Binary I.T. Solutions, Inc.

Malware Removal Guide Windows

This guide will help you remove malicious software from your computer. If you think your computer might be infected with a virus or trojan, you may want to use this guide. It provides step-by-step instructions on how to remove malware from Windows operating system. It highlights free malware removal tools and resources that are necessary to clean your computer. You will quickly learn how to remove a virus, a rootkit, spyware, and other malware. Signs of malicious software

Disclaimer: This malware removal guide is intended to be used as a self-help guide. It is not a substitute for professional malware removal.

I recommend that you back up all your important data before attempting to perform the malware removal process. In the event of a system failure, you will be able to restore your data. Do not back up any system files, programs (.exe), or screensavers (.scr) because they may be infected with malware. How do I back up my data? (Windows 7, Vista, XP)

  1. In some cases, the only way to remove malware is to reformat and reinstall Windows. 
  2. Save or bookmark this page so you can easily refer to it if needed. Add bookmark = Ctlr + D
  3. This guide will continue to be updated, so please check back often. - Latest updates
  4. If you have any questions or comments regarding this guide, you can contact me by email: 
                 - Preparation for Removal
                 - Removal Process
                 - Step 1 - Scan for and Remove Rootkits
                 - Step 2 - Scan for and Remove Malware
                 - Step 3 - Online Malware Scan
                 - After the Removal Process
                 - Fix Post-Disinfection Problems
                 - Get Expert Analysis
                 - Can't Boot Into Windows or Safe Mode?
                 - Conclusion

Preparation for Removal

Note: If you are having problems downloading files, download the files in this guide on another computer, and then transfer them to the infected computer with a CD or USB flash drive.
1. Can't Open Files / Can't Connect to the Internet
If you have malware that is blocking Internet access or preventing programs (exe files) from opening, follow the steps on this page: Stop Malicious Processes and Fix EXE Files It contains instructions on how to stop malware processes and fix .exe files.
If the instructions don't work, skip down to Can't Boot Into Windows or Safe Mode?
2. Fix Internet Connection Problems
Certain types of malware will turn on an Internet proxy setting and hijack Windows DNS cache, which can prevent you from accessing the Internet or downloading tools required for malware removal. Follow these instructions to fix this problem:
Download and open MiniToolBox - Download here - Homepage
Check the following boxes: Flush DNSReset IE Proxy SettingsReset FF Proxy Settings If you have Firefox open, close it before you click the Go button.
Click on the Go button.

Removal Process

Note: If you experience any problems after removing the malware, skip down to Fix Post-Disinfection Problems.

Step 1 - Scan for and Remove Rootkits

You need to scan your computer for potential rootkits before using other malware removal software. A rootkit is malware that hides itself from Windows and anti-malware software.
Kaspersky TDSSKiller is a free rootkit removal tool that is designed to remove the TDSS rootkit. This rootkit downloads other malware, redirects Google search results, and prevents programs (exe files) from opening. TDSSKiller will also detect and remove other rootkits, such as the ZeroAccess rootkit. 
Download and open TDSSKiller - Download here or here - Homepage  It requires no installation.
Follow these instructions to use TDSSKiller:
When the program opens, click the Start scan button. If the scan finds nothing, click Close to exit. If malware objects are found, the default action will be Cure or Delete. Don't change it and click Continue. If suspicious objects are found, the default action will be Skip. Don't change it and click Continue. It may ask you to reboot the computer to complete the rootkit removal process. 

Note: If TDSSKiller won't open, download and run FixTDSS from Symantec. If FixTDSS won't open, follow the instructions on thispage. After you complete the steps, try opening TDSSKiller again.

Step 2 - Scan for and Remove Malware

Many malware removal tools will scan for and remove different types of malware, but unfortunately none of them will find and remove 100% of all malware. Therefore, it's important to use more than one tool to detect and remove all the malware.
The free tools listed below are highly recommended for removing all types of malicious software. They do an excellent job at detecting threats and completely removing them. 
Important notes:
  • Make sure the malware scanners are up to date before you scan with them. 
  • Do not use your computer for anything else until the scanning process has finished.
  • Do not run more than one scan at a time.
  • You may need to restart your computer to complete the malware removal process.
    Download and install Malwarebytes Anti-Malware - Download here or here - Homepage
    Uncheck the box that says, "Enable free trial," and then click Finish. Perform a quick scan. Once the scan is complete, remove all the listed threats by clicking on the Remove Selected button. Make sure that everything is checked.
    Note: If Malwarebytes won't install (access is denied), download the randomly named installer from here. Try installing it again. If that doesn't work, skip down to HitmanPro. After you scan with HitmanPro, try installing Malwarebytes again. 
    Download and open HitmanPro - Download here (32-bit)(64-bit) - Homepage  It requires no installation. 
    When HitmanPro opens, click the Next button. Select the box that says No, I want to perform a one-time scan, and then clickNext. Once the scan is complete, click Next. Click Activate free license, and then click Next to remove the malware.
     Note: HitmanPro requires Internet access to detect malware.

    Step 3 - Online Malware Scan

    If the malware removal tools can't remove all the malware, scan the computer using an online malware scanner. I recommend using ESET Online Scanner. If the tools ran without any problems, you can skip this step.

