Advanced Malware Removal guide

[MySelfLuls]

Malware Removal Guide

This guide is designed to assist you in removing malware from an infected system that successfully boots, if your computer is completely unable to boot due to malware, please scroll down to the bottom with external links to assist you. If you follow the steps below, this will solve most of the problems you will experience, however there will be times where this guide was unsuccessful, if that is the case please post on the forums or send me a PM here.
If you suspect to have Cryptoware (Cryptolocker etc.) please post on the forums and tag me.

This guide is designed for Windows, if you are a Mac user you can mac user, try Malwarebytes Anti-Malware for Mac.

In the bottom you can also read about how to prevent future infections. I recommend you read the last part even if you do not have any infections.

 

 

Disclaimer

The following instructions are recommendations only, you are in full responsibility of any steps you choose to perform on your computer, the following recommendations have been tested several times previously and have proven to solve the problem, there is always a risk of damaging your Operating System or experience data loss on your machine, it is solely your responsibility to save all work and backup all important data on your system before proceeding

 

 

Malware Removal Guide

Before proceeding, please make sure to remove all suspicious items in your browser’s extensions, also go into your browser’s settings and remove any default search providers and unusual homepages. Download and run the following tools in this order, run all tools unless otherwise instructed. All tools should be run in Normal Mode (not Safe Mode) unless you are unable to boot in Normal Mode or the scans fail in Normal Mode. All tools must be run under an administrative account, do not remove the logs generated by these tools in case you need additional assistance.

 

0) Run Net Adapter Repair Tool as administrator (Only run if you do not have an internet connection)

 

Right click the program -> Run as Administrator

When opening the program, select all the different Additional Tools and click on “Run All Selected”. Reboot if told to. Check if your internet connection has returned and is working, if it does not work re-open the program and run the Advanced Repair If your internet connection does not return, do not worry, download the programs on another PC and tra

• Repair Buttons and Additional Tools
• Advanced Networking Repairs (WinSock/TCP IP, Proxy Clearing, Windows Firewall Repair)
• Release and renew DHCP Address
• Clear Host file

 

1) Download & Run Kaspersky TDSSKiller

 

First step is to run a system scan with TDDSKiller to remove bootkits and trojans. When opening the program, click on “Change Parameters” and enable “Detect TDLFS File System” then click on “OK”
Click on the “Start Scan” button and wait for it to finish. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer, to remove the infections click on “Continue” and TDSSKiller will attempt to clean the infection, a reboot is required afterwards.

 

 

2) Download & Run Rkill

• Kills running malicious processes
• Removes Windows Registry entries to prevent the user from using normal security applications
• Repairs file extensions hijacks

Read more about the program here

 

 

3) Download & Run MalwareBytes Anti-Malware

 

Before running a scan Turn on “Scan for Rootkits”, afterwards run a Threat Scan

• Successfully removes vast majority of infections
• Industry-leading built in rootkit/bootkit scanning engine
• Built-in repair tools to fix damage done by malware

If Malwarebytes Anti-Malware failed to launch or cannot run a scan, follow the next step, if the scan was successful you can skip this step

 

 

3.1) Download & Run MalwareBytes Chameleon

 

Download Chameleon from the link above, unzip the contents to a folder in an convenient location. then open the included CHM Help File (As of 04-07-2016 the name of the file is chameleon.chm) If the program will not open, simply run the other files until one of them remains open.
When the program has opened, click on the buttons starting with (Chameleon #1), continue until MalwareBytes Anti-Malware successfully completes a scan.

 

 

4) Download & Run ADWCleaner

 

When opening the program, click on the “Scan” option under Actions, when it has finished the scan click on the “Cleaning” option under Actions beside the “Scan” option. Reboot your computer upon completion.

• Removes majority of adware, Toolbars and Browser Hijacks
• Removes non-default browser settings
• Fixes proxy settings changed by malware

 

5) Download & Run Malwarebytes Junkware Removal Tool

 

When opening it, follow the on-screen instructions (Press any key to start etc.) and allow it to finish, reboot your computer upon completion.

• Removes PUPs, adware and other miscellaneous tools
• Removes unneeded AppData directories left behind by infections

 

6) Download & Run Emisoft Emergency Kit

 

Then launching the program, it will extract to your specified location and open the folder. Once the folder is open, launch the “Start Emergency Kit Scanner.exe”. You will be prompted to update the program, please do so if you have an internet connection. Afterwards run the “Malware Scan” option which is under “Scan”. Once the scan has completed, click on “Delete Selected” if it found any malware.

A popup from Emisoft Software might come suggesting you to give them your email for tech news, you can close this down safely.

