Wednesday, September 02, 2009

How to remove malware from Windows

The malware pandemic seems to be a given in the Windows world. Nowadays, finding a Windows machine without any form of malware (trojan, worm, keylogger, rootkit, spyware, etc) is exceptional. As such there's a real need to have a set of procedures that can deal with most scenarios, I think. This post is essentially the steps I've found useful to me when dealing with malware.

There's a lot of literature on how to do all of this online as it is, so I'll not get into the details. Think of this as simply a "distilled guide" on malware removal procedures.

First, the preparatory steps to minimise trouble when dealing with malware. Some of the stuff we see nowadays can be really nasty will make use of valid tools to help keep them on the system so, we'll need to get these out of our way temporarily while we do our work.

1. Disable System Restore on Windows ME/XP/Vista machines.
2. Clear out temporary files using Disk Cleanup. Better yet, use nCleaner or CCleaner.

Next, comes the actual cleanup work.

3. Run FProt scan from Ubuntu LiveUSB. Some viruses hide themselves well, so cleaning the out from a neutral system is much simpler. Some may prefer the more user friendly Bitdefender for Unices (free for personal use).

The next part involves Windows-based tools. After cleanup with antivirus is completed, it's a good idea to do additional cleanup from within Windows since the registry can't be accessed from Linux, at least for now.

4. Do a quick scan with Malwarebytes' Antimalware, again free for personal use.
5. Run Windows Malware Removal Tool to clear out the most common and prevalent malware out there.
6. Run an online scanner. I usually go for Eset and Bitdefender.
7. Scan with Spyware Search & Destroy. Remove any spyware it finds.

After removing any malware on any system, it's always nice to do a little bit of maintenance work to get things back in order. If you've got a malware problem then it's likely you haven't been doing maintenance on the computer for some time, so now's as good a time as any:

8. Re-enable System Restore and create a new restore point.
9. Update Windows.
10. Defragment all local hard disks.

There's lots more info available @ Grand Stream Dreams, so be sure to check it out.

Related posts:

Technician's toolbox - malicious software removal tools
Bitdefender on Ubuntu
F-Prot on Ubuntu LiveUSB