- Mar 3, 2011
- 559
I decided to write another tutorial on removing malware to explain a few things a person can do to remove specific and common infections. If this guide doesn't work out for you and you need help, feel free to post on forums like BleepingComputer, GeeksToGo etc. With nothing more to say let's get right in.
1. Running RKill (optional)
This step is optional, it's mostly meant for rogue infections and isn't needed most of the time for everyday malware (doesn't mean your not suppose to use this even if it's not needed). Download RKill from here and save it to your desktop, then proceed to run the file. If a rogue antivirus is preventing it from running it, rename it to eXplorer.exe and try again. A Command Prompt (CMD) window should now appear, it will take a few minutes for malicious processes to be found and killed, one it's complete you should see a Notepad window pop-up, keep this log file as you might need it later. Do not reboot your computer, just proceed to step 2.
2. Running MBAM
The next step of course (you guessed it) is running a tool called Malwarebytes' Anti-Malware (aka. MBAM). Download the free version from here and save it to your desktop. You should now be able to run this since any known malicious processes that were supposedly preventing were killed (temporarily). Now just run the setup and go through installation, make sure to check Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware at the end, and click Finish. After the update is finished, you should see the main interface, check Perform quick scan and click Scan, a quick scan should take a minute or so, once it's finished, make sure all threats are checked and click Remove Selected, finish rebooting and the threat should be gone
MBAM can't detect it!
This is rare, but in a case where MBAM can't detect it, you'll need to manually remove the infection, until MBAM starts picking it up to completely remove it. To do this, go into your Rkill log file (see, told ya you'll need it) and browse to the directory of the process' that were killed, delete these. Can't find them? Make sure that showing hidden files and folders is enabled. Can't delete it? Use a tool called FileASSASSIN built-in to MBAM to delete them. Once done, wait a few hours or a full day for MBAM to start picking up the infection, then do another scan (make sure to update!).
Optional on-demand scanners:
Hitman Pro (if you choose to remove any detected threats, it will start the 30-day trail)
Norton Power Eraser (aggressive heuristics, use for serious infections)
Dr.Web Cureit
Kaspersky Bootable CD
3. Removing specific infections (do this only if your infected with one of the following)
To remove specific infections (like TDSS etc.), we're going to be using tools specifically made for these, here are some links to where you can download them (as well as links to tutorials on using them).
TDSS Killer - BleepingC. Tutorial
VundoFix - BleepingC. Tutorial
Zbot Killer - Kaspersky Tutorial
Flash Disinfector - BleepingC. Thread (read the first reply)
4. Expert malware removal tools (again, this isn't considered to be a step, rather just a list of tools).
Only use the following if your experiencing a serious infection and if your unsure about something, ask an expert over at BleepingC. GeeksToGo, GeekPolice etc. Here are some of the tools I found:
ComboFix - BleepingC. Tutorial (must read before running!)
HiJackThis (little easier to use then the rest) - BleepingC. Tutorial
OTL (OldTimer ListIt) - GeeksToGo Tutorial
DDS - No guide found yet (or really needed for that matter, might be one on TSF).
That's pretty much it for this guide, if anyone has any suggestions, I'll gladly add to this tutorial. Peace!
1. Running RKill (optional)
This step is optional, it's mostly meant for rogue infections and isn't needed most of the time for everyday malware (doesn't mean your not suppose to use this even if it's not needed). Download RKill from here and save it to your desktop, then proceed to run the file. If a rogue antivirus is preventing it from running it, rename it to eXplorer.exe and try again. A Command Prompt (CMD) window should now appear, it will take a few minutes for malicious processes to be found and killed, one it's complete you should see a Notepad window pop-up, keep this log file as you might need it later. Do not reboot your computer, just proceed to step 2.
2. Running MBAM
The next step of course (you guessed it) is running a tool called Malwarebytes' Anti-Malware (aka. MBAM). Download the free version from here and save it to your desktop. You should now be able to run this since any known malicious processes that were supposedly preventing were killed (temporarily). Now just run the setup and go through installation, make sure to check Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware at the end, and click Finish. After the update is finished, you should see the main interface, check Perform quick scan and click Scan, a quick scan should take a minute or so, once it's finished, make sure all threats are checked and click Remove Selected, finish rebooting and the threat should be gone
MBAM can't detect it!
This is rare, but in a case where MBAM can't detect it, you'll need to manually remove the infection, until MBAM starts picking it up to completely remove it. To do this, go into your Rkill log file (see, told ya you'll need it) and browse to the directory of the process' that were killed, delete these. Can't find them? Make sure that showing hidden files and folders is enabled. Can't delete it? Use a tool called FileASSASSIN built-in to MBAM to delete them. Once done, wait a few hours or a full day for MBAM to start picking up the infection, then do another scan (make sure to update!).
Optional on-demand scanners:
Hitman Pro (if you choose to remove any detected threats, it will start the 30-day trail)
Norton Power Eraser (aggressive heuristics, use for serious infections)
Dr.Web Cureit
Kaspersky Bootable CD
3. Removing specific infections (do this only if your infected with one of the following)
To remove specific infections (like TDSS etc.), we're going to be using tools specifically made for these, here are some links to where you can download them (as well as links to tutorials on using them).
TDSS Killer - BleepingC. Tutorial
VundoFix - BleepingC. Tutorial
Zbot Killer - Kaspersky Tutorial
Flash Disinfector - BleepingC. Thread (read the first reply)
4. Expert malware removal tools (again, this isn't considered to be a step, rather just a list of tools).
Only use the following if your experiencing a serious infection and if your unsure about something, ask an expert over at BleepingC. GeeksToGo, GeekPolice etc. Here are some of the tools I found:
ComboFix - BleepingC. Tutorial (must read before running!)
HiJackThis (little easier to use then the rest) - BleepingC. Tutorial
OTL (OldTimer ListIt) - GeeksToGo Tutorial
DDS - No guide found yet (or really needed for that matter, might be one on TSF).
That's pretty much it for this guide, if anyone has any suggestions, I'll gladly add to this tutorial. Peace!
