Spyware Removal Guide

 
Introduction

This malware removal guide provides guidance on how to remove malware from your computer. Malware is a general name of any malicious software, including virus, trojan, worm, spyware, adware, keylogger, dialer and rootkit, that tries to damage a system, steal financial data, or perform other such malicious behaviour.

Common symptoms of malware include popup ads on your desktop, programs you did not install appearing, redirection to particular pages when you open your browser, changes in system or browser settings such as your browser home page or general sluggishness. However, there is an increasing amount of malware which attempt to remain hidden on your computer. So even if you do not think you are infected this guide is useful to check that your computer is clean from virus and spyware.

Bear in mind malware is not the only cause for a slow computer. I suggest you also read Tune Up Utilities Kit and follow the instructions to see if it speeds up your slow computer.

Discussion

Other Ways of Recovery

The only way to ensure all virus and spyware is completely removed from your computer is to reinstall Windows, but you will need a Windows CD. Also, all your data, programs and settings will be gone so you would need to have a backup of your files.

You can also revert back to previous images from image-backup software (such as Acronis True Image, Macrium Reflect Free Edition or Paragon Drive Backup Express). But there is a chance malware had already infected your computer when you made the backup and so this is not totally safe.

As you can see both of these safer options have major drawbacks, which is why many people prefer to clean their computers using antivirus and antispyware tools.


Backup

You should back up your personal files to removable storage before you attempt to remove malware from your computer, but also scan the disk for spyware and other malware after you fix your computer. If you cannot log in then you can run a Live CD to copy your data onto a USB.


Tools

Download all the security programs listed here, preferably on another computer and copy them on to removable media.

Boot into Safe Mode by pressing F8 when your computer starts.

Update all the programs, run a full scan and then remove any malware that is found.

AntiVir Rescue System

If you can't boot into Windows or run the other security apps, then you should use this first. There is a tutorial on how to use it.

1. Hitman Pro

This program is useful as a preliminary check to see if your computer is clean, especially if you're unsure as to whether your computer is infected or not. You can remove infections with this for 30 days, after that it is limited to detection.

2. ATF Cleaner

It's a good idea to run a disk cleaner before you scan as malware often resides in temporary folders, and junk files will be removed so the scanning will be faster.

3. SUPERAntiSpyware Portable Scanner

SUPERAntiSpyware Free main screen

4. Malwarebytes' Anti-Malware free

Malwarebytes' Anti-Malware main screen

5. Dr.Web CureIt!

Dr.Web CureIt! main screen

6. BitDefender Online Scanner

7. HijackThis

If you believe your computer is still infected, then scan your computer with HijackThis and post the results on a malware cleaning forum. This is an advanced tool so do not remove items yourself.

HijackThis main screen

There are many forums which have experts to help clean your computer by analysing HijackThis logs. Some of these forums are:

Choose a forum and post your HijackThis log there. Don't post in more than one forum for one problem - this will just waste everyone's time. Also, all these sites have there own policies which you should follow before you post a log there.

8. System Restore

Now that the computer should be functioning, disable System Restore and enable it again. This is to stop malware which hides itself in System Restore Points. This website has instructions on how to disable and enable System Restore.

That’s it! Hopefully this malware removal guide has helped remove any malware or spyware from your computer. Remember, no antivirus or antispyware can detect or remove all malware, so there is always a minute chance that your computer is still infected after following the instructions here.

Please help us by rating this review

Related Products and Links
Related Spyware Removal Articles

Related Security Articles

Have Your Say

Please visit our freeware forum to share and discuss your views and get advice on free security software. To post in the forum you need to register first but that's quick and immediate.

This category is maintained by volunteer editor JonathanT. Registered site visitors can contact JonathanT by clicking here.

Tags

malware removal, spyware removal, virus removal

Share this
4.45652
Average: 4.5 (46 votes)
Your rating: None

Comments

by bearbottoms on 4. July 2012 - 21:02  (95736)

"The only way to ensure all virus and spyware is completely removed from your computer is to reinstall Windows, but you will need a Windows CD. Also, all your data, programs and settings will be gone so you would need to have a backup of your files."

The above is not necessarily the case, but a last resort. A good imaging plan is a much better approach. Image a clean install and you can revert to that rather than wipe your computer and reinstall Windows from a CD.

