How to remove a serious malware infection: (updated)

[Akolyte]

Malware and Viruses have got to the point these days that computers can get held for ransom, credit card numbers can be stolen in the blink of an eye and even worse.  So I'm an AVG hall of famer, and here is what I would do to remove a serious malware infection.  

 

This guide will be in phases, each phase will be a certain strength.  So go from phase 1 to the last phase, until you remove the infection. 

 

PHASE 1: Scanning -removes most infections, very quick and simple.

 

1. Download 3 scanners.  Malwarebytes, Kaspersky TDSS killer and Comodo Cleaning essentials AKA CCE.

 

2.  Run Malwarebytes quick scan, it should remove most infections on the system and will ease the process to move on.  Remove all infections however do not restart.

 

3. Run Comodo Cleaning essentials, it will scan the system and will require a reboot during the scanning process to scan for serious rootkits.  Comodo Cleaning essentials will find some stuff and remove the things it finds.

 

4. After the Comodo scan has finished and all infections are removed run Kaspersky TDSS killer, this will not require a restart but will scan for rootkits.  Since rootkits are serious this is a scan to make sure they are gone. 

 

PHASE 2: Bootable media scanning -suitable for deep infections or ransomware.

 

1. Download 1 of 3 ISO files.  Kaspersky Rescue Disk, Comodo Rescue Disk or AVG Rescue CD.

 

2. Burn the ISO image to a Bootable CD/DVD or CD ROM or even a USB.  Don't forget to verify it.

 

3. Boot from the removable media and it will open a linux environment.  Update the scanner inside of the Bootable enviroment and run a scan.  NOTE: Kaspersky and Comodo disks both have files and reg managment tools to find malware manually. 

 

4. Remove all detected infections.  If none are found and you suspect there are some still located on the system.  Try a different ISO.

 

PHASE 3: Manual removal -removes infections, can leave traces and quite hard. 

 

1. Download the Ubuntu ISO

 

2. Burn the ISO to some removable media 

 

3. boot from the removable media, and select try Ubuntu.  

 

4. In the desktop environment.  Explore your C:\ drive and locate files that are malware/ viruses and delete them.  

 

If you still need to remove malware there are other options such as a reinstall, repair install or using programs and tools that might work.  

 

I hope this helped, if you have any questions dont hesitate to ask

 

July 2014 Update:

 

How To Attempt to Successfully Remove And Restore From Ransomware:

 

As soon as you get infected with ransomware or if you are dealing with a client with an already infected system, disconnect the internet straight away to prevent it spreading throughout the network.  

 

Restart the computer into safe mode with command prompt, as sometimes safe mode with networking and safe mode are blocked, so restart into safe mode with networking and when you boot up type "start explorer.exe" and hit enter, this should start explorer so you can navigate as normal.  

 

Find the ransomware and remove it, or at least find the ransomware startup item and disable it.   

 

Boot up into regular windows and download and install: 

Malwarebytes Anti-Malware: https://www.malwarebytes.org/

Comodo Cleaning Essentials: http://www.comodo.com/business-security/network-protection/cleaning_essentials.php

And Download and install Kaspersky Security Scan: http://www.kaspersky.com/security-scan

 

 Run Kaspersky Security scan full scan and allow it to remove all items it finds if any, we run this tool first because it can disinfect any compromised files incase the ransomware has hidden inside of a system32 file.  Afterwards extract the .zip file that contains Comodo Cleaning Essentials and run CCE, run a full scan and follow all of the instructions, Comodo Cleaning Essentials will search for any leftovers and is extremerly strong.  After that run Malwarebytes to find and remove all leftover files and remove any leftover ransomware files and comprimised registry keys. 

 

Now, hopefully you have a backup, because getting back your encrypted data is not easy and is extremerly rare, therefore you need a backup to restore from.  Sadly I do not know a way to restore your personal files back to their former glory.

 

If you have not yet been infected by cryptolocker:

 

Create a backup: Backups are essential especially as there is this ransomware malware on the loose. Creating backups is easy, I advise saving all of your documents and pictures and videos folders as well as a system image to an external hard drive that is disconnected from your computer unless in use.  

 

Use Antivirus software:  Antivirus software is essential these days whether its microsoft security essentials or Kaspersky these days it is important to have protection from threats.  Any antivirus will do, if you are looking for a free solution I prefer Microsoft Security Essentials AKA Windows 8 Windows Defender, but Alternatively Avast, AVG and Comodo are all good antivirus software as well. 

 

Use Zero Day protection:  With cryptolocker and other malware it can be hard for your antivirus to catch every one, therefore its important to have some form of backup protection running in the background as a form of protection from unknown threats, this isn't virus protection as such but can block things such as cryptolocker from encrypting your files.  I recommend Sandboxie if you are willing to manually run unknown executables http://www.sandboxie.com/ and or Hitman Pro alert if you want an easier, lighter but slightly less effective solution http://www.surfright.nl/en/alert/ . 

 

 

 

This update was basic but I feel I must keep adding content to keep this flowing, i'll add more removal guides as time goes on.  Thanks guys

[TechSage]

I'll keep this thread in mind next time I give my parents my laptop to use, they click on EVERYTHING!

