Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

David Murphy

Four steps that will keep your PC happy, healthy, and crap-free

Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.

Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.

We can’t make this stuff up.

So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.

What’s that? The first step doesn't involve files to download or utilities to blast malware from your system? Exactly. The most important thing you have to realize in order to fight the great malware war is that you, and you alone, are the first line of defense. You have only yourself to blame if your computer is completely overridden with problem-causing, yet preventable, programs.

The astute among you will notice that this isn't a proper security scan: It's malware, and it just made life very difficult for this system's user.

Much of the more annoying malware that you can accidentally befriend requires your cooperation in order to get on your system in the first place. You have to download and run an unknown file or agree to have a toolbar placed on your system as part of a software installation routine. You have to accept certain kinds of JavaScript or be fooled by scam websites that claim to be running a virus scan on your system (to name one such harrowing tale).

In short, you have to let your guard down.

Ignore this warning image (or any variant) when you're browsing the Internet, and you could be in for a world of digital hurt.

So how do you protect yourself against your own habits? Keep in mind this rule of thumb: If it’s too good to be true, if it looks strange, or if it’s completely unknown to you, don’t run it. Don’t install it. Don’t accept it, don’t hit “yes” to it, and don’t let it get anywhere near your system. Google, Bing, and Yahoo are your friends. Use them to find more information about a given program before you agree to let it do anything on your system. Don’t surf the Internet blindly, assuming that everything on a website is safe for your system to digest.

We mentioned that a bunch of malware can come through your browser—‘tis a shame, we know. Vulnerabilities in browsers and plugins (and user error) can bring your system to its digital knees faster than you can spell the word “crap” in “crapware.” So let’s start with the simplest step: Stop using an outdated, insecure browser. Make sure you’re at least sporting the latest version of one of the Big Three: Internet Explorer, Firefox, or Chrome.

Google Chrome uses a sandbox to better protect you from web attacks. And based on the limited number of successful hacks over the years, it's worked!

But which? Various research reports have dubbed each of these three browsers as the “best in class” against malware and other social-driven attacks. Our personal preference when it comes to safety is Google’s Chrome browser for three reasons: First, it’s the only browser to use sandboxing as its primary defense mechanism. This method combines a JavaScript virtual machine with an OS-level sandbox to prevent successful attacks against the browser’s rendering engine from affecting a user’s file system. Second, Chrome has been, hands down, the hardiest survivor of each year’s Pwn2Own hacking contest at the CanSecWest security conference: Talk about a real-world verification of its security capabilities, eh? Third, Google updates the Adobe Flash and Acrobat Reader modules itself. So if you’re running the latest version of Chrome, you’re running the latest, most secure versions of Flash and Acrobat Reader available (click the wrench icon and About Google Chrome to verify that you’re running the latest updates).

Firefox's NoScript add-on is an excellent tool for preventing page plugins from running on untrusted sites.

But we’re just getting started. JavaScript vulnerabilities—including blatant attacks that rely on a user’s cooperation to work—can just as easily affect your browser. If you’re rocking Firefox, grab an extension called NoScript, which will allow you to disable a page’s plugin elements (including Java­Script and Flash!) by default, unless you trust the site enough to give ‘em a go. Chrome doesn’t have an add-on for the same feature, but you can disable JavaScript by default in the browser’s Under the Hood settings section. And if you want to specifically allow a site’s JavaScript to function, just click the associated X icon in the browser’s address bar to set up site-specific trust. Or, if you don’t mind using a slight variant, you can do your best to mimic NoScript-like control using the NotScripts add-on.

Other extensions and add-ons worth wielding to fight the malware fight include Web of Trust, KB SSL Enforcer, Adblock, and HTTPS Everywhere.

Running a perfect browser setup only goes so far in the battle against malware: Remember, you are your own worst enemy. Assuming that malware could slip through the gates at some point, what are some of the free software tools you can use to equip your system with powerful protection before a rogue app gets out of hand?

First up, you’ll want a comprehensive scanner running day in and day out to make sure that each and every bit of software you slap onto your computer gets a quick check. For that, we turn to none other than Microsoft’s own Security Essentials app . Our reasons are simple: It’s free and it works. Is it as comprehensive as a premium paid solution? No, but our rationale here is that it’s better to have free AV that has updated definitions than a paid AV suite with a lapsed subscription.

Install Security Essentials and you’ll get instant access to frequent Microsoft virus and spyware updates, in addition to a real-time scanning mechanism that protects your system from anything you download from the Internet (or, if you’re fancy, anything on a USB device from the moment it’s jacked into your system). MSE schedules nightly scans to run by default, but feel free to reschedule these for any time that suits you. Additional options let you set the exact parameters for when the scanning should start, which include the ability to restrict virus and malware hunts to periods when your CPU use is below a certain threshold.

