How to Remove Malware

Identify the Enemy
Choose the Best Tools for the Job
Perform the Operation
In-Place Removal
Test and Cleanup

Used to, all you needed to do to remove a virus was to run the already-installed anti-virus software. Sadly, those days are long gone. There is a whole spectrum of malware out there that defies this simple solution. Nowadays, you need a strategy, the right tools, and a good working knowledge of your enemy. The following guide is by no means comprehensive, but it will be effective in the majority of your malware removal efforts.

Identify the Enemy

What, exactly, are you dealing with? Get to know the different types of malware. Doing so will help form your strategy and will determine what tools to use.

Choose the Best Tools for the Job
My favorite tools are:
  • CCleaner
  • Emsisoft Emergency Scanner
  • Malwarebytes

Before you get started, it's best to have all your tools downloaded to a thumb drive. Make sure you are using the latest downloads/versions of each tool for best results. Now, there are several ways to actually begin the removal process. Some folks advocate doing everything in Safe Mode. Others say you can get started right from Windows. This is where knowing your enemy will help you, because which path you take will be determined by the type of malware infecting the computer.

Perform the Operation
The most effective method that I have found is to totally remove the infected hard drive from the computer and slave it to a host computer using a USB to IDE or SATA drive adapter. This is an advanced method, and you must be comfortable digging around in the guts of a desktop or laptop computer.

Once the infected hard drive has been removed and slaved to the host computer, run CCleaner against it (but don't clean the registry, yet). This won't remove the infection, but it will help the Emergency Scanner run more efficiently by removing all the no-longer needed temp files, orphaned bits of data and other trash. Let CCleaner do its thing, and once finished you will be ready to do battle with the malware.

The actual removal process begins with running the Emergency Scanner against the infected hard drive. Begin the scan and then wait patiently. It could last anywhere from a few minutes to a few hours. Once the scan is complete, you will see a list of all the malware that was found. Place a check mark next to the nasties and then click "Quarrantine".

Run Malwarebytes in a similar manner just in case the Emergency Scanner missed anything (it usually doesn't).

Reinstall the hard drive back into its original computer. Fire up CCleaner again, cleaning the hard drive. In addition, run the registry optimizer portion of CCleaner to (you guessed it) optimize and clean the registry.

In-Place Removal
All of the above steps can be preformed without removing the infected hard drive, however, you may run into several problems:
the antimalware software will be blocked from running by the malware
the antimalware software will be blocked from receiving the latest updates
the malware will continue to reinstall itself

There are workarounds for these and other issues you may encounter and Google will be your best friend if these issues arise.

Test and Cleanup
You should have an infection free computer at this point. Be sure to remove any tools that were used to clean the computer (unless you were cleaning your own computer).

To fight today's malware, you need a strategy, the right tools, and a good working knowledge of your enemy. Use this basic guide as a starting point for your own strategy. Leave me your thoughts in the comments section below.

No comments (Add your own)

Add a New Comment


Comment Guidelines: No HTML is allowed. Off-topic or inappropriate comments will be edited or deleted. Thanks.