Removing malicious software from computers running Windows has become a routine part of what I help many of my customers with. Some of this is so routine that I am comfortable with the user performing these steps themselves. In many cases the following steps will clear up the infection and restore the computer back to working condition.
The computer needs an active working Internet connection to perform these steps. Sometimes the Internet is actually working even if the browser (e.g. Internet Explorer, FireFox, Chrome) is not. If the browser is working then download the application ComboFix from this Website, under files (top right) saving it to the Desktop – please save to the Desktop and don’t simply run the program from the browser.
If you cannot use a browser on the computer (malicious software often disrupts the browser from being used) you can try to download from another PC and copy to a USB flash drive. Then copy the file to the Desktop of the infected machine from the flash drive.
If you know how to disable your Anti Virus software then it is highly recommended that you do. File protection, or active scanner needs to be disabled as well as any firewalls related to your security suite – if using one. You need not disable the Windows Firewall. If you are unable to disable these then you may try ComboFix anyway – your mileage may vary.
Execute (double click) ComboFix from the Desktop of the infected machine. Click okay to the message about it not being affiliated with xxx Website etc… and allow the program to access the Internet (If your firewall asks). If the Microsoft Windows Recovery Console is not already installed on your computer then allow ComboFix to install it for you. This application is sometimes needed depending on the type of infection.
After confirmation of the Recovery Console ComboFix will begin a scan of many (50+) parts. Do not try to run any other software while it is doing so. You may notice that your screen goes blank, or the computer may even restart. Login if needed, but ComboFix will auto start to finish it’s routines automatically. Allow it to do so.
When complete, ComboFix will open a log file in Notepad detailing what it found and the actions taken. Don’t worry, I don’t understand most of it either.
You are not done.
Next, download Malwarebytes by clicking the link on this site under Files (top right). This opens a new window and takes you to Download.com Don’t be fooled by advertising banners on Download.com with “Start Download” buttons on them. Click the “Download Now” link on the left side of the screen under the green text “Malwarebytes Anti-Malware x.xx”
Install, Update and Run the program choosing the “Quick Scan” option. When Malwarebytes is finished scanning it will display a “Show Results” button, click that and click “Remove Selected”. When complete the program will show a log in Notepad and may request that you restart your computer – answer yes.
Now, re-enable your security software and cap the above activity with a scan using your resident antivirus software. Be aware that some antivirus software becomes compromised by malicious software. Usually the user is unable to complete the above when this is so and your computer really needs a visit from a computer professional. If your antivirus software will not update properly try reinstalling it, updating it and scanning.
In most cases this will save you the hourly service call I make to remove the threat from your system. Sometimes the malicious software will thwart the downloading of the two programs above, or keep them from running once downloaded. In these cases you might need professional assistance because threats this invasive can be more of an art than a science to completely remove.
If I don’t have success downloading or installing the above software, I may boot into Safe Mode with Networking and perform at least the ComboFix portion from there.
Happy Computing!
