How to Clean An Infected Computer

 

The truth is that it's a lot easier to keep a computer malware free than it is to clean one that is already infected. However, with the advice given in this article you should be able to remove any type of malware from your computer and get it back to working order. The main problem with most malware removal guides is that you have no way of knowing if all of the infections were removed. However, with my approach you can easily tell if even just running a single scanner was able to entirely clean the infection. Thus, this can save you the hassle of having to run many different scanners and the uncertainty of whether your computer is really malware free.

 

Make sure you follow this article in order so as to clean the infections with as little work as possible. The idea is that most people won't have to go any further than the first approach in order to clean their computers of active malware. Thus, effectively this article is actually much shorter than it appears to be.

 

However, before attempting to remove any infected files you should first back up all important files. These may include documents, pictures, videos, etc... This way if anything goes wrong with the cleaning process, which is a very real possibility, your important documents will still be intact. However, do not include any program files as it is possible that these may be infected. Please note that if your computer cannot boot you should follow the advice on this page in order to back up all important files. Also, while cleaning the computer it's important to remember that all scanners can sometimes be guilty of false positive detections. Therefore, before removing any files which you believe could possibly be safe, you should check them using the methods I discuss in How to Tell if a File is Malicious.

Changelog:

5/23/2014-Added link to Best Free Antivirus Software article.

 

Index

1. Make Sure Computer Is Actually Infected

2. How To Clean Your Computer And Make Sure It's Actually Clean

    ​A) Clean Computer With CCE and TDSSKiller

    BIf Still Not Clean Then Scan With HitmanPro, Malwarebytes, And Emsisoft Anti-Malware

    C) If Needed Try These More Time Consuming Methods

    D) If Necessary Make A Bootable Disk

3. What To Do If The Above Methods Are Unable To Clean Your Computer

4. What To Do After All Malware Is Confirmed To Be Removed

 

1. Make Sure Computer Is Actually Infected

 

Before attempting to clean any infections from your computer it's important to make sure that the computer is actually infected. To do this please follow the advice I give in How to Know If Your Computer Is Infected. If the results of this do in fact show that your computer is infected then continue to follow the steps in the next section. Make sure that you follow them in order.

 

2. How To Clean Your Computer And Make Sure It's Actually Clean

 

Please note that advanced users may just want to skip to the last part about how to Make A Bootable Disk and clean the computer that way. This approach is the one which is most powerful, but it is also one of the more time consuming approaches. That said, if you wish you can jump directly to that section and then come back to the beginning again if the infection is not entirely removed.

 

A) Clean Computer With CCE and TDSSKiller

Download Comodo Cleaning Essentials (CCE) from this page. Make sure to select the correct version for your operating system. If you're not sure if your computer is running a 32 or 64 bit operating system then please see this FAQ. Also, download Kaspersky TDSSKiller from this page. Note that if neither will not download correctly, or your internet connection is not working, you should download them on another computer and transfer them to the infected one via a flash drive. Make sure there were no other files on the flash drive. Be careful with the flash drive as the malware may actually infect it when you plug it into the computer. Thus, don't plug it into any other computers after transferring these programs. Also, I would like to point out that both programs are portable. This means that once you're done using them no uninstall is required. Just delete their folders and they will be gone.

 

After downloading CCE unzip the file, open the folder for CCE, and double click on the file called CCE. This will open the main program for Comodo Cleaning Essentials. If it refuses to open then hold down the shift key and, while still holding it down, double click on the file called CCE. After CCE has successfully opened you can let go of the shift key. However, do not let go of it until the program has fully loaded. If you let go of it even during the UAC popup it may not be able to forcefully open correctly. Holding down shift should allow it to open, even on heavily infected computers. It does this by killing most of the unnecessary processes that could be interfering with its launch. If it still will not launch then download and run a program called RKill. This can be downloaded from this page. This program will terminate known malicious processes. Thus, after running it CCE should be able to open fine.

 

Once it's opened perform a "Smart Scan" with CCE and quarantine anything it finds. This program also scans for system changes which may have been caused by malware. These will be shown with the results. I would advise letting it fix these as well. Restart your computer when prompted. After the computer restarts run Kaspersky TDSSKiller, perform a "Smart Scan", and quarantine anything it finds. If anything was quarantined restart your computer once more.

