How to Clean An Infected Computer

 

The truth is that it's a lot easier to keep a computer malware free than it is to clean one that is already infected. However, with the advice given in this article you should be able to remove any type of malware from your computer and get it back to working order. The main problem with most malware removal guides is that you have no way of knowing if all of the infections were removed. However, with my approach you can easily tell if even just running a single scanner was able to entirely clean the infection. Thus, this can save you the hassle of having to run many different scanners and the uncertainty of whether your computer is really malware free.

 

Make sure you follow this article in order so as to clean the infections with as little work as possible. The idea is that most people won't have to go any further than the first approach in order to clean their computers of active malware. Thus, effectively this article is actually much shorter than it appears to be.

 

However, before attempting to remove any infected files you should first back up all important files. These may include documents, pictures, videos, etc... This way if anything goes wrong with the cleaning process, which is a very real possibility, your important documents will still be intact. However, do not include any program files as it is possible that these may be infected. Please note that if your computer cannot boot you should follow the advice on this page in order to back up all important files. Also, while cleaning the computer it's important to remember that all scanners can sometimes be guilty of false positive detections. Therefore, before removing any files which you believe could possibly be safe, you should check them using the methods I discuss in How to Tell if a File is Malicious.

Changelog:

5/23/2014-Added link to Best Free Antivirus Software article.

 

Index

1. Make Sure Computer Is Actually Infected

2. How To Clean Your Computer And Make Sure It's Actually Clean

    ​A) Clean Computer With CCE and TDSSKiller

    BIf Still Not Clean Then Scan With HitmanPro, Malwarebytes, And Emsisoft Anti-Malware

    C) If Needed Try These More Time Consuming Methods

    D) If Necessary Make A Bootable Disk

3. What To Do If The Above Methods Are Unable To Clean Your Computer

4. What To Do After All Malware Is Confirmed To Be Removed

 

1. Make Sure Computer Is Actually Infected

 

Before attempting to clean any infections from your computer it's important to make sure that the computer is actually infected. To do this please follow the advice I give in How to Know If Your Computer Is Infected. If the results of this do in fact show that your computer is infected then continue to follow the steps in the next section. Make sure that you follow them in order.

 

2. How To Clean Your Computer And Make Sure It's Actually Clean

 

Please note that advanced users may just want to skip to the last part about how to Make A Bootable Disk and clean the computer that way. This approach is the one which is most powerful, but it is also one of the more time consuming approaches. That said, if you wish you can jump directly to that section and then come back to the beginning again if the infection is not entirely removed.

 

A) Clean Computer With CCE and TDSSKiller

Download Comodo Cleaning Essentials (CCE) from this page. Make sure to select the correct version for your operating system. If you're not sure if your computer is running a 32 or 64 bit operating system then please see this FAQ. Also, download Kaspersky TDSSKiller from this page. Note that if neither will not download correctly, or your internet connection is not working, you should download them on another computer and transfer them to the infected one via a flash drive. Make sure there were no other files on the flash drive. Be careful with the flash drive as the malware may actually infect it when you plug it into the computer. Thus, don't plug it into any other computers after transferring these programs. Also, I would like to point out that both programs are portable. This means that once you're done using them no uninstall is required. Just delete their folders and they will be gone.

 

After downloading CCE unzip the file, open the folder for CCE, and double click on the file called CCE. This will open the main program for Comodo Cleaning Essentials. If it refuses to open then hold down the shift key and, while still holding it down, double click on the file called CCE. After CCE has successfully opened you can let go of the shift key. However, do not let go of it until the program has fully loaded. If you let go of it even during the UAC popup it may not be able to forcefully open correctly. Holding down shift should allow it to open, even on heavily infected computers. It does this by killing most of the unnecessary processes that could be interfering with its launch. If it still will not launch then download and run a program called RKill. This can be downloaded from this page. This program will terminate known malicious processes. Thus, after running it CCE should be able to open fine.

 

Once it's opened perform a "Smart Scan" with CCE and quarantine anything it finds. This program also scans for system changes which may have been caused by malware. These will be shown with the results. I would advise letting it fix these as well. Restart your computer when prompted. After the computer restarts run Kaspersky TDSSKiller, perform a "Smart Scan", and quarantine anything it finds. If anything was quarantined restart your computer once more.

