Infecting your PC is all too easy. Even if you have an up-to-date, active antivirus you might still accidentally click on a link you shouldn’t and within a few seconds you’ll be in malware up to your ears. Each case is a world unto itself as there’s loads of malicious software out there with different infection systems. Nevertheless, there’s a series of basic, generic steps you can take to disinfect your PC.
Prepare for disinfection
The first thing to do is download and install the programs you’re going to need, whether from the computer itself or through an external device via a USB drive. Concretely, the software you’re going to need is:
- MalwareBytes Antimalware [Download]: Currently the best disinfect tool you can find and whose free version contains all the tools you’ll need.
- RKill [Download]: An essential program that can unblock malware processes so that other security software can run and clean your computer.
- CCleaner [Download]: For your purposes this is perfect when it comes to clearing your register of old keys and other debris after the battle.
- ADWCleaner [Download]: A good remover for rather more specific malware such as hijacking software, toolbars, and adware embedded into your browser.
- ESET Online Scanner [Download]: An analysis tool with a definitions database and scan system that run online. Ideal for checking that everything’s been cleaned out after everything is done.
It might be a good idea to disconnect your Internet during the process, but before doing it you’re advised to run MalwareBytes to update its virus definitions base to the most recent version. A few seconds after it opens you’ll get a popup window that suggests you install the most up-to-date version of the application. With regard to the database, clicking on the Update Now section in the Menu tab will bring you up to date. The analysis itself we’ll leave for later.
To try to get around at least some of the malicious processes off the bat, you should start Windows in Safe Mode. In Windows 8 and 8.1 this option is rather hidden, but luckily we recently did a post on the blog on how to start it.
Stop malicious processes
Okay, so now we’re in safe mode. If you haven’t done it, you should disable your WiFi or cable connection to isolate the problem. We’re going to start to cross problems off our list. We start up RKill to stop all the resident processes and keep them from becoming invisible to your antivirus or directly prevented from launching. Click on the .exe file and in a system symbol window you’ll see the result of the analysis.
The next step is to check whether some software has been installed without your consent. To do so you’ll go to the Add and Remove Programs from Windows section, or better still, open CCleaner and go to Tools > Installed programs. You should sort your installed programs by date of installation and check the most recent ones. Get rid of all the ones you deem suspicious. While you’re in CCleaner it’s also a good idea to go to Tools > Startup and have a look. Never fear, there’s practically nothing indispensable here and you’re not going to ruin anything if you deactivate something.
Proceed to the disinfect phase
Now you open MalwareBytes, and go to the scanner tab, where you’ll click Analyze Now. After a few minutes you’ll see a final message where, if you click the Accept button, you’ll see a report of the detected elements. You’ll tick all of them and then click the lower Remove Selected button. If it asks you to restart, make sure you postpone it as you still have things to do.
In the case of disinfect tools it’s always a good idea to use more than one (note that I mean malware detectors, not antiviruses with resident protection, as the latter usually provoke conflicts amongst themselves if you install more than one). We’re going to use ADWCleaner, whose process is very similar to the one we’ve just done with MalwareBytes. You’ll start the program, click the scan button, and after seeing the results you’ll click the Clean button.
Before proceeding to restart it’s a good idea to look over your browser, as that’s probably where the infection came from in the first place. Each case is unique, but often the program is solved by resetting the browser to its default to reverse the possible installation of a malicious extension or any change made to the normal start page.
Check your computer is clean
So: are we good? Whether you have an antivirus installed or not, you’re going to use ESET Online Scanner to check your current status, as this useful online analysis tool updates your database and does the scan during the install process.
If no threats show up you can probably breathe easy, but if something shows up or something about how your computer is running makes you think things are still wonky, you might have to use more specific tools like ComboFix or Junkware Removal Tools – though at this point it might be advisable to ask for help in specialized communities like the InfoSpyware forums, where you’re sure to be asked for the reports registered by the tools you’ve been using to take specific measures.
Clear out the debris
Last of all, we leave everything how it was before, and for that CCleaner’s registry cleaner and temporary file remover should do the trick perfectly. Likewise, it might be a good idea to uninstall ADWCleaner and with it the items in quarantine that it has sequestered. In the program itself there’s an Uninstall button that will take care of that for you.