Read my Disclaimer:

Disclaimer - If you have any intent other than personal edification; you need to leave now. All visitors are required to read and accept the disclaimer. By continuing to use this blog or anything contained in it you acknowledge that you accept the terms of my disclaimer and pretty much anything else I think up!

Content Usage: I don't mind if you share / copy parts of my content. In fact, I encourage you to do so! However, if you use my content you must give me a link back and credit your source. I don't think that's too much to ask given the awesomeness that you'll find here!

Friday, March 13, 2015

Malware Removal Guide for 2015

Chris just dealt with a Malware situation that brought a bunch of stuff to my attention.  My old Malware Removal Guide works great for Windows 7 and below but doesn't quite take care of 8/8.1.  I figured i'd write up a quick updated process with some new tweaks and whatnot.

So without further ado, here is the updated guide with a XP/Vista/7 and 8/8.1 sections:

Preliminary: You may want to try a system restore first (go back to a date that the system was working properly) - then run through the following processes.  You'll also note that the Windows 8/8.1 section is basically the same as the XP/7 section.  That's because it is.  The only real difference is the lack of the ability to use Combofix in 8.  You would do well to run most of these utilities in "Safe Mode".  Here's a link to the Bleeping computer article on enabling "Safe Mode" for Windows 8. 

We found that some of the particularly nasty Malware can only be ripped out in "Safe Mode".

Windows XP/Vista/7:

Step 1: Disable your antivirus packages "Real Time" protection.
Step 2: Download the following utilities: Malwarebytes Anti-Malware, Rkill, ADWCleaner, JRT, Combofix, Kaspersky's TDSSKiller, & Norton's Power Eraser

Note 1: On a badly infected machine it's best to download them on a clean PC and thumb drive them over.

Note 2: If you are unable to Start PC B/C of Ransom-ware (FBI/NSA or the like) your only choice is to go grab a copy of Hitman Pro. Here is a link to the Bleeping Computer Removal Article.

Note 3: If your PC is working fairly well you can start this process with Malwarebytes if not, you'll do it at the end.

Step 3: If you are using a flash drive make a directory on the "C" drive and copy over your utilities.
Step 4: Run Rkill and let it complete
Step 5: Run TDSSKiller & Restart if necessary.

Note 4: If you restarted - make sure your antivirus package is still disabled and re-run Rkill

Step 6: Run JRT - Update / Reboot if Necessary 
Step 7: Run ADWCleaner - You Scan first then, clean & it will make you restart.
Step 8: Run Combofix and let it complete.  This takes forever so you may want to go get a coffee or something.  After it completes it will restart the PC and create a log file.  The log file creation takes a while too, so be prepared to wait.

Note 5: Combofix is a very powerful utility and can completely nerf you system.  Be very careful with both this and Norton Power Eraser.  Use both of these utilities AT YOUR OWN RISK! 

Step 9: Run Norton Power Eraser & Let it do it's thing.  When it's finished remove the items it finds.

Note 6: Power Erase WILL find valid applications!  You'll have to re-install them after the process is completed and you've verified your PC is Malware / Trojan / Virus free.

Step 10: Boot normally, install Malwarebytes Anti-Malware, Update it, & run a complete system scan.  Clean anything it finds, reboot, & do it again.

You should be clean at this point!!!!!!

Windows 8/8.1

Step 1: Disable your antivirus packages "Real Time" protection.
Step 2: Download the following utilities: Malwarebytes Anti-MalwareRkillADWCleanerJRT, Kaspersky's TDSSKiller, & Norton's Power Eraser

Note 1: On a badly infected machine it's best to download them on a clean PC and thumb drive them over.

Note 2: If you are unable to Start PC B/C of Ransom-ware (FBI/NSA or the like) your only choice is to go grab a copy of Hitman Pro. Here is a link to the Bleeping Computer Removal Article.

Note 3: If your PC is working fairly well you can start this process with Malwarebytes if not, you'll do it at the end.

Step 3: If you are using a flash drive make a directory on the "C" drive and copy over your utilities.
Step 4: Run Rkill and let it complete
Step 5: Run TDSSKiller & Restart if necessary.

Note 4: If you restarted - make sure your antivirus package is still disabled and re-run Rkill

Step 6: Run JRT - Update / Reboot if Necessary 
Step 7: Run ADWCleaner - You Scan first then, clean & it will make you restart.
Step 8: Run Norton Power Eraser & Let it do it's thing.  When it's finished remove the items it finds.

Note 6: Power Eraser WILL find valid applications!  You'll have to re-install them after the process is completed and you've verified your PC is Malware / Trojan / Virus free.  This utility is very powerful and can nerf your system: USE AT YOUR OWN RISK!!

Step 9: Boot normally, install Malwarebytes Anti-Malware, Update it, & run a complete system scan.  Clean anything it finds, reboot, & do it again.

You should be clean at this point!!!!!!

Special thanks to the people at Bleeping Computer - It's my opinion that they are one of the best sources of information on the net!

Disclaimer: We are not responsible for anything that happens to your computer or your data.  You are following these instructions at your own risk.

This article addresses standard Malware.  If you have any of the Crypto Variants; they require a completely different process.  Here is the information & removal procedure: How to remove Crypto Locker and it's Variants.

Our free Antivirus Pick:
Yep, it's Still BitDefender.  There are no PUPS and it's very light weight but, still does a great job.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)