You can also manage images in such a way as to have a known clean image of all your installed programs, portable programs and data.

by Perto (not verified) on 5. July 2012 - 0:05  (95739)

What about reinstalling Windows using the method built-in to Windows Vista and I assume other versions? BTW my laptop is Toshiba. Thanks

by Elven (not verified) on 10. August 2011 - 3:32  (77350)

Hey, lately I have had the issue with IE randomly starting up by itself . . . doesn't go to a weird site or anything, just the homepage . . . but when you are playing a full screen game or even doing something on another browser it is very annoying to have IE open like 5 windows one after another, and it is completely random. Any ideas? Don't really want to have to wipe and reboot, this is a brand new comp and I just barely finished getting everything loaded, and virus check (McAfee)is coming up clean.

by MrBongo (not verified) on 10. August 2011 - 5:01  (77355)

I'd scan it initially with Malwarebytes and it's probably a good idea to scan with ESET online scanner as well.

http://www.eset.com/us/online-scanner

by mrpink on 22. June 2010 - 21:17  (52765)

When i download a virus from the net i always delete it with Eraser and i also always delete the contents of recucle bin with Eraser. I use Ccleaner on a daily basis set to secure file deletion. So, with all that i would expect from System Volume Information not to restore the virus, but it does. Can you explain that to me JonathanT or anyone?

by Anonymous on 18. June 2010 - 17:35  (52422)

Has Sunbelts "VIPRE rescue" (live.sunbeltsoftware.com) current version (VIPRERescue6465.exe) been tried and if so how effective is it?

by Anonymous on 18. June 2010 - 17:21  (52420)

I have been working a while with a worm.Brontok actual variant, which do not respond at all sugestion I have found on the net ;).For me Dr.Web CureIt! was the solution!!! Recommend it sincerly !!!!

by terrawarra on 18. June 2010 - 12:24  (52396)

Prevention is better than cure !.. "Sandboxie"

by Anonymous on 1. June 2010 - 18:19  (50830)

I've run Avira Rescue disk many times with no problem. The key is to get an .iso file (looks like a disc), not the .exe from the download page. Burn it to a CD and boot.

by Anonymous on 11. February 2010 - 2:01  (43344)

I have recently tried to research which Rescue Disk was the best in terms of efficiency and very importantly safety (i.e not removing or deleting important Windows reg files which prevent the user from even booting up), sadly all the main ones from Avira to Karpensky & Dr Web all had a few users repoting that they could no longer boot up after running the said rescue disk.
Also users of all the main rescue disc reported some issue or another.
You only have to look at Avira own forum to see how many people have had a problem with their rescue disk.

My sister had a infected machine which she asked me to look at, so in the end I make a bootable copy of the much touted Hiren rescue disc.
Unfortunately my sisters computer didn't have enough virtual memory to make the Hiren disc applications usable, so I ended up doing mulitple scans with various anti root kits, anti spyware & anti virus software run both in safe and normal mode (You need to run in normal mode not safe mode to detect any possible root kits)

So whilst rescue disc can work for some people,they may cause more problems for others.
Currently I don't think anyone actually supplies a reliable and safe rescue boot cd.
Don't get me wrong boot cd's are a great idea, but I don't think anyone has really cracked it yet, and certainly there is no "stand out" problem free boot CD yet.

KL
Oxford

by Anonymous on 24. January 2010 - 22:34  (41961)

Thanks for the reply, JonathanT.

I was just curious why you had removed them. I haven't used Kaspersky's VRT in a while, but see they have recently released a new version.

http://support.kaspersky.com/viruses/avptool2010

I haven't had a chance to test it yet though, so can't comment on its performance.

Another handy tool I use is 'Malaware' from Emsisoft. It's detection only, but lightning fast. Uses both a-squared and Ikarus' engines, so you'll need to watch for FP's.

http://www.emsisoft.com/en/software/malaware/

Anyhow, nice list.

Regards,
RD.

by Anonymous on 2. June 2010 - 12:57  (50883)

Malaware is ONLY for Active Malware!
Do Not count on Malaware that Much...
Use Hitman Pro, instead!

by JonathanT on 26. January 2010 - 14:27  (42128)

Hi RD

Thanks for the link to Malaware, it looks very interesting! Though as you say, it does seem rather prone to FPs.

by Anonymous on 23. January 2010 - 15:58  (41842)

Hi JonathanT,

How come you have removed the Kaspersky Virus Removal Tool and Anti-Rootkit scanners from your list?

