Let’s get straight to the point.
Depending on the malware type, you may get away only by using the infected computer to perform self-cleaning.But if you suffer from a more sinister intrusion type, you will need another computer with an internet connection and a USB stick or any other type of removable storage to copy the needed files to infected pc.
(1) Always do your best to find out the malware name or intrusion type. 60-70% of times if you find the virus name or type, you will easily find a tool to get rid of it. Many antivirus companies make small applications free for download that remove certain types of viruses. To find a virus name, look at your desktop for any unknown new icons, check your antivirus log (it has possibly detected it but unable to remove, it will display the name or type), look for obvious things like suddenly you have a program called “Registry Cleaner” or “Microsoft Antivirus” or “Speed optimiser” etc. Very often malware will pretend to be helping you, in a very nice looking application layout it will be showing you all these problems with your machine etc. , but instead its all fake. So “Google” the name and you will find out instructions or tools to get it out.
EXAMPLES OF VIRUSES PRETENDING TO BE ANTIVIRUS:
(2) Most everyday viruses can be removed by running you antivirus scan (deep/full scan). Unfortunately there is still a lot of malware out there for which you will need some more advanced tools to heal your system.
- RKill and ComboFix from Bleeping Computers, my absolute favourites. Combinaton of these tools can remove 98% of viruses today.
HOW TO USE THEM:
!!! IMPORTANT !!! Only use these tools when necessary, ComboFix can damage your system in some cases, do not use if there is no intrusion. ComboFix is not an antivirus and can not be installed. It is only a tool for malware removal. DISABLE ANY INSTALLED ANTIVIRUS BEFORE RUNNING COMBOFIX. Combofix needs to be re-downloaded every time because it doesn’t update the definitions like a normal antivirus, therefore make sure to grab the latest version from the link above.
1. Once downloaded put both files (RKill and ComboFix) on your C: drive (Windows OS Drive usually C:)
2. Run RKill first with Administrator rights (right click>Run as administrator or just double click if you already have admin rights)
Rkill will open a Command Prompt (black DOS) window and start checking the system for anything out of the ordinary. It looks at the executables file association, it looks at registry, running services/processes etc. Many viruses will hook up to your system before OS boots so your Antivirus is unable to detect them and stop. RKill sees these intrusions and stops them from being in “Work in progress mode” to “Inactive” mode. It does not remove them, it only gives your antivirus some chance against them.
After RKill you can try and run your ordinary Antivirus software, but i recommend to run ComboFix instead. From personal experience regular antivirus programs even after RKill are unable to take the virus down.
Run ComboFix with administrator rights and follow its instructions. It is very straight forward, make sure not to interrupt ComboFix in any stage. Depending on the infection size, it may take from 5min to 1hour (yes thats right 1 hour!). Do not restart the pc on your own unless instructed. Once ComboFix is done it will show you a log file in notepad.
Now, to be on the safe side, reboot your PC and run the process again. RKill then ComboFix.
Rest coming soon.