[JoshM]

Dude if it gets to a point where you can't beat it for have to do that, I just wipe the HDD and start again lol

[CoolBeans]

Step 1 don't download anything that is sketchy

Step 2 return to step 1

[TechSage]

Step 1 don't download anything that is sketchy

Step 2 return to step 1

Step 1: Don't watch porn.

[CoolBeans]

Step 1: Don't watch porn.

Porn is fine, just don't download it

[TechSage]

Porn is fine, just don't download it

True, piratebay has the worst of it.

[Akolyte]

Porn is fine, just don't download it

I bet your saying that because you watch porn   but porn is actually dangerous.  There have been a number of new blackhole exploit kits coming from porn websites.  And Drive by downloads.  So I think its more "Porn is fine, just only watch it on other's computers"   

[CoolBeans]

I bet your saying that because you watch porn   but porn is actually dangerous.  There have been a number of new blackhole exploit kits coming from porn websites.  And Drive by downloads.  So I think its more "Porn is fine, just only watch it on other's computers"  

Or on mobile

[Akolyte]

Dude if it gets to a point where you can't beat it for have to do that, I just wipe the HDD and start again lol

though for people like my mom who NEVER make a backup and who NEVER think before they click... this is a guide that its good to be followed.  Of course I normally wipe and refresh the OS before booting from a rescue disk.  

[Akolyte]

Or on mobile

Actually no, there are allot of exploit kits and drive by downloads on Android as well.  

[Altecice]

You should also look into hitmanPro, its a cloud based scanned. very good

[Akolyte]

You should also look into hitmanPro, its a cloud based scanned. very good

I use that allot but since you need to pay for it I didnt add it into this guide.  But yes its a great scanner! 

[Bonsai99]

Dude if it gets to a point where you can't beat it for have to do that, I just wipe the HDD and start again lol

This exactly.

[BallisticPeanut]

Step 1: Don't watch porn.

I've managed to watch porn safely and download it. Took awhile and I infected our family PC like 3 times when I was 12, but I eventually found a method.

[JoshM]

though for people like my mom who NEVER make a backup and who NEVER think before they click... this is a guide that its good to be followed.  Of course I normally wipe and refresh the OS before booting from a rescue disk.  

If they have problems with clicking on shit, how the hell are they going to be able to do that?

[ttam]

*Looks around*

*Looks at my Malware guide under this one*

*Runs away*

[Akolyte]

If they have problems with clicking on shit, how the hell are they going to be able to do that?

they don't.  I do, and maybe some other people can use this to help others as well

[Akolyte]

*Looks around*

*Looks at my Malware guide under this one*

*Runs away*

I read that guide, its very good.  Good work!  why you run away?  

 

Yours is a malware removal guide, mine is for serious infections. 

[JoshM]

they don't.  I do, and maybe some other people can use this to help others as well

Ok then, I always tell people to use an external drive anyway and I use an antivirus and I find scanning everything and backing up stuff works for me and my family haha.

 

I'm not knocking the guide, it looks to be a good one btw

[TechSage]

I've managed to watch porn safely and download it. Took awhile and I infected our family PC like 3 times when I was 12, but I eventually found a method.

LOL, when you were 12 haha. I watched in Grade 8 for the first time, actually, they were just pictures.....even now I'm 17, and I don't watch it at all. It wires your brain so that it's used to different women each time, since we hardly go back to the same video. Then you can never be truly satisfied with someone 

[Erebus305]

Windows defender immediately caught a Trojan just by me visiting a tube site, I didn't download anything. Ran full windows defender scan and removed the baddie, then full scanned with malwarebytes and nothing rinse and repeat with the others listed by OP. You can catch something just by visiting a not so safe site so its important to be vigilant against this sh*t!  Fapping isn't so safe anymore :angry:

[BallisticPeanut]

LOL, when you were 12 haha. I watched in Grade 8 for the first time, actually, they were just pictures.....even now I'm 17, and I don't watch it at all. It wires your brain so that it's used to different women each time, since we hardly go back to the same video. Then you can never be truly satisfied with someone 

I stopped when I was about 16 and a half, it just wasn't worth the trouble. But, I was very interested when I was in Middle School after my friend showed me that you could look it up on the internet  :lol:

[Akolyte]

Ok then, I always tell people to use an external drive anyway and I use an antivirus and I find scanning everything and backing up stuff works for me and my family haha.

 

I'm not knocking the guide, it looks to be a good one btw

Thanks! I use a second hard drive in my machine.  I always tell people to back things up in the cloud, because its safer sometimes and means that if theres a house fire your pictures arent crapped.  I always use an antivirus no matter how many friends say they are useless, I have tested them against malware less that 24hours old and I know what that shit can do. 

[Akolyte]

Windows defender immediately caught a Trojan just by me visiting a tube site, I didn't download anything. Ran full windows defender scan and removed the baddie, then full scanned with malwarebytes and nothing rinse and repeat with the others listed by OP. You can catch something just by visiting a not so safe site so its important to be vigilant against this sh*t!  Fapping isn't so safe anymore :angry:

Yup, those threats are very popular.   My friend once got a downloader from a webpage, which automatically downloads viruses to your computer.  He got one of them and he was using some shit free antivirus he found online and the antivirus actually crashed during removal.