Our community of experts have been thoroughly vetted for their expertise and industry experience. Experts with Gold status have received one of our highest-level Expert Awards, which recognize experts for their valuable contributions.
The intent of this Article is to provide the basic First Aid steps for working through most malware infections. The target audience includes experienced IT professionals and the casual user who just wants to make the infection go away.
****************
For those familiar with basic “First Aid” principles, one of the first steps in a medical emergency is to “stop the bleeding”.
If you come upon an injured person, you don’t splint a broken leg first, right? You make sure air is flowing into the lungs, stop the bleeding, and then treat for shock.
After getting the basics out of the way you can then move on to address any other problems that exist.
*******************
Most variants of malware will make your computer do something that you don’t want it doing. It might be a simple ‘re-direct’ problem; where you type in www.abc.com and your browser goes to www.xyz.com – not a big deal, right?
Well, maybe it is a very big deal. You didn’t end up at the web site you intended, and who knows what is waiting for you when to get to that re-directed site. It's not uncommon for malware to direct users to sites where they can pick up other "drive-by downloads" or even to install additional malware directly.
You might click on one of your favorite applications, but instead of “MS Word” opening up, totally different functions start happening.
Worse than annoying, some of these rogue processes/applications can be stealing information from your computer or allowing your computer to be used for improper/illegal acts.
Many of the current malware infections will prevent even the best scanner programs from running properly. Some can even recognize the executable name of these scanners when you try to install them on an infected computer - then prevent the installation or alter the results of the scan.
At each of those links are additional instructions that you need to review carefully before using the tools. REMEMBER: it's best to access these via another computer, copy the file(s) to a CD (or - not preferred - a USB drive), and transport them for installation on the infected computer.
Of the three, I prefer RogueKiller because of the additional functions/fixes it provides after stopping the processes. "TheKiller" has had great reviews from some very high level anti-malware experts and has some automated functions that make cleaning up even easier.
**************
Continuing the treatment.
Once the rogue processes are stopped (DO NOT re-boot your computer), you can scan for malware with your favorite scanners.
The team of developers at Malwarebytes is among the most dedicated in the business and they update the scan (DAT) files several times a day.
When I download MBAM from the link above, I always use the Internet Explorer “Save As” function to rename the executable from “mbam-setup-xxxx.exe” to something like “mb.exe”. Some malware variants can recognize the actual executable file name and prevent it from installing or functioning correctly.
After you have installed Malwarebytes, be sure to update it from this tab:
After updating, run a “Quick Scan” from this tab:
If MBAM finds any malware, it will display it as in the screen below. Simply click on the “Remove Selected” button and the infection will be removed.
A Log will be generated and you should review the information carefully.
If you already have a question pending on Experts-Exchange, attach the log to a post in your question.
If you haven’t yet started a question, do it now and post the log as part of the process.
At this point I will usually shut down the system for a few minutes and then do a cold boot.
When you re-start your system, go ahead and do another “Complete Scan” with Malwarebytes. You will almost never find additional infections, but this scan will only take a few extra minutes and is well worth it.
One of the cautions in fighting malware is to use the minimum number of tools possible. If you can (1) effectively stop the rogue processes and (2) successfully run Malwarebytes, you are well on your way to cleaning your system. Open a question in the Virus & Spyware Topic Areas and post the logs from the tools/scanners you have used and get some input from our experts.
In specific instances there may be tools targeted for a certain variant of malware that you have. In those cases, the Experts can provide you with additional instructions.
If you used a USB drive, be sure to scan it before using it again - remember that some malware can spread via USB drive.
Below are some general comments about frequently recommended tools in the Virus & Spyware Zones.
TDSSKiller is an effective tool for fighting “Rootkit” type infections, but I’ve tested HitmanPro and haven’t found to do anything beyond what MBAM has already done.
There is really no way to provide a comprehensive list of all the recommendations you might see, but you definitely need to be in “Caveat Emptor” mode. Before using any recommendation, go to the linked site and read about it. Read the FAQ’s and Forums, then evaluate how well the developers respond to their users. Some tools are very well known and have been used by millions of people all over the world, but most are not that well known.
Educate yourself about the product – and also about the “Expert” who is recommending it. Feel free to ask the Expert "why" they are making the recommendation they've posted. After all, it is YOUR computer – and you need to be prudent about the actions you take.
Our community of experts have been thoroughly vetted for their expertise and industry experience. Experts with Gold status have received one of our highest-level Expert Awards, which recognize experts for their valuable contributions.
An excellent article with an interesting medical analogy! Comprehensive, well researched, and accurately detailing the thoughts of those of us who are already quite familiar with the capabilities of Malwarebytes, and other reliable scanners. It correctly emphasises the need to run in normal mode for most efficient infection removal, and includes links galore to other valuable articles.
Our community of experts have been thoroughly vetted for their expertise and industry experience. Experts with Gold status have received one of our highest-level Expert Awards, which recognize experts for their valuable contributions.
Jonvee - thank you for the comments and vote.
I heartily concur with your thoughts about BillDL - he posts some of the most thorough/well-researched advice on EE (or anywhere else).
Our community of experts have been thoroughly vetted for their expertise and industry experience. Experts with Gold status have received one of our highest-level Expert Awards, which recognize experts for their valuable contributions.
Comments (18)
Commented:
Good comprehensive advice from BillDL.
Definitely my yes vote! Thank you.
Author
Commented:I heartily concur with your thoughts about BillDL - he posts some of the most thorough/well-researched advice on EE (or anywhere else).
Commented:
Commented:
("=" are the red cheeks)
(but the praise is deserved)
Commented:
View More