 

Also, if your internet connection was previously not working please check again to see if it is now working. If not then you should go to this section of my guide about How to Fix a Malware Infected Computer and follow the advice given to fix your internet connection. A working internet connection is required for the remaining steps of this section.

 

Once you have verified that your internet connection is working, again open CCE. Hopefully it will open up normally this time, but if not then open it while holding down shift. Then open up KillSwitch from the tools menu in CCE. In KillSwitch, select the option to "Hide Safe Processes" from the "View" menu. Then right click on all processes which are flagged as suspicious or dangerous and select the option to delete them. You should also right click on any unknown processes that remain and select the option to "Kill Process". Do not delete processes flagged as FLS.Unknown. Next, open up Comodo Autoruns from the tools menu in CCE, and select the option to "Hide Safe Entries" from the "View" menu. Then disable any entries belonging to files which are flagged as suspicious or dangerous. You can do this by making sure the check box next to the entries is unchecked. You should also disable any entries flagged as FLS.Unknown, but which you believe likely belong to malware. Do not delete any entries. 

 

Now restart your computer. After it reboots, again check your computer using the advice I give in How to Know If Your Computer Is Infected. If all is well then you can skip to the section about What To Do After All Malware Is Confirmed To Be Removed. Remember that a disabled registry entry is not a risk. Also, note that even if your computer is found to be clean of active infections there could still be pieces of malware on your computer. These are not dangerous, but don't be surprised if running another scanning program still detects malware on your computer. These are the inactive remnants of what you have just removed. If you are not comfortable having these remnants on your computer then you can remove the vast majority of them by scanning with the programs in the next section.

 

However, if your computer is not yet clean of active infections, but at least one of the programs was able to run, then go through the steps outlined in this section once more and see if that is able to remove the infections. However, if neither program was able to run please continue to the next section. In addition, if even following the advice in this section a second time is not enough to clean your computer you should continue to the next section.

 

B) If Still Not Clean Then Scan With HitmanPro, Malwarebytes, And Emsisoft Anti-Malware

If the above steps failed to fully remove the infections then you should download HitmanPro from this page. Install the program and run a "Default Scan". Note that if it will not install please continue to the next paragraph and install Malwarebytes. During the installation of HitmanPro, when asked I would recommend you choose the option to only perform a one-time check of the computer. This should be suitable for most users. Also, if malware prevents it from loading correctly then open the program while holding down the CTRL key until the program is loaded. Quarantine any infections it finds. Please note that this program will only be able to remove infections for 30 days after it is installed. During removal you will be asked to activate the trial license.

 

Once all detected infections are removed by HitmanPro, or if Hitman Pro refused to install, you should download the free version of Malwarebytes from this page. Note that it has chameleon technology which should allow it to even install on computers which are heavily infected. During installation I would advise that you uncheck the box to "Enable free trial of Malwarebytes Anti-malware Pro". Make sure that it is fully updated and then run a quick scan. Quarantine any infections that it finds. If asked by either program to restart your computer, make sure that you restart it.

 

Next download Emsisoft Emergency Kit from this page. Once it's finished downloading, extract the contents from the zip file. Then double click on the file called "start" and open the "Emergency Kit Scanner". When prompted allow it to update the database. Once it's updated select the option to go "Back To Security Status". Then go to "Scan now" and select the option to perform a "Smart Scan". Once the scan is complete quarantine all detected items. Restart whenever required.

 

After scanning your computer with these programs you should restart your computer. Then once again check your computer using the advice I give in How to Know If Your Computer Is Infected. If all is well then you can skip to the section about What To Do After All Malware Is Confirmed To Be Removed. Remember that a disabled registry entry is not a risk. However, if your computer is not yet clean then go through the steps outlined in this section once more and see if that is able to remove the infections. If the programs in part A of this section were previously not able to run correctly you should go back and try and run them again. If none of the above programs were able to run correctly please boot into Safe Mode with Networking and try scanning from there. However, if they were able to run correctly, and threats still remain even after following the advice in this section a second time, then you should continue to the next section.

