Hi everyone,

I would like to share my malware removal guide with all of you. It contains step by step instructions on how to remove malware from a computer. It's still a work in progress. I would appreciate any feedback.

This guide will help you clean your computer of malware. If you think your computer is infected with a virus or some other malicious software, you may want to use this guide. It contains instructions that, if done correctly and in order, will remove most malware infections on a Windows operating system. It highlights the tools and resources that are necessary to clean your system. Malware is a general term for any malicious software, including viruses, trojans, rootkits, spyware and adware.

Guide: http://www.selectrealsecurity.com/malware-removal-guide

add 'delete internet explorer's temp files cache.' wit the delete temp folder.



I've also seen things hide in the temp folder of the pseudo users 'Local system' and 'Network Services'.



also should have section to reset winsock to fix browser hijack type things.. for XP anyway



http://support.microsoft.com/kb/299357

Thanks.

Looks good. I've had great luck with Kaspersky Rescue Disc installed to a USB drive. Boot from that and let it run a scan, then reboot and let  Malwarebytes do its thing.

I can save you a lot of work; Install Linux

Just kidding.  Great job on the writeup.   Most of the programs I've used at one time or another, but there were a few on your list that I wasn't aware of.  Looks like I have some more documentation and programs to put into my bag of tricks.  Thanks!

Nice job. I noticed that Ccleaner is in the article.  When possible, I've run it before running Malwarebytes to I wouldn't waste time scanning un-needed temp files.

Brian12,

Your post could not have been timelier for me. By the way, Welcome to Arfcom.


I buy every other year the cheapest piece of crap laptop money can buy. Computers perform a few basic applications for me so I don't need much. Last purchase is what I'm typing on now. HP Mini, woo, hoo...

My idea of virus control is simple. If computer catches one use this. Remington Virus Destroyer, version 870.


Now, as you've guessed by now my computer skills ain't too savvy. Whatever got a hold of my mini shut it down, insisted I download it's version of malware and screamed like a big cat every five or so minutes. I couldn't load a program, free version of McAfee er nothin. I'd let my Norton prescription to computer slowdom go a few years ago.

So I go to town and buy the latest Kaspersky One, Universal Security and try to load. Worm ain't havin none of that. So I log onto my Android and look for this forum, finding this thread and tutorial. Had forgotten about safe mode. If it were not for tutorial I wouldn't have found it.

Geek squad wanted $199.00 to fix my $248.00 computer, yea right. If it weren't for having some photos newly loaded for a defensive carry thread not yet backed up to photobucket, version 870 Virus Destroyer would've been deployed.

Thanks to your thread I was able to get to safe mode, remember how to do system restore. Then load Kaspersky.

Thanks Brian.

david

___________________________________________________________________________________________________________________________________


All sounds (eyes rolling) simple to you guys but to me to me it was a huge deal. This OP deserves a place in tacked gateway thread or thumb tack.

Hi David,

I'm glad you found my guide useful. Thanks for the comments everyone.

Update:

- Added RogueKiller (Additional Detection/Removal Tools)
- Added Windows Defender Offline (formerly Standalone System Sweeper)
- Added Ultra Virus Killer (Additional Detection/Removal Tools)
- Added file sizes (Additional Detection/Removal Tools)
- Removed unnecessary links

Good list. When I first started in IT years ago I wish I would've run into a list like this.

I spent many a weeks trying to find the ideal virus removal program. Like you and many others, mbam has become my favorite.

However, I have run into many severe rootkits recently that TDSS and MBAM haven't been able to tackle, and combofix has been the only solution. I'd suggest adding it to your list.

Bravo

Hi bassboy,

Thanks for the suggestion.

Not a bad document, but your "Note 1" is really the only thing necessary.

I *HATE HATE HATE HATE* seeing people say, "Oh, I ran malwarebytes and now my computer is clean!"  It's not.  You just don't know what malware you're running now, and your computer is probably part of a bot farm.

Anyway, that's the advice I give everyone who comes in here with "I got a virus, what do I do".  Wipe and reload, it's the only way to be sure.  Or switch to Unix, preferably packaged with a Mac.

Hi Josh,

You make an excellent point. Thanks.

Update:

- Added instructions on how to fix the Registry (Preparation for Removal)
- Changed Malwarebytes download link
- Added note about manually updating Malwarebytes (Step 2)
- Updated HitmanPro (3.6)
- Removed F-Secure Online Scanner
- Added Bitdefender Bootkit Removal Tool (Additional Detection/Removal Tools)

OK, I'm following the instructions, but how do I fix this:

OST.