 

Also, if your internet connection was previously not working please check again to see if it is now working. If not then you should go to this section of my guide about How to Fix a Malware Infected Computer and follow the advice given to fix your internet connection. A working internet connection is required for the remaining steps of this section.

 

Once you have verified that your internet connection is working, again open CCE. Hopefully it will open up normally this time, but if not then open it while holding down shift. Then open up KillSwitch from the tools menu in CCE. In KillSwitch, select the option to "Hide Safe Processes" from the "View" menu. Then right click on all processes which are flagged as suspicious or dangerous and select the option to delete them. You should also right click on any unknown processes that remain and select the option to "Kill Process". Do not delete processes flagged as FLS.Unknown. Next, open up Comodo Autoruns from the tools menu in CCE, and select the option to "Hide Safe Entries" from the "View" menu. Then disable any entries belonging to files which are flagged as suspicious or dangerous. You can do this by making sure the check box next to the entries is unchecked. You should also disable any entries flagged as FLS.Unknown, but which you believe likely belong to malware. Do not delete any entries. 

 

Now restart your computer. After it reboots, again check your computer using the advice I give in How to Know If Your Computer Is Infected. If all is well then you can skip to the section about What To Do After All Malware Is Confirmed To Be Removed. Remember that a disabled registry entry is not a risk. Also, note that even if your computer is found to be clean of active infections there could still be pieces of malware on your computer. These are not dangerous, but don't be surprised if running another scanning program still detects malware on your computer. These are the inactive remnants of what you have just removed. If you are not comfortable having these remnants on your computer then you can remove the vast majority of them by scanning with the programs in the next section.

 

However, if your computer is not yet clean of active infections, but at least one of the programs was able to run, then go through the steps outlined in this section once more and see if that is able to remove the infections. However, if neither program was able to run please continue to the next section. In addition, if even following the advice in this section a second time is not enough to clean your computer you should continue to the next section.

 

B) If Still Not Clean Then Scan With HitmanPro, Malwarebytes, And Emsisoft Anti-Malware

If the above steps failed to fully remove the infections then you should download HitmanPro from this page. Install the program and run a "Default Scan". Note that if it will not install please continue to the next paragraph and install Malwarebytes. During the installation of HitmanPro, when asked I would recommend you choose the option to only perform a one-time check of the computer. This should be suitable for most users. Also, if malware prevents it from loading correctly then open the program while holding down the CTRL key until the program is loaded. Quarantine any infections it finds. Please note that this program will only be able to remove infections for 30 days after it is installed. During removal you will be asked to activate the trial license.

 

Once all detected infections are removed by HitmanPro, or if Hitman Pro refused to install, you should download the free version of Malwarebytes from this page. Note that it has chameleon technology which should allow it to even install on computers which are heavily infected. During installation I would advise that you uncheck the box to "Enable free trial of Malwarebytes Anti-malware Pro". Make sure that it is fully updated and then run a quick scan. Quarantine any infections that it finds. If asked by either program to restart your computer, make sure that you restart it.

 

Next download Emsisoft Emergency Kit from this page. Once it's finished downloading, extract the contents from the zip file. Then double click on the file called "start" and open the "Emergency Kit Scanner". When prompted allow it to update the database. Once it's updated select the option to go "Back To Security Status". Then go to "Scan now" and select the option to perform a "Smart Scan". Once the scan is complete quarantine all detected items. Restart whenever required.

 

After scanning your computer with these programs you should restart your computer. Then once again check your computer using the advice I give in How to Know If Your Computer Is Infected. If all is well then you can skip to the section about What To Do After All Malware Is Confirmed To Be Removed. Remember that a disabled registry entry is not a risk. However, if your computer is not yet clean then go through the steps outlined in this section once more and see if that is able to remove the infections. If the programs in part A of this section were previously not able to run correctly you should go back and try and run them again. If none of the above programs were able to run correctly please boot into Safe Mode with Networking and try scanning from there. However, if they were able to run correctly, and threats still remain even after following the advice in this section a second time, then you should continue to the next section.

 

C) If Needed Try These More Time Consuming Methods

If the above steps were not able to completely remove the infection then you likely have some very inhospitable malware inhabiting your machine. Thus the methods discussed in this section are much more powerful, but will take much longer to complete. The first thing I would advise doing is to scan your computer with another anti-rootkit scanner called GMER. It can be downloaded from this page. Remove anything shaded in red. Make sure you do click on the Scan button once the program has finished its quick analysis of the system. Also, if you're running a 32 bit operating system you should download a program to scan for and remove the ZeroAccess rootkit. Information about this rootkit, and a link to a program to remove it from 32 bit systems, can be found on this page. The AntiZeroAccess tool can be downloaded from the link in the second paragraph.

