Virus Removal Tips and Tricks

The web is a wonderful place with lots to offer, but it’s also deceptively dangerous. Merely visiting a legitimate website that’s been hacked can lead to an infection. It’s important to be proactive in protecting your PC from malware. It starts with smart computing habits, things like never clicking on hyperlinks in emails, and continues with software-based solutions to shield yourself from the web’s nasty bits. We’re going to recommend some options, both free and paid, but first let’s go over how to clean your PC from even the most persistent malware outbreaks. You know, the kind of mess that your less savvy friends and family turn to you for help in cleaning up.

Not all malware is super sophisticated or hard to remove. Cybercriminals looking to make a quick buck view it as a war of attrition, and if they manage to infect enough PCs, even simple malicious programs can be effective in duping enough users to make it worth their time and effort. With that in mind, see what unwanted programs might be residing in the Programs and Features section of the Control Panel.

Uninstalling malware is sometimes as simple as uninstalling it just as you would a legitimate program or game. That’s especially true when it comes to things that blur the line between a malicious program and one that won’t do you any harm but is still annoying (trialware and other bloat). If you suspect something is on your machine that shouldn’t be there, or you’re cleaning out mom and pop’s laptop, head to Control Panel > Programs > Programs and Features and survey every entry for anything that doesn’t belong.

You’re more apt to find bloatware in there, things like toolbars and screensavers that might have crept their way onto your system by being bundled with a legitimate program. However, outright malware can show up here as well. Be on the lookout for entries you don’t recognize and/or random filenames containing a string of characters. For example, if you see something labeled “kyThTGqb,” it’s probably malware. When in doubt, look it up in your search engine of choice before removing.

Once you’ve gone through a bit of housekeeping and attempted to manually evict malware, if it persists, you need to bring out the big guns. Arguably the biggest of all (and easily one of the most popular) is Malwarebytes.

Malwarebytes does a great job at sniffing out malware and all sorts of unwanted programs, even ones that your daily antivirus software might miss. It’s also free to use unless you shell out for the paid version that has a few more bells and whistles. For removing malware, the freebie version is all you need.

Download and install Malwarebytes. It should ask to update itself the first time you run it. Let it do that so it can scan for malware with the latest definitions. Once it’s updated, scan your system. This can take anywhere from a minute or so to several hours, depending on how much data Malwarebytes has to sift through and what type of storage scheme you’re running (it takes longer to run Malwarebytes on a hard drive than it does a solid state drive).

If Malwarebytes finds any malware, go ahead and remove it. Reboot your system and run the scan again to see if any of the previous malware returned. If so, the fight isn’t lost—keep reading..

Free, https://www.malwarebytes.com/

Sneakier bits of malware either won’t appear in the list of programs and applications you can uninstall, or won’t allow you to remove them. Either way, the next course of action is to stop them from loading when Windows boots.

In Windows 10, bring up the Task Manager (CTRL-ALT-Del > Task Manager) and select the Startup tab. You’ll see a list of all the programs Windows loads right off the bat. If you’ve identified a startup program as malware, right-click and select Disable. This will prevent Windows from automatically loading the offending bit during boot.

If you’re still on Windows 7 or Vista, press the Windows key and R at the same time and type msconfig in the Run window. You can also type msconfig in the search box. This will bring up the System Configuration utility. Click on the Startup tab and uncheck any programs you don’t want to load when Windows starts. Click Apply and restart your system when prompted.

The most persistent malware has a tendency to reappear even after you’ve disabled or uninstalled it, or at least you thought you did. Chances are there’s a registry entry calling the malware back into action. You need to nuke the entry to truly rid your system of the pesky program.

Word of caution before proceeding—mucking around in the registry can cause all sorts of problems. If you delete the wrong entry, Windows might start acting wonky or even fail to boot altogether. So, be extra careful.

To get into the registry, type regedit in the Cortana search bar in Windows 10. In previous versions of Windows, click Start and type run in the search box, then type regedit in the Run windows. Before you go any further, make a backup of your registry. You can do this by going to File > Export and selecting a name and location for your backup.

Now that you’re in the registry and made a backup, it’s time to annihilate any malware entries. You’ll need to know the name of the offending program to do this. Let’s say the malware you’re trying to remove is a fake antivirus program called ProtectMyPC. Click on Edit > Find and type ProtectMyPC in the search box. Make sure the keys, values, and data boxes are checked and click Find Next. The registry will scan itself for entries with the keyword you typed. When it stops and highlights an entry, right-click it and select Delete, then press the F3 key to continue the search. Rinse and repeat until all references to the malware are eradicated, then reboot your system.

Some programs walk a fine line between obvious malware and simply an unwanted program, like several forms of adware. Maybe Aunt Mabel is having trouble surfing the web because her browser is cluttered with toolbars and other cruft that keep redirecting her searches. You can try removing add-ons and extensions one-by-one, but for a particularly neglected system, it’s easier to just start from scratch.

To reset Chrome back to its default settings, click the menu button (those three stacked dots in the upper right corner). Go to Settings. At the bottom of the page, click on Show advanced settings… then scroll down to very bottom. There should be a Reset settings button. Click it and off you go.

In Firefox, you can get a fresh start by typing about:support in the address bar. This will bring up a support page. Click the Refresh Firefox button.

Using Internet Explorer? You can reset Microsoft’s built-in browser as well. In IE, select the Advanced tab > Reset. In the Reset IE dialog box, select Reset.