 

C) If Needed Try These More Time Consuming Methods

If the above steps were not able to completely remove the infection then you likely have some very inhospitable malware inhabiting your machine. Thus the methods discussed in this section are much more powerful, but will take much longer to complete. The first thing I would advise doing is to scan your computer with another anti-rootkit scanner called GMER. It can be downloaded from this page. Remove anything shaded in red. Make sure you do click on the Scan button once the program has finished its quick analysis of the system. Also, if you're running a 32 bit operating system you should download a program to scan for and remove the ZeroAccess rootkit. Information about this rootkit, and a link to a program to remove it from 32 bit systems, can be found on this page. The AntiZeroAccess tool can be downloaded from the link in the second paragraph.

 

After scanning with the above programs you should next open CCE, go to the options, and select the option to "Scan for suspicious MBR modification". Then select OK. Now perform a full scan with CCE. Restart where requested and quarantine anything it finds. Note that this option can be relatively dangerous as it could possibly identify problems where there are none. Use it carefully and make sure everything important is already backed up. Note that in rare cases scanning with these options may render your system unbootable. This rarely happens, but even if it does it should be fixable. If running this scan renders your computer unbootable please see this section of an article I wrote about How to Fix a Malware Infected Computer. It should be able to help make your computer bootable again. 

 

Once CCE has completely finished, again open up CCE while holding down the SHIFT key. This will kill most unnecessary processes which may be interfering with your scans. Then open KillSwitch, go to "Tools", and choose the option to "Hide Safe Processes". Now, once again delete all dangerous processes. Then, you should also right click on any unknown processes that remain and select the option to "Kill Process". Do not delete them. You should follow the advice in this paragraph each time you restart your computer in order to make sure that the following scans are as effective as possible.

 

After killing all processes not verified to be safe you should open HitmanPro while holding down the CTRL key. Then perform a "Default Scan" and quarantine anything it finds. Then perform full scans with Malwarebytes and Emsisoft Emergency Kit. Quarantine anything they find. Then download the free version of SUPERAntiSpyware from this page. During installation be very careful as other programs come bundled with the installer. On the first page make sure to uncheck both options about adding Google Chrome. Then click on the option for "Custom Install". During the custom install you will once again have to uncheck two boxes about adding Google Chrome.

 

Other than that the program will install fine. When asked I would recommend that you decline the option to start a free trial. Once the program is fully loaded select the option to do a Complete Scan and click on the button to "Scan your Computer...". Then click on the button to "Start Complete Scan>". Remove all detected files and restart wherever required.

 

After following these steps you should restart your computer. Then once again check your computer using the advice I give in How to Know If Your Computer Is Infected. If all is well then you can skip to the section about What To Do After All Malware Is Confirmed To Be Removed. Remember that a disabled registry entry is not a risk. However, if your computer is still not clean then go through the steps outlined in this section once more and see if that is able to remove the infections. If it is not then you should continue to the next section.

 

D) If Necessary Make A Bootable Disk

If the above methods were not able to completely remove the infection, or you cannot even boot your computer, then you may need to use a bootable CD/Flash-Drive, also called a bootable disk, to clean your computer. I know this may sound complicated, but it's really not that bad. Just remember to create this disk on a computer that is not infected. Otherwise the files may be corrupted or even possibly infected.

 

Because this is a bootable disk no malware can hide from it, disable it, or interfere with it in any way. Thus scanning in this way, with multiple programs, should allow you to clean almost any machine, no matter how infected it may be. One exception to this is if the system files on the machine have themselves been infected. If this is the case then removing the infection may cripple the machine. It's largely for that reason that you backed up all important documents before starting the cleaning process. That said, sometimes it's possible to get around that by following the advice I give below.

 

To do this you should download the Shardana Antivirus Rescue Disk Utility (SARDU). This is an excellent program which will allow you to create a single rescue disk with multiple antivirus programs on it. It also has many other useful functions, which I will not be discussing in this article. A few very useful tutorials for SARDU can be found on this page. Be very careful about the added offers now included with the installer. Sadly, this program now tries to trick people into installing extra programs, which are largely unnecessary.

