You need to scan your computer for potential rootkits before using other malware removal software. A rootkit is malware that hides itself from Windows and anti-malware software.
Kaspersky TDSSKiller is a free rootkit removal tool that is designed to remove the TDSS rootkit. This rootkit downloads other malware, redirects Google search results, and prevents programs (exe files) from opening. TDSSKiller will also detect and remove other rootkits, such as the ZeroAccess rootkit.
If TDSSKiller won't open, download and run FixTDSS
from Symantec. If FixTDSS won't open, follow the instructions on thispage
. After you complete the steps, try opening TDSSKiller again.
Step 2 - Scan for and Remove Malware
Many malware removal tools will scan for and remove different types of malware, but unfortunately none of them will find and remove 100% of all malware. Therefore, it's important to use more than one tool to detect and remove all the malware.
The free tools listed below are highly recommended for removing all types of malicious software. They do an excellent job at detecting threats and completely removing them.
Make sure the malware scanners are up to date before you scan with them.
Do not use your computer for anything else until the scanning process has finished.
Do not run more than one scan at a time.
You may need to restart your computer to complete the malware removal process.
Uncheck the box that says, "Enable free trial," and then click Finish. Perform a quick scan. Once the scan is complete, remove all the listed threats by clicking on the Remove Selected button. Make sure that everything is checked.
If Malwarebytes won't install (access is denied), download the randomly named installer from here
. Try installing it again. If that doesn't work, skip down to HitmanPro. After you scan with HitmanPro, try installing Malwarebytes again.
When HitmanPro opens, click the Next button. Select the box that says No, I want to perform a one-time scan, and then clickNext. Once the scan is complete, click Next. Click Activate free license, and then click Next to remove the malware.
Note: HitmanPro requires Internet access to detect malware.
Step 3 - Online Malware Scan
If the malware removal tools can't remove all the malware, scan the computer using an online malware scanner. I recommend using ESET Online Scanner
. If the tools ran without any problems, you can skip this step.
After the Removal Process
Note: If you are in Windows safe mode, you can start the computer back to normal mode.
1. Remove Temporary Files
By removing your temporary files, you will delete any remaining malicious files from Windows temp folders. It will also free up hard disk space, which will help to speed up your computer.
Note: If you are experiencing problems like missing icons, skip this step and go on to Fix Post-Disinfection Problems.
Once installed, simply click the Run Cleaner button at the bottom right. You are warned that CCleaner is about to permanently remove files from the system. Click OK to proceed.
2. Change All Passwords
Certain types of malware will steal your personal data such as passwords, emails, and banking information. Change all your passwords immediately, especially if you do any banking or other financial transactions on the computer. Password Strength Checker
3. Clean up System Restore
Your system "restore points" may contain malware. The only way to remove the malware is to delete the restore points. To delete the restore points, follow the instructions here: Windows XP
- Windows 7
Note: If you're not experiencing any problems that are listed below, skip down to the Conclusion.
Fix Post-Disinfection Problems
After the malware is removed, you may experience some annoying problems, such as Windows will not update, Google redirects, and missing desktop icons. Fortunately, there are simple ways to fix these problems.
1. Can't Open Files (.exe)
Malware will frequently change Windows file associations. To fix this problem, download FixEXE.reg
and open it. Click Yes
and restart your computer.
2. Can't Connect to the Internet
If you are having problems connecting to the Internet, follow the instructions in this guide: Fix Internet Connection
3. Google Redirects (Random Websites)
First, try clearing your Java cache. Malware remnants will frequently hide in the Java cache. How do I clear the Java cache? Note:
If you do not use Java, you should uninstall it. If clearing the Java cache doesn't work, uninstall and reinstall your web browser.
If Google search is being redirected after trying all of the above, your router may be infected with malware. To fix this problem, you have to reset your router. How do I reset a router?
4. Missing Icons and Shortcuts (No Desktop)
Certain types of malware will hide all the icons on your computer. To unhide your icons, download Unhide
Once downloaded, double-click on Unhide and allow it to run. It will remove the hidden attribute on all icons and attempt to restore the Start menu items to their correct location.
5. Fix Windows Update and Firewall
If you are having problems updating Windows or turning on Windows Firewall, download and run these tools:
6. Slow Computer
7. Windows won't start (Windows blue screen or black screen)
8. Other Problems
, by Tweaking.com, allows you to repair various Windows settings. It can fix system files, reset Windows file and registry permissions, remove settings set by malware, and more. You can find the repair feature by clicking the Start Repairs
tab. You may also want to use Re-Enable
, which can undo many changes made by malware.
If you want to be certain that your computer is completely cleaned or just want a second opinion, you can create a topic at one of the forums listed below and ask for help. These forums have people who are well trained and experienced in removing malware. Be sure to mention in your topic that you followed this guide. Please note that it may take a couple of days to receive a reply, so be patient.
Can't Boot Into Windows or Safe Mode?
If Windows won't start or if your computer won't start in safe mode, I recommend using a bootable antivirus CD.
A bootable antivirus CD can be used to scan your computer for malware without having to boot into Windows. Many antivirus companies provide free bootable CDs. They are extremely effective at removing malware from a computer.
Below are three highly recommended bootable antivirus CDs. I recommend using Kaspersky Rescue Disk.
- Burn the antivirus ISO file onto a CD using CD burning software.
- Insert the CD into the infected computer's CD-ROM drive.
- Enter the computer's BIOS, set it to boot from the CD, and reboot the computer. How to Boot from a CD
- Scan for and remove malware using the bootable CD.
If the bootable CD doesn't work, follow the instructions mentioned above in the Expert Analysis section.
Your computer should be completely cleaned of all malware after following this guide. If you believe your computer is still infected, seek professional help to remove the malware. If you like this guide, please share it orleave a comment
Once your computer is free from malicious software, keep it that way! Follow this security checklist
step by step.
Common Computer Malware
The following is a list of malware that many computer users encounter.
Smart Fortress/HDD 2012 (Fake antivirus)
Live Security Platinum (Fake antivirus)
ZAccess/Sirefef rootkit (Google redirect virus) Removal tool: Yorkyt by Panda or FixZeroAccess by Symantec
Tidserv/Alureon rootkit (Google redirect virus) Removal tool: Kaspersky TDSSKiller
DNS Changer malware