This thread provides information on malware removal, links to malware removal tools, and recommendations & links to anti-virus software. The intention of this thread is to provide quick and accurate support for malware-related issues and questions.
Many people here are willing to provide assistance if you're having computer problems, and this thread is not meant to discourage people from asking for help.... but, please read the information provided first, or else there's a good chance you'll be sent
here,
here, or
here . We aren't Geek Squad, so while we won't grossly overcharge you for information and advice, we also aren't responsible for anything you do to your computer.
Also, feel free to make suggestions on the content of this post, and I'll try to keep it up to date.
Research
A lot of information can be found at this
EliteKiller link, including...
- Links to recommended malware scanning & removal tools, including the Rogue Removal Kit (which includes combofix), malwarebytes (aka MBAM), and Hitman Pro.
- A link to HiJackThis, which creates a log of registry entries, running services, etc; that can be posted here for additional support.
- Reviews, recommendations, and links to antivirus software, on-demand scanners, and online scanners.
- Information on firewalls and unsecured networks, as well as malware/virus prevention.
Malware removal
If you think your computer is infected, the EliteKiller link provides a thorough solution. Simply put...
The Rogue Removal Kit is is a zipped file that includes malwarebytes, CCleaner (a registry cleaner that will also delete temporary files), Combofix, Hitman Pro, and HiJackThis (HiJackThis is optional, see below). The instructions guide you through running these tools in Safe Mode With Networking; then running malwarebytes and an online scanner in Normal Mode.
Some people don't recommend running Combofix unless you're fairly certain you need to use it, but I've never heard of people having major problems with it.
Here's a list of symptoms to Vundo infections, which may help determine if you need to run Combofix. You can also
look here to see instructions with screenshots on how to use Combofix.
My two cents on downloading anti-malware software...
- Download it from another computer if possible, or from Safe Mode With Networking on the infected machine.
- The elitekiller article mentions downloading the software to a USB drive. Do not download the software to a USB drive on the infected machine if you're not in Safe Mode, or else you risk infecting the USB drive and other computers you connect the drive to in the future.
To get into Safe Mode With Networking, press F8 every couple of seconds while the computer is starting (before the Windows splash screen). If you see the Windows splash screen, you will need to try again. The safe thing to do is log into Windows, restart, and try pressing F8 several times before seeing the Windows splash screen. Alternatively, my advice that falls into the category of “what I'd do if it was my own computer, but wouldn't tell someone to do it if I worked in tech support” would be, if you didn't get into Safe Mode the first time and you're at the Windows splash screen, hold down the power button until the computer turns off. When you start the computer again, it should automatically ask you if you want to go into Safe Mode With Networking.
If you get a Blue Screen of Death after selecting Safe Mode With Networking, read the following posts on how to fix it:
http://blog.didierstevens.com/2006/06/22/save-safeboot/
http://blog.didierstevens.com/2006/0...ring-safeboot/
http://blog.didierstevens.com/2007/0...th-a-reg-file/
Still infected, or just want to make sure everything is okay?
HiJackThis is a tool that will create a log file that can be analyzed by geeks to see what is running on your computer. Install and run HiJackThis (preferably in Safe Mode With Networking), and select 'Do a system scan and save a log file'. You can then copy/paste the output to this thread, and with any luck, someone will stop by and let you know what you can delete. You can then checkmark the items in HiJackThis and click 'Fixed checked'.