 

After downloading it extract the contents and open the SARDU folder. Then open the correct executable for your operating system, either sardu or sardu_x64. Under the Antivirus tab click on whichever antivirus applications you would like to add to your disk. You can add as many or as few as you wish. I would recommend that you scan your computer with at least Dr. Web, Avira AntiVir Rescue System, and Kaspersky Rescue System. One of the nice things about Dr. Web is that it sometimes has the option to replace an infected file with a clean version of it instead of just deleting it. This may allow you to clean some infected systems without crippling the computer. Thus I'd strongly recommend including Dr. Web in your bootable disk.

 

Clicking on the names of the various antivirus applications will often direct you to a page where you can download the ISO for that particular antivirus. Sometimes it will instead give you the option to download it directly through SARDU, which can be found under the Downloader tab. If given the choice always select the option to download the ISO. Also, after downloading the ISO you may need to move it to the ISO folder inside the main SARDU folder. Once you have moved all of the ISO's, for the antivirus products you would like to include, to the ISO folder, you are ready to create the rescue disk. To do this go to the Antivirus tab and make sure that all desired antiviruses have a check next to them. Then either click the button to make a USB or make an ISO. Either will work fine. It just depends on whether you want to run this off of a USB drive or a disk.

 

After creating your rescue disk you will likely need to change the bootup sequence in your BIOS settings to ensure that when you insert the bootable CD, or flash-drive, the computer will boot from it instead of from the normal operating system. Here is a useful article on How To Change the Boot Order in BIOS. For our purposes you should change the order so that the "CD/DVD Rom drive" is first if you want to boot from a CD or DVD, or that "Removable Devices" is first if you want to boot from a flash-drive. Once that's done just follow the advice given in this other article about How To Boot From a CD, DVD, or BD Disc in order to boot from the rescue disk.

 

After booting from the disk you can select whichever antivirus you want to first scan your computer with. As I previously mentioned, I would recommend starting with Dr. Web. Once it's finished, and you have repaired or deleted everything it finds, you should shut down the computer. Then make sure to again boot from the disk and then scan with another antivirus. Continue this process until you have scanned your computer with all of the antivirus programs you have put on the rescue disk.

 

After cleaning your computer with whichever programs you've put on the disk you should now try booting your system into Windows again. If it is able to boot into Windows then check your computer using the advice I give in How to Know If Your Computer Is Infected. If all is well then you can skip to the section about What To Do After All Malware Is Confirmed To Be Removed. Remember that a disabled registry entry is not a risk.

 

If your computer is not yet clean, but you are able to boot into Windows, then I would recommend trying to clean your computer from inside windows, starting from this section of this article and following the suggested methods. However, if your computer is still not able to boot into Windows then again try fixing it by following the advice in this section of an article I wrote about How to Fix a Malware Infected Computer. It should be able to help make your computer bootable again. If even that can't make your computer bootable then try adding even more antiviruses to the boot disk and then rescanning your computer. If doing that still does not work then please read the next section.

 

3. What To Do If The Above Methods Are Unable To Clean Your Computer

 

If you followed all of the above advice and were still not able to clean your computer, but you're convinced that the problems are due to malware, then there's not much more I can do to help. I'm actually hoping that nobody ever reaches this section. This article is meant to allow you to completely clean an infected computer. Thus I'd really appreciate it if you could leave a comment below that explains what you tried to do in order to clean the computer, and what symptoms remain that make you think that your computer is not yet clean. This is very important in order for me to improve the article.

 

You can also seek advice from a specialized malware removal forum. A forum which I have found to be very helpful is MalwareTips. However, if even after seeking help on a malware removal forum your computer is still not free of malware, it may be necessary to format your computer and start over. This means that you will lose anything on the computer which you did not back up. Make sure that if you do this you do a complete format of your computer before reinstalling Windows. This will be able to destroy almost any type of malware. Once Windows is freshly installed please follow the steps in the next section.

 

4. What To Do After All Malware Is Confirmed To Be Removed

 

After confirming that your computer is now clean you can now try to repair any damage that may have been caused. For this I have written an article about How to Fix a Malware Infected Computer. Please follow the advice in this article in order to fix any damage that was caused by the infection. If after doing this your computer is running fine, then you can also open Comodo Autoruns and select the option to delete those registry items you had previously only disabled. This way they will no longer be on your computer at all.

 

Once you have successfully cleaned all infections from your computer, and repaired any leftover damage, you should take steps to ensure that it does not happen again. For this reason I have written a guide about How to Stay Safe While Online. Please read through it and implement whichever methods you feel best fit your needs.