    After the Removal Process

    Note: If you are in Windows safe mode, you can start the computer back to normal mode.
    1. Remove Temporary Files
    By removing your temporary files, you will delete any remaining malicious files from Windows temp folders. It will also free up hard disk space, which will help to speed up your computer.
    Note: If you are experiencing problems like missing icons, skip this step and go on to Fix Post-Disinfection Problems.
    Download and install CCleaner - Download here 
    Once installed, simply click the Run Cleaner button at the bottom right. You are warned that CCleaner is about to permanently remove files from the system. Click OK to proceed.
    2. Change All Passwords
    Certain types of malware will steal your personal data such as passwords, emails, and banking information. Change all your passwords immediately, especially if you do any banking or other financial transactions on the computer. Password Strength Checker
    3. Clean up System Restore
    Your system "restore points" may contain malware. The only way to remove the malware is to delete the restore points. To delete the restore points, follow the instructions here: Windows XP - Windows 7
    Note: If you're not experiencing any problems that are listed below, skip down to the Conclusion.

    Fix Post-Disinfection Problems

    After the malware is removed, you may experience some annoying problems, such as Windows will not update, Google redirects, and missing desktop icons. Fortunately, there are simple ways to fix these problems.
    1. Can't Open Files (.exe)
    Malware will frequently change Windows file associations. To fix this problem, download FixEXE.reg and open it. Click Yes and restart your computer.
    2. Can't Connect to the Internet
    If you are having problems connecting to the Internet, follow the instructions in this guide: Fix Internet Connection
    3. Google Redirects (Random Websites)
    First, try clearing your Java cache. Malware remnants will frequently hide in the Java cache. How do I clear the Java cache? Note: If you do not use Java, you should uninstall it. If clearing the Java cache doesn't work, uninstall and reinstall your web browser.
    If Google search is being redirected after trying all of the above, your router may be infected with malware. To fix this problem, you have to reset your router. How do I reset a router?
    4. Missing Icons and Shortcuts (No Desktop)
    Certain types of malware will hide all the icons on your computer. To unhide your icons, download UnhideHomepage
    Once downloaded, double-click on Unhide and allow it to run. It will remove the hidden attribute on all icons and attempt to restore the Start menu items to their correct location.
    5. Fix Windows Update and Firewall
    If you are having problems updating Windows or turning on Windows Firewall, download and run these tools:
    6. Slow Computer
    If your computer is running slow, follow the steps in this guide: How to Speed Up a Slow Computer
    7. Windows won't start (Windows blue screen or black screen)
    Unfortunately, this problem occurs after removing certain rootkits: How to Fix Windows Startup Problems
    8. Other Problems
    Windows Repair, by, allows you to repair various Windows settings. It can fix system files, reset Windows file and registry permissions, remove settings set by malware, and more. You can find the repair feature by clicking the Start Repairstab. You may also want to use Re-Enable, which can undo many changes made by malware.   

    Get Expert Analysis

    If you want to be certain that your computer is completely cleaned or just want a second opinion, you can create a topic at one of the forums listed below and ask for help. These forums have people who are well trained and experienced in removing malware. Be sure to mention in your topic that you followed this guide. Please note that it may take a couple of days to receive a reply, so be patient.

    Can't Boot Into Windows or Safe Mode?

    If Windows won't start or if your computer won't start in safe mode, I recommend using a bootable antivirus CD
    A bootable antivirus CD can be used to scan your computer for malware without having to boot into Windows. Many antivirus companies provide free bootable CDs. They are extremely effective at removing malware from a computer.
    Below are three highly recommended bootable antivirus CDs. I recommend using Kaspersky Rescue Disk.
     Kaspersky Rescue Disk (230 MB) - How to create and use Kaspersky Rescue Disk
     Avira AntiVir Rescue System (240 MB) - How to create and use Avira Rescue CD 
     Dr.Web LiveCD (180 MB) - How to create and use Dr.Web Live CD
    1. Burn the antivirus ISO file onto a CD using CD burning software.
    2. Insert the CD into the infected computer's CD-ROM drive.
    3. Enter the computer's BIOS, set it to boot from the CD, and reboot the computer. How to Boot from a CD
    4. Scan for and remove malware using the bootable CD.
    If the bootable CD doesn't work, follow the instructions mentioned above in the Expert Analysis section.


    Your computer should be completely cleaned of all malware after following this guide. If you believe your computer is still infected, seek professional help to remove the malware. If you like this guide, please share it orleave a comment.
    Once your computer is free from malicious software, keep it that way! Follow this security checklist step by step.

    Common Computer Malware
    The following is a list of malware that many computer users encounter.
  • Smart Fortress/HDD 2012 (Fake antivirus)
  • Live Security Platinum (Fake antivirus)
  • ZAccess/Sirefef rootkit (Google redirect virus) Removal tool: Yorkyt by Panda or FixZeroAccess by Symantec
  • Tidserv/Alureon rootkit (Google redirect virus) Removal tool: Kaspersky TDSSKiller
  • Exploit.Java.CVE
  • DNS Changer malware

    Notable Links 
    Last Updated: June 28, 2012
    © 2011 Brian Meyer

    Service Spotlight

    • Search Engine Optimization

    SEO (Search Engine Optimization) Every time you turn around, there’s something new you have to know about on the internet. Think about it, there was a time when you knew every song on every album and what every make and model was driving down the street. Well, those days are OVER. But we are here to help you with the internet.

    Las Vegas Web Design and Las Vegas Marketing Services can find ways of optimizing your site, finding valuable links, getting you added successfully to Local listing tools like Google, Yahoo, MSN and much more. We can tailor make a plan for as little as $99.00 per month guarenteed. This also includes the management of your Pay Per Click Advertisements.

    Read More About SEO

    Member Login