Malware Removal Guide 2011: How to Get Rid of All The Latest Malware
Malware Removal Guide 2011: How to Get Rid of All The Latest Malware
Posted 10/31/2011 at 12:57pm
| by David Murphy
14
Comments
Print
Four steps that will keep your PC happy, healthy, and crap-free
Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.
Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.
We can’t make this stuff up.
So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.
What’s that? The first step doesn't involve files to download or utilities to blast malware from your system? Exactly. The most important thing you have to realize in order to fight the great malware war is that you, and you alone, are the first line of defense. You have only yourself to blame if your computer is completely overridden with problem-causing, yet preventable, programs.
The astute among you will notice that this isn't a proper security scan: It's malware, and it just made life very difficult for this system's user.
Much of the more annoying malware that you can accidentally befriend requires your cooperation in order to get on your system in the first place. You have to download and run an unknown file or agree to have a toolbar placed on your system as part of a software installation routine. You have to accept certain kinds of JavaScript or be fooled by scam websites that claim to be running a virus scan on your system (to name one such harrowing tale).
In short, you have to let your guard down.
Ignore this warning image (or any variant) when you're browsing the Internet, and you could be in for a world of digital hurt.
So how do you protect yourself against your own habits? Keep in mind this rule of thumb: If it’s too good to be true, if it looks strange, or if it’s completely unknown to you, don’t run it. Don’t install it. Don’t accept it, don’t hit “yes” to it, and don’t let it get anywhere near your system. Google, Bing, and Yahoo are your friends. Use them to find more information about a given program before you agree to let it do anything on your system. Don’t surf the Internet blindly, assuming that everything on a website is safe for your system to digest.
We mentioned that a bunch of malware can come through your browser—‘tis a shame, we know. Vulnerabilities in browsers and plugins (and user error) can bring your system to its digital knees faster than you can spell the word “crap” in “crapware.” So let’s start with the simplest step: Stop using an outdated, insecure browser. Make sure you’re at least sporting the latest version of one of the Big Three: Internet Explorer, Firefox, or Chrome.
Google Chrome uses a sandbox to better protect you from web attacks. And based on the limited number of successful hacks over the years, it's worked!
But which? Various research reports have dubbed each of these three browsers as the “best in class” against malware and other social-driven attacks. Our personal preference when it comes to safety is Google’s Chrome browser for three reasons: First, it’s the only browser to use sandboxing as its primary defense mechanism. This method combines a JavaScript virtual machine with an OS-level sandbox to prevent successful attacks against the browser’s rendering engine from affecting a user’s file system. Second, Chrome has been, hands down, the hardiest survivor of each year’s Pwn2Own hacking contest at the CanSecWest security conference: Talk about a real-world verification of its security capabilities, eh? Third, Google updates the Adobe Flash and Acrobat Reader modules itself. So if you’re running the latest version of Chrome, you’re running the latest, most secure versions of Flash and Acrobat Reader available (click the wrench icon and About Google Chrome to verify that you’re running the latest updates).
Firefox's NoScript add-on is an excellent tool for preventing page plugins from running on untrusted sites.
But we’re just getting started. JavaScript vulnerabilities—including blatant attacks that rely on a user’s cooperation to work—can just as easily affect your browser. If you’re rocking Firefox, grab an extension called NoScript, which will allow you to disable a page’s plugin elements (including JavaScript and Flash!) by default, unless you trust the site enough to give ‘em a go. Chrome doesn’t have an add-on for the same feature, but you can disable JavaScript by default in the browser’s Under the Hood settings section. And if you want to specifically allow a site’s JavaScript to function, just click the associated X icon in the browser’s address bar to set up site-specific trust. Or, if you don’t mind using a slight variant, you can do your best to mimic NoScript-like control using the NotScripts add-on.
Other extensions and add-ons worth wielding to fight the malware fight include Web of Trust, KB SSL Enforcer, Adblock, and HTTPS Everywhere.
More like this
jwhough
January 18, 2012 at 12:40pm
The PDF plugin in Chrome is actually based on Foxit's PDF Reader, not Adobe's: http://googlesystem.blogspot.com/2010/08/google-chromes-pdf-plugin-uses-foxit.html
franko989
November 22, 2011 at 1:01pm
I had to use Sys Restore (win 7) to get rid of a nasty bug (random audio commercials...). Is that a valid way to clean up after yourself?
Ras Thavas
November 15, 2011 at 4:58am
I have had good success with removing the infected hard drive and putting it in a usb dock or enclosure and then cleaning that drive from another non infected machine.
blkpanthr
November 15, 2011 at 7:02am
Thats usually good enought most of the time.