 

After securing your computer you can now restore any of the previously backed up files that were lost during the cleanup process. Hopefully this step is also not necessary. Also, before restoring them make sure that your computer is very well protected. If you don't lock the computer down strongly enough then you may inadvertently infect it and again have to clean the infections from the computer. In addition, if you used a USB drive to transfer any files to the infected computer you can now plug that back into the computer and make sure there is no malware on it. I would recommend doing this by deleting all files left on it.

 

 

 

 

If you have any problems, or are confused by my directions, please leave a comment below and I will try to help you. Trust me, if you are having a problem then so are many others. I need to know this so that I can improve the advice in this article. Also, I do realize that there are a plethora of programs that can be used to clean an infected computer. I have selected these particular programs, and arranged them in such a way as to emphasize their positive qualities while at the same time compensating for their weaknesses, in an attempt to simplify the malware removal process. Please let me know if you see any problems with the approach I have outlined.

In addition, please help by rating this article. If you believe this article deserves anything less than 5 stars, please leave a comment below explaining how you think it can be improved or where you find fault. This article is written by me but fueled by the community. Thus your opinions and advice are not only much appreciated, but actually necessary in order for this article to grow and improve.

 

If you found this article useful then perhaps you'd like to check out some of my others.

Best Free Antivirus Software

How to Avoid Spam

How to Fix a Malware Infected Computer

How to Harden Your Browser Against Malware and Privacy Concerns

How to Install Comodo Firewall

How to Know If Your Computer Is Infected

How to Protect Your Online Privacy

How to Report Dangerous Websites

How to Report Malware or False Positives to Multiple Antivirus Vendors

How to Report Spam

How to Stay Safe While Online

How to Tell if a File is Malicious

How to Tell If A Website Is Dangerous

 

This software category is maintained by volunteer editor Chiron. Registered members can contact the editor with any comments or suggestions they might have by clicking here.

 

Share this
4.706765
Average: 4.7 (133 votes)
Your rating: None

Comments

by salamill on 12. January 2013 - 8:14  (104415)

Excellent material on How to Clean An Infected Computer.

Thanks,

by Chiron on 12. January 2013 - 13:45  (104420)

You're welcome.

Please let me know if you have any questions.

by tavarekere hari... on 12. February 2013 - 4:18  (105322)

i installed malware removal called anti malware in my pc. after i scanned the system it shown results ,after I deleted that infected file i given k without studiying the reboot option.the system restarted but it was not opening desktop it strucked .i have many important files are there in my pc. please help me how to recover my files without reboot.how to open the system? i do not want to perform reboot.please tell me how to open my pc desktop .what instruction i have to follow?

by Chiron on 12. February 2013 - 4:22  (105324)

Please tell me which program you had used. The name of it will be very useful.

Regardless, if what happened was that the scanner incorrectly detected a false positive it may be possible to reboot the computer, but instead boot into Safe Mode. From there you should be able to open the anti-malware scanner and restore the removed files from quarantine.

If that does not work please start a new topic in the forum and send me a link to your new thread. The comments section will prove insufficient to solve this problem if my above advice does not work.

Thanks.

by tavarekere hari... on 12. February 2013 - 5:36  (105326)

sir actually in my system i have installed win7. unfortunately i deleted infected file after scanning with malware remover .i did not study the instruction and i dont know what type of file i deleted. I am trying to open my pc it was not opening .It stopped at resuming windows and structed.what i have tio do now to open my pc desktop?thius is my exact question.some body told that i have to reboot my system.but i have more important files on the pc. please tel me how to open my pc without reboot.some option are there like safemode ,..... i dono exactctly please tel me solution sir.............

by tavarekere hari... on 12. February 2013 - 5:38  (105327)

i observed that it is like some trojan horse .........infested file .thats only i knw sir.what ever it may be sir . i want to open my pc.please tell me the way.

by Anupam on 12. February 2013 - 7:44  (105332)

We do not provide support here in the comments section. Please post the query in the forum.

http://www.techsupportalert.com/freeware-forum/general-computer-support/

by solotexas on 22. February 2013 - 21:42  (105668)

I ran the CCE smart scan...found 1 threat "Modified Hosts" "repair" "small yellow bar". I clicked to repair. Computer rebooted... and the same thing popped up but instead of a "small yellow bar" it shows "a long bar, yellow to red" ending with the word "failed". What should I do?