 

After scanning with the above programs you should next open CCE, go to the options, and select the option to "Scan for suspicious MBR modification". Then select OK. Now perform a full scan with CCE. Restart where requested and quarantine anything it finds. Note that this option can be relatively dangerous as it could possibly identify problems where there are none. Use it carefully and make sure everything important is already backed up. Note that in rare cases scanning with these options may render your system unbootable. This rarely happens, but even if it does it should be fixable. If running this scan renders your computer unbootable please see this section of an article I wrote about How to Fix a Malware Infected Computer. It should be able to help make your computer bootable again. 

 

Once CCE has completely finished, again open up CCE while holding down the SHIFT key. This will kill most unnecessary processes which may be interfering with your scans. Then open KillSwitch, go to "Tools", and choose the option to "Hide Safe Processes". Now, once again delete all dangerous processes. Then, you should also right click on any unknown processes that remain and select the option to "Kill Process". Do not delete them. You should follow the advice in this paragraph each time you restart your computer in order to make sure that the following scans are as effective as possible.

 

After killing all processes not verified to be safe you should open HitmanPro while holding down the CTRL key. Then perform a "Default Scan" and quarantine anything it finds. Then perform full scans with Malwarebytes and Emsisoft Emergency Kit. Quarantine anything they find. Then download the free version of SUPERAntiSpyware from this page. During installation be very careful as other programs come bundled with the installer. On the first page make sure to uncheck both options about adding Google Chrome. Then click on the option for "Custom Install". During the custom install you will once again have to uncheck two boxes about adding Google Chrome.

 

Other than that the program will install fine. When asked I would recommend that you decline the option to start a free trial. Once the program is fully loaded select the option to do a Complete Scan and click on the button to "Scan your Computer...". Then click on the button to "Start Complete Scan>". Remove all detected files and restart wherever required.

 

After following these steps you should restart your computer. Then once again check your computer using the advice I give in How to Know If Your Computer Is Infected. If all is well then you can skip to the section about What To Do After All Malware Is Confirmed To Be Removed. Remember that a disabled registry entry is not a risk. However, if your computer is still not clean then go through the steps outlined in this section once more and see if that is able to remove the infections. If it is not then you should continue to the next section.

 

D) If Necessary Make A Bootable Disk

If the above methods were not able to completely remove the infection, or you cannot even boot your computer, then you may need to use a bootable CD/Flash-Drive, also called a bootable disk, to clean your computer. I know this may sound complicated, but it's really not that bad. Just remember to create this disk on a computer that is not infected. Otherwise the files may be corrupted or even possibly infected.

 

Because this is a bootable disk no malware can hide from it, disable it, or interfere with it in any way. Thus scanning in this way, with multiple programs, should allow you to clean almost any machine, no matter how infected it may be. One exception to this is if the system files on the machine have themselves been infected. If this is the case then removing the infection may cripple the machine. It's largely for that reason that you backed up all important documents before starting the cleaning process. That said, sometimes it's possible to get around that by following the advice I give below.

 

To do this you should download the Shardana Antivirus Rescue Disk Utility (SARDU). This is an excellent program which will allow you to create a single rescue disk with multiple antivirus programs on it. It also has many other useful functions, which I will not be discussing in this article. A few very useful tutorials for SARDU can be found on this page. Be very careful about the added offers now included with the installer. Sadly, this program now tries to trick people into installing extra programs, which are largely unnecessary.

 

After downloading it extract the contents and open the SARDU folder. Then open the correct executable for your operating system, either sardu or sardu_x64. Under the Antivirus tab click on whichever antivirus applications you would like to add to your disk. You can add as many or as few as you wish. I would recommend that you scan your computer with at least Dr. Web, Avira AntiVir Rescue System, and Kaspersky Rescue System. One of the nice things about Dr. Web is that it sometimes has the option to replace an infected file with a clean version of it instead of just deleting it. This may allow you to clean some infected systems without crippling the computer. Thus I'd strongly recommend including Dr. Web in your bootable disk.