Regards,
RedDawn.

by JonathanT on 24. January 2010 - 1:33  (41876)

Hi RedDawn

I felt that with the other scanners mentioned, Kaspersky and the antirootkit scanners shouldn't be necessary, particular since when I tried Kaspersky it had really slow scan speeds, and the antirootkit tools are not updated often. If you think this is incorrect please voice your suggestion!

by MissCharlie on 3. January 2010 - 20:11  (40153)

I have tried at least a half a dozen times to run the Rescue System. I have followed the directions to the "T" and I still can not get my PC to boot up for a cd. Everytime I do a reboot and have tried to change to restart in cd it still starts up and goes right to XP. Soooooo I will keep my fingers crossed and hope for the best and watch for suspicious actions from my pc/browser.

by MidnightCowboy on 3. January 2010 - 22:18  (40168)

Hi MissC

As per my reply to your post in the other comments I think you would be better to move this into the forum.

http://www.techsupportalert.com/freeware-forum/general-computer-support/

We are definitely making progress now between us but keeping track of this in the comments sections is very difficult. Posting in the forum will enable all of the editors to see your requests, nothing will get missed, and what follows will be in chronological order.

MC

by Anupam on 3. January 2010 - 20:16  (40154)

To boot from the CD, you may have to change your boot order. It might be that the PC is presently configured to boot from hard disk first. You will have to change the boot order from BIOS, so that the optical drive is before the hard disk in the boot order.

by Anonymous on 3. November 2009 - 7:46  (35682)

SuperAntiSpyware, now has an online scanner.

by JonathanT on 3. November 2009 - 11:36  (35709)

Thanks for the heads up! So others don't have to search the link I'll post it here:
http://www.superantispyware.com/onlinescan.html

by Anonymous on 9. September 2009 - 7:45  (32370)

GeekPolice should also be included on the list, they're awesome people.

by Dorkside on 9. May 2009 - 15:44  (21269)

Next to all this i would still prefer COMBOFIX.
off course this is dangerous and could be harmfull to your system.
And best to use when your machine is heavily infected...
But for the record. Ive used combofix now about 12 times. On Xp and Vista and i have never had system damage. It even fixes rootkits etc...

by Anonymous on 26. September 2009 - 3:14  (33334)

Oh, and be sure to turn Off your Anti Virus before running ComboFix, or all heck will break loose. Also Delete ComboFix exe after you are finished with it, or again, your AV might detect it as a Trojan or other Malware. That is because of how CF is designed. I think it is designed as Malware to fool the Malware already infecting your PC. That is just my opinion of course...

by EntitY on 26. September 2009 - 3:04  (33333)

ComboFix has save my PC from nasty Malware a few times and I had no problems as a result. It's especially good to use for those annoying Trojan Browser Re-directors and Popups. The main thing is to just let CF run until it's completely finished and not try to stop it before this time. I highly recommend this scanner!

by JonathanT on 10. May 2009 - 3:48  (21292)

Combofix should not be used without guidance from an experienced user. From Bleeping Computer's Combofix guide: "You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer."

by Dorkside on 11. May 2009 - 14:00  (21366)

Like you say due to the power of this tool :p
I'm just saying when you are really in deep shit.
And you thinking of a Format C:/.....
This may be a last resort....

by BajaDave on 6. February 2009 - 12:37  (15484)

Hi Jonathan,

Thanks for your great list of tools.
Very helpful!

Say I was wondering why did you recently remove the online scans
from the list?

Please Advise & Thanks
Dave

by JonathanT on 7. February 2009 - 1:57  (15528)

Hi Dave

Thanks for the kind words.

I'm just trying to simplify the article so people won't get confused, but I've still got BitDefender Online Scanner mentioned.

by Anonymous on 9. December 2008 - 12:19  (11674)

Somethings up with the Kaspersky AVP site. Looks like its been hacked.

Xty

by Anonymous on 21. October 2008 - 7:00  (9402)

Here are a list of malware removal guides for common infections:

http://www.geekpolice.net/malware-removal-guides-f12/

Gizmos Needs You

Gizmo's Freeware is Recruiting

 We are looking for people with skills or interest in the following areas:
 -  Mobile Platform App Reviews for Android and iOS
 -  Windows, Mac and Linux software reviews       Interested? Click here