As much as we like Malwarebytes, there’s no one single program that’s 100 percent effective at detecting and removing all malware. It’s best to get a second opinion, and that’s what Hitman Pro provides. Like Malwarebytes, Hitman Pro is free so the only cost to you is your time. And like Malwarebytes, there’s a paid version that adds some extra goodies, though for removing malware from an infected system, the free version is sufficient.

After running Hitman Pro, don’t be alarmed by the results. We ran it on a clean system and it detected 474 items. That sounds scary, but they were all cookies, some of them useful and others we can do without.

The more important thing to pay attention to is the number of identified threats. These are the entries that are likely to be malware and should be removed. Click Next and follow the prompts to let Hitman Pro assassinate malicious programs from your PC.

Free, http://www.surfright.nl/en/hitmanpro

Malware comes in many forms and one of the most nasty kinds is a rootkit. A rootkit embeds itself deep within the operating system where it gains access to areas that it has no business poking around, giving itself admin level access to your PC and network. And not only are rootkits especially harmful, they’re notoriously tough to detect as they’re able to evade many AV programs.

In addition to scanning for malware with programs like Malwarebytes and Hitman Pro, you should use a dedicated rootkit scanner to look for rootkits. The one we suggest is Kaspersky’s TDSSKiiler. It’s free, doesn’t require an installation, and fast—it typically takes less than 10 seconds to scan a system. Whether or not you suspect an infection, it’s a good idea to routinely scan for rootkits (once a month). It’s like looking for monsters under the bed—you hope never to find one.

If you’ve gotten this far and still suspect malware, things are pretty serious. That’s okay, because HijackThis is a serious tool that can uncover even the most stubborn malicious software, along with remnants that might have been left behind from previous attempts to uninstall. It scans your registry, running services, browser entries, and more.

It’s important to note that HijackThis doesn’t discern between good and bad entries. That means it’s going to detect a whole bunch of items. It’s up to you to figure out which ones shouldn’t be there. If you delete a valid entry, it can have unintended consequences, such as preventing a program from running properly or even preventing Windows from booting.

To start with, fire up HijackThis and perform a system scan with the option to save a logfile. When it’s finished, HijackThis will jot the results down in a Notepad file and automatically open it for you. Unless you really, really know what you’re doing, you should seek help in deciphering all the entries HijackThis found.

One way to do that is by copying and pasting the log file into a support forum for others to analyze. BleepingComputer.com is a popular portal for this kind of thing.

There are also online services that you can post your log file contents to for an instant and automated analysis. Some of the more popular ones include HijackThis.de, HijackThis.co, and exeLibrary.

Free, https://sourceforge.net/projects/hjt/

Sometimes it’s just easier to start over. Having to reset or reinstall Windows isn’t the preferred choice if it can be avoided, but if you’ve spent hours trying to weed out every bit of malware only to have it reappear, save yourself additional time and frustration by going with a fresh start. The upside to starting fresh is that you don’t have to worry about any malware remnants being left behind. This is especially true on a badly infected system, the kind that your Uncle Ray drops on your doormat with a note promising to buy you a beer if you can make his system fast again. Sure, you might be able to eliminate 99 percent of the malware he managed to infest his machine with, but what if that remaining 1 percent is a keylogger?

Windows 10 makes it easier than ever to get a fresh start. Just type Reset in the Cortana search box and click on Get Started under the Reset this PC heading. You then have two options—to keep your personal files but remove all apps and settings, or remove everything, including all of your documents, photos, and so forth. Unless you have reason to believe that your personal files have been compromised, you should be fine to keep them during a Windows reset.

It’s important to know how to remove malware from an infected system, but avoiding infection in the first place can save you a lot of time and frustration. Smart computing habits will carry you a long way:

*Never click on links in emails or instant messages (type the address directly into your browser)

*Don’t open unexpected email attachments

*Steer clear of seedier sides of the web, such as those that purport to offer paid software for free

*Only download files from trusted locations

*Keep your system and software up to date

Unfortunately, being cautious with your online behavior isn’t always enough. That’s where periodically scanning with Malwarebytes can help, but on top of that, antivirus software adds a layer of protection between you and malware.

Windows comes with a built in AV called Windows Defender, and while it’s better than nothing, it’s not the best out there. If you want a higher level of protection without spending a dime, look at Avira. The free version offers robust protection against various forms of malware and consistently scores high marks with independent testing laboratories, such as Virus Bulletin, AV-Test.org, and AV Comparatives.

Free, https://www.avira.com/

If you’re looking for antivirus protection with more amenities you’re going to have to pony up for a subscription-based package. There are several options out there—the one we recommend is Kaspersky Internet Security. It’s one of the most popular and well regarded paid AV programs, it tests well by independent third parties, installs fast, and and is relatively easy on system resources.

We also like that Kaspersky has a Gamer Mode. When enabled, Kaspersky disables some of its features while playing games in full-screen mode. It won’t leave you unprotected from viruses, but Gamer Mode will stifle notifications so you’re not interrupted during a boss fight or raid.

$50, http://usa.kaspersky.com/products-services/home-computer-security/internet-security/

Savvy users can debate all day long about which browser is the most secure, but no matter which you decide to surf the web with, you can protect yourself further with Sandboxie. This nifty, lightweight utility runs your browser and other programs in an isolated, virtual space. Should you encounter a drive-by download, Sandboxie prevents the malware from spreading to other parts of your system similar to how a virtual machine operates.

Once you install Sandboxie, you can choose to browse or open a program in an isolated environment whenever you want. To do so, click on Sandbox > DefaultBox > Run Sandboxed and choose the action you want to perform, such as Run Web Browser. Any program that’s running inside Sandboxie’s isolated environment will have a glowing yellow border around it.

Free, http://www.sandboxie.com/