I get a lot of requests from friends, family and friends of family for MS Windows support – most notably malware removal. You see, I’m a software developer and a Linux user and that somehow qualifies me for this type of work. Yes, the impeccable logic of a common luser never ceases to astound me.
Fortunately for these people I do have a good deal of experience with IT work. This post is my attempt to pass some of this arcane knowledge onto you. Despite the popular belief, removing malware is not some special skill that needs to be trained or gained via experience. I hardly ever actually hunt down the infections and remove them by hand. 90% of time, this stuff boils down to using the right set of tools, and applying a little bit of critical thinking to the task.
Most of the nasty malware you will get infected with can be effectively removed with one of these tools:
- Malwarebytes Anti-Malware (shareware – free to scan, resident protection costs $$)
- Superantispyware.com (freeware)
- Combofix (specialist tool)
How did I pick these tools? I didn’t pick them at all. The vocal anti-malware community of the internets picked them. I didn’t look at any polls, benchmarks or critical reviews. I use these tools because I know they work. How do I know they work? Because I’ve seen it and because they are recommended in every single security related thread on the internet.
You see, there are dozens of message boards out there dedicated to helping people clean up their infected machines. Users go there and post their symptoms and the resident experts give them recommendations and guide them through removal steps. Do you know what is usually the first step they recommend?
You guessed it – install Malwarebytes, run a scan, post your log file in the reply. Repeat for superantispyware.com. Between the two of them, these applications can remove just about anything. Very few trojans or worms can withstand this tag team. If they do, you can usually go for broke and use ComboFix which is sort of a last resort measure.
Most of the time it will clean your computer off the nasty infection. Every once in a while however it will hose the OS while trying. It will forcefully delete infected system files other anti-malware tools are affraid to touch with a blatant disregard for system stability. This makes it effective, but a bit of a lose cannon. That’s is why it forces you to install the Recovery Console prior to actually performing an aggressive scan.
There is no magical procedure. You should simply follow your common sense. This is what I usually recommend doing:
- Boot into Safe Mode With Networking
- Get rid of Temp files (where malware likes to hide) using ATF-Cleaner or CCleaner
- Install and update Malwarebytes and run a scan
- Install and update Superantispyware.com and run a scan
- Repeat 1-2 times until you get a clean log on both
- If you can’t remove some infections, or you still see the symptoms reboot into normal mode
- Run ComboFix
- If you still can’t remove the infection find it’s name
- Fucking google it!
The last step is crucial – I can’t emphasize it enough. Unless you are extremely unlucky and you got hit by a brand new variant of the malware, someone already went through this crap. It is more likely than not that you will find a forum or blog post somewhere with detailed removal instructions. Or in worst case, you will find links to more specialized tools that may or may not work against the crapware you are facing.
That’s it. That’s how I get rid of 90% of the crap people get infected with.
It’s so easy, even a caveman could do it!