Scrub Your PC Clean: Remove Malware in Four Easy Steps
Scrub Your PC Clean: Remove Malware in Four Easy Steps
Posted 09/06/2011 at 1:31pm
| by David Murphy
26
Comments
Print
Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.
Your system slows it to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down you browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.
We can’t make this stuff up.
So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded problems forevermore.
[Step One] The Pre-step
What’s that? No files to download or software to rip malware from your system? Exactly. The most important thing to realize in order to fight in malware’s great war is that you, and you alone, are the first line of defense. You only have yourself to blame if your computer is completely overridden with preventable, problem-causing programs.
Much of the more annoying malware that you can accidentally befriend requires your input in order to get on your system in the first place. You have to download and run an unknown file or agree to have a toolbar placed on your system as part of a software installation routine. You have to accept certain kinds of Javascript or be fooled by scam websites that claim to be running a virus scan on your system (to name one such tall tale).
In short, you have to let your guard down.
So how do you protect yourself against your own habits? Use three simple rules: If it’s too good to be true, if it looks strange, or if it’s completely unknown to you, don’t run it. Don’t install it. Don’t accept it, don’t hit “yes” to it, and don’t let it get anywhere near your system. Google, or Bing, or Yahoo is your friend: Find more information about a given situation or software before you agree to let it do anything on your system. Don’t surf the Internet blindly and assume that everything on a Web site is a safe for your system to digest.
[Step Two] Browser Blockers
We mentioned that a bunch of malware can come through your browser–‘tis a shame, we know. Vulnerabilities in browsers and plugins (and user error) can bring your system to its digital knees faster than you can spell the word “crap” in “crapware.” So let’s start with the simplest step: Stop using an outdated, insecure browser. Make sure you’re at least sporting the latest version of one of the “Big Three:” Internet Explorer, Firefox, or Chrome.
But which? Various research reports have dubbed each of these three browsers as the “best-in-class” against malware and other social-driven attacks. Our personal preference turns to Google’s Chrome browser for two reasons: One, it’s the only browser to use sandboxes as its primary defense mechanism, which combines a Javascript virtual machine and an operating-system-level sandbox to prevent successful attacks against the browser’s rendering engine from affecting a user’s file system. Second, Chrome has been, hands-down, the healthiest survivor of each year’s Pwn2Own hacking contest at the CanSecWest security conference: Talk about a real-world verification of its security capabilities, eh?
But we’re just getting started. Javascript vulnerabilities—including blatant attacks that rely on a user’s cooperativeness to work–can just as easily affect your browser as well. If you’re rocking Firefox, grab an extension called NoScript, which will allow you to turn a page’s plugins elements off by default (including Javascript and Flash!) unless you trust the site enough to give ‘em a go. Chrome doesn’t have an add-on for the same feature, but you can disable Javascript by default in the browser’s “Under the Hood” settings section. And if you want to specifically allow a site’s Javascript to function, just click on the associated “X” icon in the browser’s address bar to set up site-specific trust. Or, if you don’t mind using a slight variant, you can do your best to mimic “NoScript”-like control using the “NotScripts” add-on.
Other extensions and add-ons worth equipping to fight the malware fight include: Web of Trust, KB SSL Enforcer, Adblock, and HTTPS Everywhere.
Tags:
More like this
bluejade
January 10, 2012 at 10:23pm
This is a interesante article that really helped me to find the information I was looking for. I'll take the blog in my favorites and definitely visit again. Diced Apples
bluejade
January 05, 2012 at 5:25pm
These were wonderful. The only thing they require is a big glass of milk to make the heavenly experience of the perfect brownie complete. Dry Fruits
bluejade
December 22, 2011 at 12:32am
I dredged up a similar config answer from my Novell networking background and we solved the issue with a strategically placed forward-slash...small oil expeller
bluejade
November 24, 2011 at 6:26pm
But for Scottish users of the iPhone 4S, for now, voice-controlled technologies may not be quite ready for them yet. moulin de grains
bluejade
November 17, 2011 at 7:12pm
On completion there was a cellibratary drink with the client, I embarressed myself by falling asleep as I hadn't slept in in 3 or 4 days. Peanut Machine
Inskipp
October 18, 2011 at 6:35pm
In the magazine, the link for combofix is not the official source of combofix. When you run combofix, it specifically says to make sure you got it from the proper source: http://www.bleepingcomputer.com/combofix/how-to-use-combofix. On that page also are the warnings and instructions on its use.