 

Clicking on the names of the various antivirus applications will often direct you to a page where you can download the ISO for that particular antivirus. Sometimes it will instead give you the option to download it directly through SARDU, which can be found under the Downloader tab. If given the choice always select the option to download the ISO. Also, after downloading the ISO you may need to move it to the ISO folder inside the main SARDU folder. Once you have moved all of the ISO's, for the antivirus products you would like to include, to the ISO folder, you are ready to create the rescue disk. To do this go to the Antivirus tab and make sure that all desired antiviruses have a check next to them. Then either click the button to make a USB or make an ISO. Either will work fine. It just depends on whether you want to run this off of a USB drive or a disk.

 

After creating your rescue disk you will likely need to change the bootup sequence in your BIOS settings to ensure that when you insert the bootable CD, or flash-drive, the computer will boot from it instead of from the normal operating system. Here is a useful article on How To Change the Boot Order in BIOS. For our purposes you should change the order so that the "CD/DVD Rom drive" is first if you want to boot from a CD or DVD, or that "Removable Devices" is first if you want to boot from a flash-drive. Once that's done just follow the advice given in this other article about How To Boot From a CD, DVD, or BD Disc in order to boot from the rescue disk.

 

After booting from the disk you can select whichever antivirus you want to first scan your computer with. As I previously mentioned, I would recommend starting with Dr. Web. Once it's finished, and you have repaired or deleted everything it finds, you should shut down the computer. Then make sure to again boot from the disk and then scan with another antivirus. Continue this process until you have scanned your computer with all of the antivirus programs you have put on the rescue disk.

 

After cleaning your computer with whichever programs you've put on the disk you should now try booting your system into Windows again. If it is able to boot into Windows then check your computer using the advice I give in How to Know If Your Computer Is Infected. If all is well then you can skip to the section about What To Do After All Malware Is Confirmed To Be Removed. Remember that a disabled registry entry is not a risk.

 

If your computer is not yet clean, but you are able to boot into Windows, then I would recommend trying to clean your computer from inside windows, starting from this section of this article and following the suggested methods. However, if your computer is still not able to boot into Windows then again try fixing it by following the advice in this section of an article I wrote about How to Fix a Malware Infected Computer. It should be able to help make your computer bootable again. If even that can't make your computer bootable then try adding even more antiviruses to the boot disk and then rescanning your computer. If doing that still does not work then please read the next section.

 

3. What To Do If The Above Methods Are Unable To Clean Your Computer

 

If you followed all of the above advice and were still not able to clean your computer, but you're convinced that the problems are due to malware, then there's not much more I can do to help. I'm actually hoping that nobody ever reaches this section. This article is meant to allow you to completely clean an infected computer. Thus I'd really appreciate it if you could leave a comment below that explains what you tried to do in order to clean the computer, and what symptoms remain that make you think that your computer is not yet clean. This is very important in order for me to improve the article.

 

You can also seek advice from a specialized malware removal forum. A forum which I have found to be very helpful is MalwareTips. However, if even after seeking help on a malware removal forum your computer is still not free of malware, it may be necessary to format your computer and start over. This means that you will lose anything on the computer which you did not back up. Make sure that if you do this you do a complete format of your computer before reinstalling Windows. This will be able to destroy almost any type of malware. Once Windows is freshly installed please follow the steps in the next section.

 

4. What To Do After All Malware Is Confirmed To Be Removed

 

After confirming that your computer is now clean you can now try to repair any damage that may have been caused. For this I have written an article about How to Fix a Malware Infected Computer. Please follow the advice in this article in order to fix any damage that was caused by the infection. If after doing this your computer is running fine, then you can also open Comodo Autoruns and select the option to delete those registry items you had previously only disabled. This way they will no longer be on your computer at all.

 

Once you have successfully cleaned all infections from your computer, and repaired any leftover damage, you should take steps to ensure that it does not happen again. For this reason I have written a guide about How to Stay Safe While Online. Please read through it and implement whichever methods you feel best fit your needs.

 

After securing your computer you can now restore any of the previously backed up files that were lost during the cleanup process. Hopefully this step is also not necessary. Also, before restoring them make sure that your computer is very well protected. If you don't lock the computer down strongly enough then you may inadvertently infect it and again have to clean the infections from the computer. In addition, if you used a USB drive to transfer any files to the infected computer you can now plug that back into the computer and make sure there is no malware on it. I would recommend doing this by deleting all files left on it.