Some of the very best antimalware apps on the market can be had for free, but with an asterisk: We’re talking, of course, about SuperAntiSpyware and Malwarebytes’ Anti-Malware . We’re fans of Malwarebytes’ offering, mainly because the freeware version of its powerful antispyware app gives you a few more features to tinker with than SuperAntiSpyware’s. The hitch with both? No real-time protection, so make sure you set a mental task for yourself to run these apps on a daily or weekly basis.

If you want to get truly hardcore, be sure to grab ComboFix , as well. This app, often considered the “nuke it from orbit” option for certain nefarious bits of malware, uses the Windows Recovery Console to find and eliminate annoying malware. It doesn’t protect your system up front, but it’s a great tool to have in your back pocket when disaster strikes.

RKill is an excellent tool for detaching malware that won't stop running on your system: If it's running, it's not getting deleted by your antimalware apps.

So you’re infected. Shucks. Malware comes in different forms and annoyance levels, depending on just how well the particular piece of offending software has entangled itself into your operating system. This makes it difficult for us to deliver a fix that fits every situation. However, we can at least give you a few helpful suggestions for freeing your PC from malware’s clutches.

First off, see if a simple scan from Windows Security Essentials stops your issue dead in its tracks—likely not, but it never hurts to try the simplest solution before you start rolling up your sleeves a bit more. Update your definitions and select the full‑scan option, and then sit back and hope that Microsoft’s scanner can fix your problem. No luck? Next, fire up Malwarebytes’ Anti-Malware, make sure your definitions are updated, and run a full scan on your system. If it catches an issue, great; if not, and your malware problem persists, it’s time to get a little more creative. Fire up the utility RKill , and use it to try to force-stop any malware processes that happen to be running in your system’s background. Run a full scan with Malwareybytes’ Anti-Malware one more time.

If you’re still out of luck, you’ll want to reboot your system into safe mode (keep pressing F8 as the BIOS loads until you’re given the option for safe mode) and repeat the same RKill/Malwarebytes’ Anti-Malware step as before. You’re doing this in an attempt to unhook whatever malware’s plaguing your PC from the operating system itself: It’s not getting wiped out because it’s still active (and possibly protecting itself from your removal tools).

Still hurting? Fire up Combo­Fix and let the scanning and removal tool work its magic—if, for some reason, it can’t remove whatever’s affecting your system, you’ll get a lengthy log that you can post on one of ComboFix’s associated web forums for further assistance from qualified log parsers. At this point, it might be worth your while to check out other scanning tools not explicitly mentioned in this article, which range from Spybot Search&Destroy , to McAfee Labs Stinger , to GMER , to Sophos Anti-Rootkit , and the list goes on. And you might also benefit from grabbing a few live CDs, like AVG’s Rescue CD or Hiren’s BootCD , for malware and virus removal.

Booting a system into safe mode is a useful technique to prevent malware from starting—and to ensure that your antimalware apps catch it.

There are nearly as many tools for removing malware as there is malware to infect you. The better you can protect your PC up front, including training yourself to recognize potential malware when it presents itself and keeping it off your system to begin with, the less you’ll have to fool with potentially complicated removal techniques later.

But if you have to go down this route, and simple scans aren’t getting the job done, don’t forget to try ripping active malware processes out of your operating system and booting your PC into safe mode. After that, exorcising these software demons from your system is all up to your tenacity, your search engine research skills, and your knowledge of third-party removal apps—Or, if worse comes to worst, your backup schedule. You know, a clean install is but a few clicks away!

So you’re paranoid. We get it. There’s nothing wrong with wanting even stronger security measures than those we’ve mentioned in this article. For the best-in-class prevention against debilitating malware and viruses, you have two options: a virtual machine or a "live CD."

A virtual machine is exactly what it sounds like: a pseudo operating system that runs within your existing operating system. Think Inception. Anything that happens to your OS‑inside‑an‑OS cannot break out of the dream. Applications, malware, drive formats, you name it: That which transpires within the virtual machine’s operating system will never affect your actual operating system running one layer above it. Beware, though: Some malware can tell if it's running on a VM and won't activate if it is. This can make compromised software seem harmless, and could get you to lower your guard and install it on your real machine, where the malware will activate.

Our recommendation? Check out VirtualBox , a totally free VM that lets you install any Windows version you want.

You can also super-protect your primary system (or browsing experience) by running your actions off a live CD. A live CD is typically a version of the Linux operating system that’s been installed on a physical disc or USB key. Restart your computer and boot off a live CD, and you’ll find yourself within a self-contained OS that’s free of malware and other problems the second you boot. Once you’re finished, presto: Your changes can disappear and you’ll be back to a brand-new version of the OS to boot into the next time you need it.

Our recommendation? Check out Xubuntu . It’s not as graphically interesting as other Linux “buntus,” but it does give you a bit more flexibility for running the operating system on lesser systems—like those with anywhere from 256 to 512 megabytes of RAM.

Around the web

by CPMStar (Sponsored) Free to play