Also, I use TDSSkiller from http://support.kaspersky.com/faq/?qid=208280684 to check for rootkits. Many recent malware install variations of these, and some of them are extremely difficult to remove with 100% confidence. Many times I’ve seen infections come back on systems that were not checked properly for rootkits.
On one of the comments above, someone asked why do you not clear the temp files before scanning. Some of the rogue anti-virus malware programs actually hide your files and shortcuts, and sometimes they keep a backup copy in the temp files folder. If you clear them first, it may be impossible to recover your desktop and start menu shortcuts later.
Nimrod
September 10, 2011 at 1:37am
my machine is a porn server that i like to have shady hookers on and some times they use its water cooler as a toilet even tho its got brown and reed soars all over the case oh and also its only got 256 ram so how can i clean it please?
Nimrod
September 10, 2011 at 1:41am
oh but the ram is FAST it has a cas latency of only 1 and i hurd that DDR3 has a 9 so does that make my scanner faster can some one please halp?
anonymousperson
September 09, 2011 at 12:14pm
If you are using the dev build of Chrome, you can enable click to play for plug-ins under the about:flags page. You have to then enable it under content settings. Don't know about other builds.
essjay22
September 07, 2011 at 2:27pm
What ppl really need to do is start making backup images of their boot drives so NONE of the above will ever be required !! Use a good image program and image weekly so if you have any kind of problem, you can drop the image on your infected drive and be back up and running in about 10 minutes. That beats all kinds of running around trying various removals and scans which can take a *long* time.
Good article though, Thanks.
Long live combofix!
MarioJP
September 07, 2011 at 1:23pm
One thing I will admit these retail PC's have is the built in recovery partition!. So far i been lucky that this still works regardless how infected windows is. When using the recovery method MAKE SURE YOU SELECT DESTRUCTIVE MODE. I've noticed many techs oversee this A LOT!. Then they wonder why the virus is still there.
Blues22475
September 07, 2011 at 5:38am
Usually when I get systems in that are infected here's what I do:
1. Start system in Safe Mode with Networking.
2. Install Malwarebytes Anti-Malware
3. Install SuperAntiSpyware
4. Install Ccleaner
5. Do a full scan with Malwarebytes in Safe Mode
6. Do a full scan with malwarebytes in Normal Mode (i.e. booting regualrly).
7. Run SuperAntiSpyware with a full scan and in "Full Boost" Mode.
8. Use Ccleaner to clean temp files. Done.If it winds up worse, I use some tools like Hitman Pro or TDSS Killer. I very rarely run Combofix as it can be dangerous (thought it's better about CYA now). I very rarely use it unless I am 95% sure it'll fix an issue. This method has worked 95% of the time.
p309
September 12, 2011 at 8:33pm
Why do you not remove the temp files first? It can take much more time if you're scanning them along with everything else.
Also, if I may recommend that your steps include removal of all System Restore points, and set a new one when you're finished. You have a very good routine going there.
winmaster
September 07, 2011 at 5:35am
"Make sure you’re at least sporting the latest version of one of the “Big Three:” Internet Explorer, Firefox, or Chrome. "
No love for Opera?
Morete
September 07, 2011 at 4:09am
I've always used SuperAntiSpyware. Nice product. Now with their 5.0 version it actually uses separate cores of the processor for running three tasks at the same time. No more bottlenecking. Good going! I've tried their "pro" version and I didn't notice any real-time protection like they advertise. I still got the tracking cookies, etc.
Microsoft Security Essentials is the best free one out there as far as I'm concerned. With the full scan, it gets them all. Unfortunately, their real-time protection does not seem to work either.
For paid versions, G-Data is my choice. Kapersky is probably right up there too but I've never tried it. The problem with these is that they are resource hogs and slow the system down way too much.
Engelsstaub
September 07, 2011 at 3:34am
Microsoft Security Essentials is the way to be for Windows now, IMO. I have ESET on my PCs (excellent) and my Mac (useless/overwhelmingly pointless) right now but...
