Malware infection of Windows based pc's is a problem that people are asking my help with at an alarming rate! The term "malware" refers not just to viruses, but also to unwelcome adware, spyware, and similar forms of infection which, though not technically "viruses" can render your computer totally unusable and, even worse, leak your sensitive, personal, and private information, or even surrender control of your computer, to someone out there in the vast cloud of the internet.
Some things you can do to prevent getting infected with malware in the first place are to run alternative operating systems such as linux (Ubuntu, Debian, Red Hat, etc.) or Mac O/S - these operating systems are quite good, and fairly impervious to malware. If you are dedicated to Windows, the smartest easy thing you can do to prevent malware infection is to install a good quality, reputable anti-malware product that includes "real time" protection. All three of the anti-malware products I mention further on in the article are able to do this, though you might have to pay for that feature. As a rule the traditional names in antivirus software just aren't that good at protecting against other kinds of malware. Yes, I'm talking about Norton, Symantec, McAfee, AVG, Avast!, and the like. Don't get me wrong, all of these products stop viruses well, but none of them protect well against all kinds of malware in my experience. Either they simply don't catch and clean up adware and spyware thoroughly (this is the case with all of these from my observation, actually), or they have a severe impact on the performance of your computer (here I'm thinking mostly of Norton/Symantec and McAfee "suite" products - my advice: uninstall them from your computer and get AVG or Avast!). Thus, it really is necessary to run both a real time antivirus product that is light on system resources, like AVG or Avast!, and a good anti-spyware product with real time protection, like those mentioned below (remember you may need to pay for the realtime protection feature!).
But what to do if you are already infected with malware and you either don't have an anti-malware solution installed, or what you do have is malfunctioning or unable to clean up the infection?
I have gotten this question so often the last couple of months that I wrote up a little "recipe" for you do-it-yourselfers out there. This procedure has really worked miracles for me, and is the first thing (and often the only thing) I do to computers that are brought to me with malware infections.
So, here's my recipe for how you might be able to cleanup your virus and spyware problems yourself without spending a dime on software (remember, after the infection is cleaned up and your pc is working normally again, you really should be using dedicated realtime anti-malware protection, and you might need to pay for that). If going into "safe mode" is too far beyond your capacity with the computer, just ignore that part and do everything indicated using your normal Windows bootup process, login, and desktop.
First, in regular Windows mode, download and install the free versions of each of these three programs:
If your pc does not seem to be able to download them, it could be the malware infection blocking you - use another computer to download the programs and save them to a flash drive, then install them on the infected pc from the flash drive. In some cases, the malware infection may even block the installation in regular Windows mode, but might install properly in Safe Mode under an administrator level login (select Safe Mode With Networking in this case so that you will be able to download the updates.)
After installing each, start them each up one time to "check for updates" - all three of them have built-in updating mechanisms. At this time, also run the update utility on your antivirus product. If your antivirus software is not able to be udpated, not functioning, or you do not have any installed, download and install the free ClamWin software from: http://www.clamwin.com/ . Before doing a scan with ClamWin, be sure to run the update process immediately, and to go into the preferences and tell it to move infections to the quarantine rather than only report them! Let me say that again - by default, ClamWin only reports the virus infections it finds; you need to go into the options and modify them to quarantine virus infections! Keep in mind that ClamWin is an "on demand" antivirus scanner only - since it does not provide "real time" protection, it is not a good program to prevent virus infections. It is very good at cleaning them up after the fact, however. Thus, after your computer is restored from its malware infection, be sureunistall ClamWin and obtain a high-quality "realtime" antivirus program like Avast!, AVG, Norton, McAfee, etc..
Once all three anti-malware products and your antivirus solution are installed and updated to the latest versions, reboot into safe mode (without networking): http://pcsupport.about.com/od/fixtheproblem/ss/safemodexp.htm . Log in with your own username and password. If prompted, indicate that you do not want to enter "System Restore".
Now run the "Disk Cleanup Wizard" (Start->All Programs->System Tools->Disk Clean Up) and let it delete all files from the Recycle Bin, Temporary Files, and Temporary Internet Files. If it suggests other types of files to delete, uncheck them - only allow it to delete the above three types. This will potentially save you significant time waiting for the scans to complete, since they will have fewer files to scan.
Now it's time to start scanning for those nasty malware infections. This is going to take lots of time and lots of patience. Hang in there.
Do a full antivirus scan with your true antivirus scanner (Norton, McAfee, AVG, Avast!, ClamWin, etc.). Do not reboot after the scan, even if the antivirus software suggests it. Next run all three of the spyware cleaners back-to-back without rebooting (each of them will probably encourage you to do a reboot after you run it, but do not reboot until all three have run). Run them in the order listed above. Some of them have different scanning modes: quick mode or full/thorough mode; make sure to select the full/thorough mode. Allow them to fix/cleanup all problems found except "cookies" - cookies generally don't cause the kind of problems that make your computer unusable or buggy and in some cases deleting them could affect your ability to use websites that are important to you.<br />
After all three anti-malware scans have run, reboot into regular mode and run each of them successively a second time in the same order. If any of them continues to find an infection (other than cookies!) after this second round of scans, you have one that is going to take some extra effort to remove - at this point you need to call in professional help.
Footnote: To be absolutely thorough, if you have more than one account / log in on your Windows pc, you should repeat one round of the scanning processes while logged in as each of them! Some malware's hide within one particular user's account settings area and therefore will not be cleaned up by running the scans as a different user.
Patrick E. Bennett, Jr.
Computer & Networking Support Consultant
209-487-0441
Email Patrick
All-inclusive, comprehensive real time malware protection for home and business: antivirus, antispyware, anti-rootkit.
Free download with 60 day free trial. Get Avast Professional Now. Click Here
pebcomputing: full service computing support for small businesses in northern california
unix · linux · foss - free & open source software · windows workstations · networking · medical computing
209-487-0441 · Email Patrick