Ignore and continue my way towards "kill switch"?

CCE has no way of showing me where the file is located?

by Chiron on 23. February 2013 - 23:54  (105710)

If that was the only problem it found I would recommend just moving on to the next step. If nothing else shows problems, and your computer is acting normally, then I wouldn't be too worried. This is saying that your hosts file was modified. This is sometimes done by malware to redirect you to nefarious sites. However, if you aren't seeing any behavior like this then I wouldn't be too worried.

I'm not sure why it wasn't able to repair it, but if there are no other problems then I wouldn't be too concerned.

by JoeRS on 28. March 2013 - 6:53  (106592)

Good material, but not all recommended software in this article are the best solutions for cleaning.

by Chiron on 28. March 2013 - 12:28  (106603)

Can you please let me know what you advise?

by frankharding on 3. April 2013 - 18:12  (106783)

Hey guys....

I've always liked Gizmo's site, and Chiron reminds me of myself 35 years ago (when most of you weren't even born and I was doing stuff in Labs that I can't even tell you about...LOL), an obvious IT-genius with great communication skills and a fabulous heart.....

But REALLY, once you've sussed your PC is infected (or done so on behalf of anyone else), forget ALL these anti-virus sellers/fixers and just backup your data then reinstall.....

There ISN'T, never HAS nor ever WILL be, an anti-virus nor anti-malware program that guys like me can't beat......

I'm one of the good guys, lots of us aren't, so just be careful out there......(smile)

by Chiron on 3. April 2013 - 18:46  (106785)

Thank you for your compliments, although I am certainly far from being an IT-genius.

I do understand what you mean as to how it's perhaps not worth it to try to infect a PC. Once a malware is in the kernel it may be all over. At that point you're essentially down to signature based scanners (likely from removable drives). It's often possible to clean these computers, although certainly not easy, but by far the best choice of action is to prevent this scenario from every occuring.

By the way, if you are able to bypass the settings I advise for Comodo Internet Security in this article:
http://www.techsupportalert.com/content/how-install-comodo-firewall.htm
please let me know so I can pass it on to the Comodo devs and have it addressed.

Thank you.

by 4toddt on 10. April 2013 - 17:37  (106968)

I've bookmarked this article because of the many helpful tips. However, I have to agree with frankharding that in many cases it is quicker and easier to just back up your data and do a clean install of Windows.

by Nikil_Patel on 3. May 2013 - 12:51  (107443)

This problem can be fixed using Norton Power Eraser, Here's the link to download NPE - http://us.norton.com/support/DIY/

by Chiron on 3. May 2013 - 15:34  (107445)

I had considered using Norton Power Eraser. However, I thought that in addition to all of the other tools this would be overkill.

Can you explain to me why you believe it would be a good addition? Also, do you think it should be added, or that it should replace another tool?

Thank you.

by f0xx396 on 25. July 2013 - 23:46  (109609)

Why has avast 8, flagged Tdsskiller as malware?.....it has quarantined some files as "tsk0001.dta", this occurred while running tdsskiller. Even more perplexing is that it found rootkits which avast missed. The popup malware warning on avast clearly said tdsskiller. So while avast is quarantining one side while tdss is open and running I was expecting a blue screen and messed up hard drive but fortunately the computer rebooted fine.

I'm using avast 8.0.1483 with recent update on 12/7/2013.

by Chiron on 26. July 2013 - 3:27  (109616)

It's common for AV's to flag Tdsskiller as malware. This is a false positive due to the way Tdsskiller works, and the fact that new versions are constantly being released.

Please report this as a false positive to Avast.

Thanks.

by realgamer on 5. September 2013 - 1:33  (110530)

hi i have been with my infection for about 2 or 3 years now i am certain that it is a virus even my local computer store said so the problems includ

* not being able to access anything in my start menu
* not being able to download,update, or even install/upload things from a flashdrive or other SAFE things over the internet

[email address removed - not permitted]

by Chiron on 5. September 2013 - 2:19  (110531)

Did you follow the advice in my article? If so, what were the results?

