This guide will help you clean your computer of malware. It contains instructions that will remove most malware infections on a Windows operating system (if done correctly and in order). It highlights the tools and resources that are necessary to clean your system. Malware is general term for any malicious software, including viruses, worms, trojans, rootkits, spyware and adware.
You can also see some useful virus removal tools here and how to use them
Preparation for the Removal Process
1. Temporary File Clean up
Before you scan your computer for malware, you need to remove your temporary files. Removing your temporary files will greatly reduce your scan times and occasionally will fix some malware problems.
Download and install CCleaner (Slim) - Download here – Homepage
See image below
Make sure you close your web browser before clicking on “Run Cleaner.”
Removal Process
Some malware infections block Internet access, disable the desktop, and prevent anti-malware software from running. This can usually be avoided by restarting your computer in safe mode. To access safe mode, press the F8 key before Windows begins to load. You will see a screen with options such as Safe Mode, Safe Mode with Networking, Safe Mode with Command Prompt, etc. Use the arrow keys to select the Safe Mode with Networking option, and then press Enter. You will be able to download and update your anti-malware software in this mode. In safe mode most malware will not run, thus, giving anti-malware software a better chance to detect and remove the malware.
You need to scan your computer for possible rootkits before running other anti-malware software.
TDSSKiller is a free tool from Kaspersky. It is specially designed to remove the TDSS rootkit family (TDSS, Tidserv, TDL3, and Alureon). This rootkit family downloads and execute other malware, delivers advertisements to your computer, and block programs from running. It is also one of the causes for unauthorized Google redirects. TDSSKiller is simple to use and requires no installation.
Download and run TDSSKiller – Download here – Homepage
To run TDSSKiller, follow these instructions:
When the program opens, click the “Start scan” button and wait until the scan completes. The scan is very short (less than a minute). Do not use your computer during the scan. If the scan completes with nothing found, click Close to exit. If malicious objects are found, they will show in the Scan results. Ensure Cure (default) is selected, then click Continue. It may ask you to reboot the computer to complete the disinfection.
If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (e.g. 123abc.com). If you do not see the file extension, please refer to these instructions.
There are many tools that will scan for and remove various malware infections. Unfortunately, none of them will detect and remove 100% of all malware; therefore, it is important to use more than one, in the hope that their combined detection is enough to find the problem.
Below are three highly recommended on-demand scanners. They do an excellent job at detecting threats and completely removing them.
Important notes:
- After you have downloaded and updated the on-demand scanners, disconnect your internet connection. This will eliminate the possibility of any further malware from installing on your computer.
- Do not use your computer for anything else until the scanning process has finished.
- Some of these scans may take over an hour to run.
- Do NOT run more than one scan at a time.
- You may need to restart your computer to complete the removal process.
Download and install MalwareBytes‘ Anti-Malware - Download here – Homepage
Perform a Quick scan. Once the scan is completed, remove all found infections. You can also perform a Full system scan, but that is optional.
If installation fails, simply rename the downloaded file (mbam-setup.exe) to a random name, and try running it again.
Download and run SuperAntiSpyware Portable - Download here – Homepage
Why, you might ask, am I using the portable version? Because it requires no installation, contains the latest definitions, and automatically gives you a random filename, so malware can’t block it from running.
Download and run Hitman Pro – Download here (32-bit), (64-bit) – Homepage Requires no installation.
Hitman Pro requires a working internet connection to detect malware.
Note: SuperAntiSpyware and Hitman Pro are both portable, which means they can run directly from a USB flash drive. You can take them anywhere and use them on any computer.
If the on-demand scan fails to find anything or if it finds malware that it can’t delete, it is time to launch a full antivirus scan.
If you currently have antivirus software installed on your computer, make sure it is up to date with the latest virus definitions, and perform a full system scan with it. Remove or quarantine everything that it finds.
If you do not have antivirus software installed, get it immediately. 
Avira AntiVir and 
Avast! Antivirus are both are highly recommended antivirus programs.
After the Removal Process
1. Disable and Enable System Restore
Your “restore points” may contain malware. The only way to remove the malware is to turn off System Restore, and then turn it back on. This will remove any old points that contain malware.
2. Change All Passwords
Some malware infections will steal your personal data such as passwords, emails, and banking information. Change all your passwords immediately, especially if you do any banking or other financial transactions on the computer.
1. Internet Connection Problems
Malware will often turn on a proxy setting, which can prevent you from accessing the Internet. Fixing it is easy:
, click Run, type inetcpl.cpl, and then click OK. Go to the Connections tab, and click LAN Settings. Uncheck the first proxy server setting, and then click OK two times.
You can also simply use SuperAntiSpyware’s Repair function to repair the Internet connection. Additionally, it can repair or recover other system settings such as Control Panel, System Restore, Safe Mode, Registry, Desktops, System Tray, Task Manager, folder options, and web browser settings. You will find the repair feature under the “Repairs” tab. SuperAntiSpyware
2. Web Browser Hijacked: Home Page and Default Search
Malware will usually try to hijack and redirect your web browser. Your home page and default search may be changed. Open your web browser options, and correct the choices.
You may also want to use Virus Effect Remover, which can undo many changes made by a malware infection.
Can’t Boot Into Windows or Safe Mode?
If the malware infection is so severe that you cannot boot into Windows or safe mode, then I recommend using an antivirus rescue CD. An antivirus rescue CD is a bootable CD that can be used to scan your computer for malware without having to boot into the operating system. Many antivirus companies provide free rescue CDs. They are extremely effective at removing malware.
Below are three highly recommended antivirus rescue CDs.
Avira AntiVir Rescue System (220 MB) – How to create and use Avira Rescue CD
Kaspersky Rescue Disk (193 MB) – How to use the Kaspersky Rescue Disk
AVG Rescue CD (80 MB) – AVG Rescue CD Guide
- Burn the antivirus ISO file to a CD using CD burning software.
- Insert the CD into the infected system’s CD-ROM drive.
- Enter the PC’s BIOS, set it to boot from the CD, and reboot the computer.
- Scan the computer with the rescue CD.
- Remove Malware using Anti-Malware Rescue Disk
- How to Combine Rescue Disks to Create the Ultimate Windows Repair Disk
If all else fails, you must reformat your hard drive and reinstall Windows. When should I re-format? How should I reinstall?
Guide via http://realsecurity.web.officelive.com/removemalware.aspx
Related posts:
Welcome to 