 

 

 

 

If you have any problems, or are confused by my directions, please leave a comment below and I will try to help you. Trust me, if you are having a problem then so are many others. I need to know this so that I can improve the advice in this article. Also, I do realize that there are a plethora of programs that can be used to clean an infected computer. I have selected these particular programs, and arranged them in such a way as to emphasize their positive qualities while at the same time compensating for their weaknesses, in an attempt to simplify the malware removal process. Please let me know if you see any problems with the approach I have outlined.

In addition, please help by rating this article. If you believe this article deserves anything less than 5 stars, please leave a comment below explaining how you think it can be improved or where you find fault. This article is written by me but fueled by the community. Thus your opinions and advice are not only much appreciated, but actually necessary in order for this article to grow and improve.

 

If you found this article useful then perhaps you'd like to check out some of my others.

Best Free Antivirus Software

How to Avoid Spam

How to Fix a Malware Infected Computer

How to Harden Your Browser Against Malware and Privacy Concerns

How to Install Comodo Firewall

How to Know If Your Computer Is Infected

How to Protect Your Online Privacy

How to Report Dangerous Websites

How to Report Malware or False Positives to Multiple Antivirus Vendors

How to Report Spam

How to Stay Safe While Online

How to Tell if a File is Malicious

How to Tell If A Website Is Dangerous

 

This software category is maintained by volunteer editor Chiron. Registered members can contact the editor with any comments or suggestions they might have by clicking here.

 

Share this
4.7
Average: 4.7 (130 votes)
Your rating: None

Comments

by bernardz on 14. March 2012 - 14:55  (90589)

I get a lot of machines infected at work and I am suppose to fix them. My main method that works almost every time is to get Kaspersky to run on the machine. Then let it clean it up.

SUPERAntiSpyware is also very good.

If you cannot run them because the virus will not let you, try renaming them to iexplorer.exe and run that.

by Chiron on 14. March 2012 - 22:30  (90622)

Are you talking about this:
http://support.kaspersky.com/viruses/avptool2011?level=2

I thought about recommending this, but I thought it might be overkill.

Also, my first post is only that complicated because I believe it's important that once you're done cleaning you should make sure the computer is actually clean. Thus, since I recommend using those programs to check anyway, I thought it made the most sense to start cleaning with them. That way it could overall save time and effort. They're also very powerful and I expect that most infections will be able to be removed with them.

I realize that there are a large number of very good programs that can be used to clean an infected computer. In fact I could probably just tell people to use the Kaspersky tool, Malwarebytes, and GMER and most computers would be clean.

However, I'm trying to develop an approach which can clean any computer with the smallest amount of effort necessary. It's a tricky task and if you have any advice for how to improve my method I'd really appreciate the help.

Also, I'll consider adding the Kaspersky tool in the next rewrite.

Thanks.

by bernardz on 15. March 2012 - 4:38  (90635)

I would suggest that you add the following to your procedures, after you have cleaned the machine, take the antivirus program that you intend to use, remove it if it is there and install it again. The virus in my experience has frequently damaged the existing antivirus program.

My favourite now to install is MSE because it is free, and because it does not take much juice from the computer.

by Chiron on 15. March 2012 - 14:12  (90653)

That's a very good point. I'll add it in the next rewrite.

Thank you.

by sbwhiteman on 25. March 2012 - 12:05  (91120)

As I understand it, Malwarebytes makes use of temp files in its analysis of infections and is less effective if temp files are deleted beforehand. It wouldn't surprise me if this were true of other cleaning tools as well.

So I make a point of not deleting temp files until after I've run Malwarebytes and HitmanPro at least.

by Chiron on 25. March 2012 - 16:40  (91131)

I wasn't aware of that. Can you please point me towards where I can find more information about this?

Thanks.

by sbwhiteman on 25. March 2012 - 17:48  (91139)

My recollection is that a Malwarebytes person stated this in a reply to a post on Wilders security forum. Unfortunately a quick search doesn't turn it up, so I'm afraid I can't be more specific. I would think a question posted on the Malwarebytes forum would resolve things.

Regards.

by Chiron on 13. April 2012 - 15:41  (92025)

Okay, I posted your question on the Malwarebytes forum and got these responses:
http://forums.malwarebytes.org/index.php?showtopic=108587

It appears that it doesn't help Malwarebytes to clean the computer any better, but removing the temp files may delete some data which you will need for repairing the computer.