If you followed the advice, but your computer is still infected, please create a new topic for this in the forums. Then contact me via the contact form and send me a link to your newly created topic. I can help you through that topic.

Thanks.

by ethanallen on 4. October 2013 - 9:21  (111243)

Thanks for your information...

by Chiron on 4. October 2013 - 16:40  (111250)

You're very welcome.

Please let me know if you have any questions, or comments, about the information in this article.

Thanks.

by HappyMe on 8. October 2013 - 0:43  (111307)

I had this Virus remover download and is really is a malware. Won't let me access the intrnet unless Ipurchase it.
can we sue the maker?

It is Antivirus for sale software with a file name Xlpggpn3
Can not delete it or remove it from my computer.

by Chiron on 8. October 2013 - 3:37  (111310)

Are the methods I advise in this article not able to remove it? If it is malicious I would think that its processes should show as unknown in KillSwitch.

by hvmbc_90 on 3. February 2014 - 2:58  (114195)

Problem #1: The one process that was marked FLS.unknown (!SASCORE.EXE) won't go away. I hit kill process, it would momentarily disappear, and then it would reappear with a new PID. Does this sound like malware behavior, or just a glitch? I know that the file is probably outdated SuperAntiSpyware stuff, but isn't it common for malware to use outdated software as a loophole/place to hide?

Side note 1, the only way to make this process disappear for good was to disable the same file via Autoruns.

Side note 2, is there a difference between !SASCORE.EXE and SASCORE.EXE? It seems that when I jump to file, the filename loses the exclamation mark. Is this important, or does it not affect the location of the file?

Problem #2: After running the CCE Smart Scan, two system repairs came up. Disabled Security Center, and Modified Hosts. After restart, the final result shows Disabled Security Center as OK and Modified Hosts as Failed. What does this mean?

by Chiron on 9. February 2014 - 2:58  (114338)

In terms of deciding whether the file you mentioned is dangerous or not, if you have SuperAntiSpyware on your computer my guess would be that it is related to that. However, it's best to make sure. If you like you can create a topic for this on the forums. Then send me a link to the forum post via my contact form.

For the CCE Smart Scan, the Modified Hosts could be due to a lot of things. It is not always able to be fixed with CCE. Again, it is probably best if this is investigated through the forum.

Thank you.

by Viper6 on 3. March 2014 - 1:22  (114749)

Hey folks.

Just curious if anybody can provide some assistance with a frustrating issue I am having.. I recently ran a malwarebytes full scan and removed what it found.. Everything seemed to be fine until I rebooted my computer. It will now boot to the windows desktop and hang.. I can see my icons and everything looks fine but programs fail to load and I cannot click on anything.. Sometimes it will load fine (able to click icons and programs) but no internet connection.. If I hardboot the pc into safemode and restart from there it boots normally into windows and runs great.. May be important to note that I experience the start up issues after a shutdown and start back up. A normal restart or closing the laptop and reopening is normal.. OS = Windows 7.

Any suggestions/ideas would be great.

Thanks.

by Chiron on 20. March 2014 - 22:50  (115162)

It is very difficult to troubleshoot problems like this from the comments section. Please start a new topic for this in the techsupportalert forums. Then send me a link to the topic via my contact page. From there we can try to figure this out, unless you are no longer experiencing the problem.

Thanks.

by markboy on 24. June 2014 - 18:36  (116904)

I still use a Windows XP and I have been looking for a good software to protect and preserve my PC and I came across a software called Rollback XP which is a freeware for Windows XP machines. I use to use Deep Freeze but it got too pricy and I found an alternative that lets me do a little more for free!

by Mona_World on 28. June 2014 - 9:44  (116985)

when i am choosing the vulnerability scan option in kaspersky it is detecting 1 vulnerabilities but when i click on detected vulnerabilities it shows nothing. what to do? how this problem can be solved? please help me. my computer is behaving crazily. sometimes it shut downs automatically, sometimes the monitor connection is gone and also the hdd led red light is off but cpu power switch is still running and also the smps monitor is running. so i hav to shutdown the cpu forcefully and restart it. please help me to come out from this situation.

Gizmo's Freeware is Recruiting!

Gizmos Needs YouShare your knowledge of free software with millions of Gizmo's readers by joining our editing team.  Details here.