However, Ive run into more than a few that embed themselves very early in the boot process and will BSOD if you delete the files without getting rid of the registry traces, which you cant really do from another computer.
I suppose technically, you could log into the registry hive somehomw and scan it, but its a lot more complicated.
Victek
November 01, 2011 at 11:45am
This article is fairly elementary. Removing malware after it has installed itself can be extremely difficult, maybe impossible in some cases. Some security vendors offer the option to create a bootable CD to use in conjunction with their security suite, such as Norton Internet Security. This is often necessary as it's not uncommon for malware to remain active in SAFE mode, preventing anti-malware apps from running. You have to know how to create the CD though and more often then not people don't.
This can be a real nightmare for less experienced users. The typical scenario is the user has not been making system images, they've never backed up their data and have years of family pictures, etc, that can't be replaced. They didn't burn the System Recovery discs when they first setup their computer, etc.
I think another article that goes into these issues in more depth could teach people how to create a disaster recovery plan, but this one only scratches the surface.
blkpanthr
November 01, 2011 at 12:49pm
Its not that complicated really, i use only 3 tools:
1. RKILL
2. Malwarebytes
3. Superantispyware.
with those 3 tools ive NEVER been thwarted. Never. and ive cleaned some truely foul systems.
I had a freind who had over 160 different pieces of malware (hes a pron surfer, and aparently very patient with a bogged down system) and all i needed was the above.
You do need to know your way around the system, ie safemode and taskmanager (some malware instals tasks) but those 3 are all you really need.
Travatron
November 02, 2011 at 8:09am
If those 3 tools, as excellent as they are, are all you've ever needed then you simply haven't dealt with the extreme malware you think you have. 190 traces of malware is... nothing. In my experience as a PC repair tech, the most I've encountered is 32,000 on a single system. Those tools are great, and 90% of the time, will be all well and good, however they won't do much when a PC won't boot into Windows at all - safe mode or otherwise. They don't help when a virus has disabled the running of any .exe, finally, these all require updates to detect the latest and greatest. What happens when you get hit with a malware that these programs can't handle yet?
blkpanthr
November 03, 2011 at 7:33am
over 160 different malware types, not traces. God knows how many traces total there were. Some of them have 100s of traces.
Ive cleaned many systems that initially couldnt run .exe files. rkill comes in other flavors than .exe and will kill the malware that prevents .exe from running. Just use a different flavor.
ive cleaned at least a hundred systems, and Ive never encountered a system that I havnt been able to boot eventually though console commands (i dont consider the console an additional tool, as its part of the OS). That doesnt include numskulls whove hosed it up themselves somehow.
so i guess id need one adidtional tool in that case: Ultimate boot disk.
Perhaps you are right and ive just been lucky :-) not gonna complain.
acidic
November 01, 2011 at 7:12am
new trojan for macs. i thought they "just worked" ?
http://www.dailytech.com/Devil+Robber+Trojan+Infects+Macs+Leeches+Their+GPUs+for+Bitcoin+Profit/article23161.htm
bpstone
November 01, 2011 at 4:48am
The likelihood is low that you'll get any malware when you follow the proper precautions. It is still not impossible. I think for most this article is common sense 101. Thank you for posting it nonetheless since a lot of people don't know how to protect themselves on the web. Visit the US-CERT Cyber Security Tips (.GOV) page for additional tips protecting yourself online.
rawrnomnom
October 31, 2011 at 2:57pm
also, it isnt uncommon for some viruses to block rkill from running. a simple name change on the file solves this 99% of the time. i like hellokitty.exe.... who would block that???
blkpanthr
October 31, 2011 at 5:10pm
not always, some malware reads the file header. Ive run into this several times.
However, RKILL has several flavors compiled appropriately. (com, exe, bat. cmd, and iexplore)
iexplore.exe ive found is the best
The malware wants you to go to its website, its not going to block internet explorer
nadako
October 31, 2011 at 2:48pm
A gide that will show you how to make a bootable iso disk that will run all of these anti malware programs at once? Just like the MRI disk that geek squad uses.
Connect with MaximumPC
Featured Content
We introduce Intel's latest class of tablet killers and review 4 of the first Ultra...
This month's issue
Feature
11 Hardware Hacks
Feature
Overclock Your CPU
How-To
Supercharge Your Smartphone
Build It
A Powerful $830 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: HUD-Sporting "Google Glasses" May Hit Streets This Year http://t.co/TDXjJowZ3 hours 9 min ago
- maximumpc: Nvidia Releases WHQL-Certified 295.73 GeForce Drivers http://t.co/NVMWruHO4 hours 43 min ago
- maximumpc: http://t.co/BVVfRA3B4 hours 43 min ago