...I think MS really did the right thing by creating their own AV solution. You and they know it has to be decent because Redmond's rep is riding on it.
I'm generally happy with ESET but will likely not renew it. Paid AV on Windows is now for suckers IMO and Microsoft should be commended for their efforts.
I've used Malware Bytes for years on Windows. It's never found a thing. I don't think it sucks at finding them, I just think I suck at getting them ;)
mario_ramalho
September 07, 2011 at 3:22am
I too have fallen victim of nasty malware. The kind that disables the Task Manager and System Restore, and spreads like wildfire. Spybot would pop up countless times with new files created by this monster, and nothing i had at the time would get rid of them. Eventually, after a couple of days of investigating, with the help of Spybot, if found the culprit file, but couldn't get anything to get rid of it, even in safe mode. I even ran MSCONFIG to see if it was there as a startup app, but there wasn't. Finally, i popped in a Ubuntu LiveCD, went into the folder where Spybot identified the malware file to be, and got rid of it. Then booted Windows in safe more and was able to get rid of the rest of the infestation.
blkpanthr
September 07, 2011 at 9:14am
This is the purpose of rkill.
You cannont delte a running program.
Rkill will terminate it so u can delete it or run scannig software without having to move the drive to a secondary machine.
don2041
September 06, 2011 at 9:34pm
I have a couple of older slow rigs so I use external drives to store all my data. I then can plug them into my speed machine to scan. Also this leaves less of a foot print on the boot drives on the slow machines so scans don.t take a week of sundays to complete.
MarioJP
September 06, 2011 at 8:44pm
This article gave me more antivirus program to try out. One thing I am curious is what if the machine is a HP running 512mb. These scans can take forever. When I work on the machine and find one of those machines with min specs. best alternate option is to pull the drive and use a much more faster machine. Makes data backups easier and virus scans much faster. Now of course if that option is not around best bet is to backup their data and reformat.
erniemink
September 06, 2011 at 5:21pm
I use SuperAntispyware (paid version of course), Malwarebytes (paid version of course), Spybot Search and Destroy with immunization and tea timer applied and running, Online Armor Paid Version Firewall, Paid Version of G-Data AntiVirus. You will not have any issues with all of this and you MUST keep ALL up to date including using Windows Update as well. And install Windows 7 (scrap XP)
MrBlueCheese
September 06, 2011 at 9:23pm
I thought the paid version of Malwarebytes and Armor paid version firewall would conflict? Also, wouldn't a paid version of Malwarebytes and G-Data AntiVirus have problems as well?
It seems to me that some of your programs will conflict and cause problems in terms of your security.
Blues22475
September 07, 2011 at 5:34am
That's about what I am saying. You shouldn't really run two real-time anti-virus programs on your computer at the same time. Eventually you will run into issues such as your computer slowing to a crawl, or some issues with startup (just as a couple of examples I've seen already).
blkpanthr
September 06, 2011 at 5:06pm
ive found that rkill (it comes is several flavors)/malwarebytes/super anti-spyware combo from safemode is 100%
that combo has never failed to clear a system ive worked on and it takes about an hour.
nealtse
September 06, 2011 at 4:46pm
I can reformt my boot hard drive and be un and running with all my apps and updates in half a day. Or I can spend a week trawling malware removal forums and waiting for replies. All of my documents and data files are already on another hard drive. I'm going with the tried and true guarantee that you will not have that malware anymore.
MrBlueCheese
September 06, 2011 at 9:25pm
Reformatting the hard drive doesn't guarantee that there's no more malware. Its just the most effective solution for doing so.
Connect with MaximumPC
Featured Content
We introduce Intel's latest class of tablet killers and review 4 of the first Ultra...
This month's issue
Feature
11 Hardware Hacks
Feature
Overclock Your CPU
How-To
Supercharge Your Smartphone
Build It
A Powerful $830 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: HUD-Sporting "Google Glasses" May Hit Streets This Year http://t.co/TDXjJowZ3 hours 6 min ago
- maximumpc: Nvidia Releases WHQL-Certified 295.73 GeForce Drivers http://t.co/NVMWruHO4 hours 39 min ago
- maximumpc: http://t.co/BVVfRA3B4 hours 40 min ago