Because of this during my next rewrite I'll change my advice to no longer remove the temp files.

by sbwhiteman on 13. April 2012 - 15:54  (92028)

Thanks for following up.

by Chiron on 29. April 2012 - 18:11  (92772)

Hello, I've updated the article (largely to make it more user friendly for less advanced users).

Please let me know what you think of it.

Thanks.

by Katsan (not verified) on 24. July 2012 - 4:06  (96573)

Thank you many times over Chiron! I went for the simplest method because I had already spent a lot of time trying to remove a browser hijacker. Other sites had me searching and deleting items in the registry editor which worsened the situation. The only snag I ran into was trying to download RKill which the hijacker may have recognized and so wouldn't let me. I tried one of the renamed versions and that worked. Afterwords, I installed MSE which is working well and seems to be compatible with Malwarebytes.

by George.J on 31. July 2012 - 7:45  (96925)

Here's a software from BleepingComputer that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections.

RKill

MalwareBytes has Chameleon technology that lets you to run it even on infected systems.

by Chiron on 1. August 2012 - 1:39  (96976)

Thank you for pointing out RKill.

I am aware of it, and even included it in a previous version of this article. However, KillSwitch does much the same sort of thing. Therefore, at least for the time being, I've decided to just continue using KillSwitch.

by Chiron on 1. August 2012 - 1:40  (96977)

Thank you.

Please let me know if you run into any problems.

by eikelein on 1. August 2012 - 11:54  (97005)

I only wonder how long all that would take on older (say 6+ years) XP system with 512MB (or worse only 256MB)?

If a new computer is out of the question then more memory, re-install, install SP2 & SP3 from CDs would be faster, wouldn't it?

On an older computer I will always make the customer consider cost of cleaning and then trying to keep up in Chicago rush hour traffic with a Ford Model T versus a new computer for less than $400.

This new basic Win7 machine is in every aspect technically more than twice what the old XP machine was.

by imanerd11 on 1. August 2012 - 17:25  (97030)

Sometimes I personally find that removing an infected program's registry entries, startup entries, associated drivers, folders, files, etc., manually, works better than virus removal tools since they usually miss a few things and aren't appropriately equipped with the necessary detection methods and removal methods to deal with today's confickers, trojans, etc. But I would only suggest this for an advanced user, not that I'm super super-advanced, but.

Also I find, if anyone IS planning on finding autorun entries easily in the registry, to use something called Registry commander. It shows all autorun entries by just clicking an option in one of the menu bar selections. Regedit doesn't do that which is part of the reason I switched, along with a disliking of almost the entire interface.

Also I know Winpatrol (which was actually posted about on techsupportalert recently I know), shows the secret startup locations that you MIGHT not get with registry commander since it probably only shows the ones in the key alotted to legitimate autorun entries by Microsoft. I speak of this since some viruses use dummy registry values and basically put 1 inside of another. Though to be honest, I'm not entirely sure if winpatrol's "display secret startup locations" toggle option refers to that or not, so I can't say for certain.

Again only edit the registry if you know what you're doing since you could seriously mess things up, should you delete something vital or change a value of something that is best left... shall we say ... ... "untouched" to say the least in most cases.

by Jim Carter (not verified) on 1. August 2012 - 18:29  (97037)

I remove malware professionally and in the vast majority of cases I start with bootable media. Unless your PC is older than dirt, it should be capable of booting from a flash drive. I recommend an 8GB drive (no U3 drives) and an application called YUMI. I've tried all of the applications that create bootable CDs/DVDs/flash drives and YUMI is the best, most versatile, etc. Some PCs need extra encouragement to boot from USB. That comes in the form of launching a device start up menu at boot time. Different manufacturers...different keys for launching: ESC, F8, F9.

Before venturing into a massive malware removal project, I like to image the hard drive first in the event my methodology disables the OS (rarely happens). Definitely include the following on your YUMI drive: Redo (for drive imaging), Kaspersky (always my first or second choice for malware removal), Avira, and Parted Magic. I don't use Parted Magic to remove infections, but it has so many other uses you should just add it to your toolkit.

by Chiron on 1. August 2012 - 19:35  (97052)

Actually, the idea of this article is that you don't have to go through everything mentioned. In fact, hopefully you will only have to follow the first removal section in order to clean your computer.