• Can be run from an USB key
• Good at removing Ransomware, PuPs and Adware

If Emisoft Emergency Kit did not detect any malware, reboot your computer and you should be malware free, if you are still experiencing problems refer to the next program or the external links at the bottom.

 

 

7) Download & Run HitmanPro (Only run if previous tools fail to solve the problem)

 

When opening the program, click next and read the information stated, this is important if you only want to run a one-time scan or if you want to install the program permanently, I recommend selecting the one-time scan. The scan will continue when clicking next, let it finish.
Once you click next after the scan has completed, it will ask for a product key, just click on “Activate Free license” to use a one-time license if prompted to.

 

How to prevent future infections

 

Be careful what you download and install. Keep programs like Java & Flash up-to-date, do this by using official websites or use Ninite.

Unchecky can help you prevent accidental installations of adware & spyware during product installations. Make sure your Windows is kept up-to-date as well. Windows updates patches exploits and vulnerabilities in your operating system. Most infections are there because the user has unknowingly given them administrative rights to install and run. The first line of defense starts with you.

 

 

Free Anti-Virus Suggestions

 

• BitDefender
• ESET Free Online Scanner
• Avast
• AVG (Not recommended! Please read comment by @Cosmopath)

 

Helpful Tools

 

• MalwareBytes Anti-Exploit (Blocks exploits)
• MalwareBytes Anti-Malware (This would be my top choice if you were to purchase an Anti-Virus program)
• Unchecky (Unchecks unwanted PuPs in installers automatically)
• uBlock Origin Browser Extension (Blocks advertisements)
• TronScript (Automates malware removal and system cleanup) (Only recommended to advanced users!)
• CCleaner
• Revo Uninstaller

 

Troubleshooting and useful information/links

• Kaspersky TDSSKiller
• Rkill
• Malwarebytes Anti-Malware, Chameleon & Junkware Removal Tool
• ADWCleaner
• Emisoft Emergency Kit
• HitmanPro

 

How do I run my computer in safe mode?
Simultaneously press on the Windows + R keys on your keyboard, then in the run window type “msconfig” and press “OK”.
Switch to the “Boot” tab and in the “Boot options” select the “Safe Boot” option and click “OK”
You will need to reboot your device in order for the setting to take effect, if you have work to do/save you can select “Exit without restart” if not, you can restart now and your device will boot into safe mode.
Note: If you want network on the safe mode, select “Network” under “Safe Boot”

Can’t access Windows?
Try using the Avira AntiVir Rescue System to install AV programs or fix possible issues restricting you from booting into windows.
Please refer to this guide when using the program, it is not straight forward.
How do I use Avira Rescue System?

 

I will attempt to have this post updated if something should change or if something needs to be added.

I hope this guide was of assistance to you, english is not my native language so if you do find any grammatical errors please do help me out!

You can comment on this post or PM me if this did not resolve your issues, however I'd a post on the forums, since other people could find it to be helpful.

If you should have any suggestions/corrections please do send me a PM and I will edit this post and credit you!

Last updated: May 19th 2017

 

[MySelfLuls]

8 hours ago, Cosmopath said:

Great guide, but I have no idea what AVG did to deserve a spot on the "free anti-virus" list. It's mediocre at best: Avast, Avira, and Bitdefender all have higher detection ratios, better real-time protection, and better zero-day protection. Not to mention AVG's user interface looks like something out of the early 2000s. 

 

Hehe, I think I went a bit too hard there. Everything else looks good

The reason why I added AVG was also to give something with a less advanced UI which still does the job, AVG also regularly updates their databases which is a big plus.

This is also the reason I did not add Avira, I feel like others does the job just as good with a better UI or something which looks a lot like it.

 

[MySelfLuls]

1 hour ago, Cosmopath said:

Avast vs AVG detection ratios: 

https://www.youtube.com/watch?v=xZ-rWDaT2IM

As you can see, Avast completely destroys AVG with nearly a clean sheet in removal while AVG has a mediocre 96%.

 

Avira review: 

https://www.youtube.com/watch?v=GRKSYKc2UTc

Outstanding 99.6% detection ratio (Avira has one of the best signatures in all of AV products), blocked all but one sample in real-time protection. 

 

AVG review: 

https://www.youtube.com/watch?v=vd76lM2RaO0

Blocked all but one sample in real-time, but both Avast and Bitdefender ace this real-time link test. They also add their crappy browser bloatware by default and inject ads in some of your webpages: not cool.

Thanks for these interesting videos! I have not done my research properly on AVG it seems, I'll edit the post and change this

Edited August 27, 2016 by MySelfLuls
Shortened it down with links instead of embedded videos