Step 1.

Download and run the following tools in this order. Run all tools unless otherwise instructed. All tools should be run in Normal Mode (not Safe Mode) unless you are unable to boot Normal Mode, or the scans fail in Normal Mode. All tools must be run under an Administrator account. Do not remove any tool-generated logs in the event a helper needs you to post them to further assist you.

1) Run rkill.com

. Sometimes it takes a few minutes to finish. Do not reboot when done.

  • Kills running malicious processes
  • Removes policies in the registry that prevent normal OS operation
  • Repairs file extension hijacks

2) Download an updated copy Malwarebytes’ Anti-Malware. Turn on the “Scan for Rootkits” option. Then, run a “Threat Scan

  • Successfully removes the vast majority of infections
  • Has an industry-leading built-in rootkit/bootkit scanning engine
  • Has built-in repair tools to fix damage done by malware

3) Run ADWCleaner

using the “Scan” option. Then press “Cleaning” when finished and allow it to  reboot your system.

  • Removes majority of adware, PuPs, Toolbars, and Browser hijacks
  • Fixes proxy settings changed by malware
  • Removes certain non-default browser settings

4) Run Malwarebytes’ Junkware Removal Tool and allow it to finish. Reboot your computer upon completion.

  • Removes adware, PuPs, Toolbars, and Browser hijacks other tools miss
  • Good at removing unneeded AppData directories left behind by infections

 

Optional, Advanced Step (only run if previous tools fail to solve problem):

5) Run HitmanPro

  • is HitmanPro.

HitmanPro is a phenomenal “second-opinion” malware scanner.

Please note: If malware has prohibited you from browsing the web or downloading files, you can try running the NetAdapter Repair Tool with all options checked which will attempt to restore your internet connection & default browser settings. You may have to download these tools on another computer and move them to a flash drive that you can plug into the infected machine.

Have adware or spyware on your Mac?

Try Malwarebytes Anti-Malware for Mac (formerly Adware Medic)

 

Follow-up Steps (highly recommended):

  • Using a computer that has not been infected, change passwords to all your online accounts.
  • Consider enabling two-factor authentication.
  • Install a better anti-virus. See recommendations below.

 

How did I get infected?

It is difficult to track down the source of an infection. Most infections are actually given permission to run unknowingly by the user. It is recommended to keep User Account Control turned on and never give access to something you do not trust or did not open. Many other infections come via exploits in your browser or browser plug-ins on websites you visit. Always be very careful what you install. Make sure you trust the source implicitly. When downloading programs, always use the publisher’s website directly.

 

How to prevent future infections:

Be very careful what you download and install. Keep programs like Java & Flash up-to-date, but do so using their official websites or Ninite

installers. Use Unchecky to prevent accidental installation of adware & spyware during product installations. Make sure Windows is kept up-to-date as well. Many Windows updates patch exploits and vulnerabilities in your operating system. Most infections are active because the user has unknowingly given it Administrative permission to install and run. The first line of defense starts with you.

 

The following tools will aide you in keeping your computer clean:

 

Free Anti-Virus Suggestions:

 

 

Helpful Tools:

 

(FOSS – Automates malware removal and system cleanup)