Therefore I would hope that my approach would work well on both old and new computers.

by Chiron on 1. August 2012 - 19:37  (97053)

Actually, my article does advise that users essentially do this. The programs I am using to accomplish this are Comodo KillSwitch Comodo Autoruns. Both provide the option to hide all files known to be safe, and they have a very large whitelist.

Please read through my advice and see if you think it's robust enough to clean most infections, but safe enough to not destroy the computer. I believe it is but I'd really like to hear what others think of it.

Thanks.

by Chiron on 1. August 2012 - 19:49  (97055)

In the article I recommend that users use SARDU to create a bootable disk with multiple antiviruses. I do in fact already recommend Kaspersky and Avira be included, although Dr. Web would be my first choice because of its ability to replace some infected files with clean ones. Do you know if Kaspersky or Avira can do that?

Also, I haven't seen any problems with using SARDU. Can you please mention why you believe YUMI is better than it? Sorry, I have no first-hand experience with YUMI.

Also, you have a good point about how often it's a good idea to start with a bootable disk and continue from there. I'll make sure to include that advice, as an option, in the next version of this article.

Thanks.

by Al (not verified) on 1. August 2012 - 20:02  (97059)

This is an excellent and thorough article. I hope never to need to use it, but it is always good to know where the "first aid kit" is if an emergency should ever occur. Many thanks for all your hard work in putting this information together in such detail.

by Chiron on 1. August 2012 - 20:05  (97060)

Thank you very much for your kind words.

Hopefully more people read my article about How To Stay Safe Online:
http://www.techsupportalert.com/content/how-stay-safe-while-online.htm-0
and therefore don't have to read this one. :)

by Chiron on 2. August 2012 - 14:53  (97113)

I've updated the article.

Please let me know what you think of the newest version.

by Jeroen Hensing (not verified) on 4. August 2012 - 7:37  (97198)

Thanks for this very thorough article, all looks good to me. Advised it to my friends on G+.

by Chiron on 4. August 2012 - 17:46  (97214)

Thank you very much. Hopefully none of them need it. :)

Please let me know if you have any questions.

by Bob Edey (not verified) on 6. August 2012 - 0:18  (97258)

Having had some sorry experiences recently with malicious software your articles are the best I've read in a search to learn more and what can be done about infected computers.

I began your recommended procedures and on completing the CCE Smart Scan it indicated there was 1 threat they identified as "Modified Hosts". As per your advise to not attempt removing anything until contacting CCE analysts with a false positive. They request I enter/download a file which I assume is the identified threat but I've no idea how to find copy and forward the threat file.

Hope you might eb able to refer me to an article that will enable me to identify and send along the threat file they are requesting.

MalwareBytes scan indicate there are no infections.

With thanks,

Bob Edey
Mahone Bay, NS

by Chiron on 6. August 2012 - 16:19  (97293)

Actually, that is the advice I give in the related article about How to Know If Your Computer Is Infected:
http://www.techsupportalert.com/content/how-know-if-your-computer-infect...

Are you trying to follow that article?

My advice would be that once you know that your computer is infected it's relatively safe to allow these programs to clean, and in this case repair, whatever they find. Regardless, I've now modified this article to make that more clear. You can allow it to repair whatever it finds. There's no need to report unwanted system modifications to Comodo analysts for analysis. You can just let the program fix it.

Please let me know if you have any other questions.

Thanks.

by lynn houston (not verified) on 9. August 2012 - 4:53  (97446)

How do you then UNinstall the 2 programs you suggested we install (CCE and TDSSKILLER)? Neither shows up in install/uninstall programs and there is no uninstall exe in the program files.

by Chiron on 9. August 2012 - 13:39  (97463)

Thanks for pointing this out. I've just updated the article to explain this.

Both programs are portable. Thus, they don't even install to your computer. You can just delete their folders and they will be gone.

Please let me know if you have any other questions.

by lynn houston (not verified) on 9. August 2012 - 19:53  (97480)

Thanks. They kept wanting permission to start at startup and I kept telling winpatrol to not let them. They finally gave up, but it was annoying so I wanted to get rid of them as long as not needed. Good article. When my computer starts running slow, I often wonder if something has invaded, good to know I'm "clean".

Gizmos Needs You

Gizmo's Freeware is Recruiting

 We are looking for people with skills or interest in the following areas:
 -  Mobile Platform App Reviews for Android and iOS
 -  Windows, Mac and Linux software reviews       Interested? Click here