In this tutorial, I’m going to be explaining a few techniques I learned for removing common infections. I’ll talk about two specific methods, one for removing common malware infections and another one for removing common rogue infections (rogues are fake antivirus applications that claim a user is infected with a large amount of malware, in an attempt to get the victim to pay for the fake AV). Please note that for help on a specific situation, ask a malware removal expert either here or anywhere else.
Method 1: Removing common malware
This method can be used to remove today’s most common malware infections for free, if this method fails for you, read the second method which might help. Again, this is not for specific infections, you can get help on forums like this one from a malware expert. Follow these steps on your infected computer.
Step 1: Download Malwarebytes’ Anti-malware (an on-demand scanning tool that will not cause conflict with an existing AV) from here. If the link doesn’t work, click here.
Step 2: After the download finished, navigate to the location of the file (most likely the desktop or downloads folder) and run the file. Go through the installation as you would with any program and once it’s finished installing, make sure to keep options to run and update Malwarebytes’ checked, then just click Finish.
Step 3: When the interface is open, check the box next to “Perform quick scan” and select the Scan button. The quick scan will take only a few minutes, once it’s finished, keep all the threats found checked (that is, the check boxes next to them) and select “Remove selected threats”. The removal will require a restart in order to complete, so make sure to save all the work you were doing before.
Method 2: Removing rogue software
This method will focus on removing rogue antivirus software, the reason I added this specific method is because, rogue AV’s will most likely prevent programs from running, so this guide will show you how to bypass that and remove the rogue.
Step 1: The first thing you need to do is terminate the rogue process, to do this, we will be using a tool called rkill. Visit this link and select “eXplorer.exe Download Link” this is because while the rogue may block certain programs from running, it will still need to allow programs needed for Windows to function correctly, one of them is called “explorer.exe” and with this download link, the file will have the same name (of course, you could have changed the name later on).
Step 2: Once the download is finished, locate the file (usually on the desktop or downloads folder) and run it. A command prompt window will appear, you’ll have to wait a bit for the malicious process to be killed. The icons on your desktop and toolbar will disappear for a second, this is normal, once they are back, this means the process should be finished.
Step 3: After they have been finished, do not restart your computer! Download a program called Malwarebytes’ Anti-Malware (a scanner that won’t conflict with any existing AV) from here, if the link isn’t working, click here.