Hi txgp17,

Right-click the FixNCR.reg file and click Merge.

I don't have "Merge" as an option.  I'm running MS XP Home Edition 2002 SP3.

By default Windows should know what to do with a .reg file, but you can do it manually.



Go to Start -> Run and type "regedit" and hit <Enter>.



Go to the File menu, select Import, and then locate and double click the .reg file.



 

ETA: doubletap

Follow the steps provided by BushBoar. It should work.

'Hiren's boot cd' is a good one to throw on your keychain for almost one-stop-shopping for most comp repair. Boots into linux, windows, and some custom shit.

That didn't seem to change anything, it still asks which program I want to use to open the file.

Posted: 12/5/2011 12:25:41 PM EST - Trojan / browser hijack problem, unable to remove, please help

Update:

- Changed the link to backup instructions
- Added Windows Repair by Tweaking.com (Fix Post-Disinfection Problems)
- Removed TaskManager.xls
- Added Process Hacker (Additional Detection/Removal Tools)
- Removed unnecessary links

http://www.selectrealsecurity.com/malware-removal-guide

to import a .reg file when .exe are hijacked, broken and explorer is wonky.

start task manager  (ctrl+shift+esc)   and pray IT is not broken also.

file->new

change selection box to all files (*.*)  find the .reg file you want to merge, right click on it and you can select merge from the popup menu.

I didn't know I had a message. I sent a message back.

Update:

- Removed unnecessary notes (Step 2)
- Revised instructions for running SuperAntiSpyware (Step 2)
- Removed tutorial links (Step 2)
- Changed the order of steps in After the Removal Process
- Added instructions on how to Repair Windows Update and Firewall (Fix Post-Disinfection Problems)

Update:

- Added a Comments and Reviews page (under the title)
- Created a PDF version of the guide (under the title)
- Added a link about disconnecting your Internet connection (Step 2)
- Added a link to Malwarebytes randomly named installer (Step 2)
- Combined steps: Get Expert Analysis and Further Help

I also created a Google+ page. https://plus.google.com/106459453799715716104/posts Please follow me.

Brian,

You are awesome!!!!!

I have been living with web browser redirects for months. Been cutting and pasteing in order to use the net for so long that I forgot what regular hyperlinks on Google were like. Your simple instructions helped me to clean up the computer, Super anti spyware cleared off a trojan, and I was able to use the program to reset the hosts file. The laptop works great now.

Thank you so much. The assholes who write the damn viruses and mal ware never know who they are hurting. Im telling you that you just really helped me.

Hi JeepinSoldier,

I'm glad that my guide helped you!

Update:

- Added a new image (Introduction)
- Added a new page: Fix Internet Connection after Malware Removal (Removal Process)
- Added an important note - RKill (Step 2)
- Removed Malwarebytes offline database installer (isn't updated often)
- Removed SuperAntiSpyware (Step 2)
- Changed a few links
- Updated the PDF version

Hi everyone,

Recently, I've been getting questions about my recent update (particularly the part about removing SuperAntiSpyware). I would like share the reasons why I removed SAS.

I removed SuperAntiSpyware for the following main reasons:

1. SuperAntiSpyware has the lowest malware detection rates compared to Malwarebytes and HitmanPro.
2. The fact that HitmanPro uses 4 antivirus engines to detect malware.
3. Malwarebytes and HitmanPro provide adequate malware removal when used together.
 
SuperAntiSpyware is still an excellent product, and I will definitely keep an eye on it.

Brian

Update (1.1):

- Added a version number
- Added an important note about the time (Introduction)
- Revised the Fix Executable Files section (Preparation for Removal)
- Added an important note about broken Internet connection (Removal Process)
- Revised the Repair Windows Update and Firewall section (URLs)
- Updated file sizes (AV Rescue CDs)
- Added a few new links

Update:

- Added a last updated date
- Revised the introduction
- Created a new page: http://www.selectrealsecurity.com/stop-malicious-processes
- Replaced FixNCR.reg with RKill
- Moved Safe Mode to the Preparation section
- Removed aswMBR
- Updated the PDF version

Update:

- Revised the introduction
- Added an important note about the USB autorun file (Preparation for Removal)
- The guide is now officially copyrighted (added copyright notice).
- Changed the subheadings
- Revised page: Stop Malicious Processes and Fix EXE Files
- Revised Step 3
- Changed a few links
- Updated the PDF version