How to Cure Malware infection Part – 1 Using AV/AT software
The first step in dealing with spyware is knowing it's there. Get familiar with your program files, open "Add/Remove Programs" from your control panel. Go through the list of programs and you just might catch a spy. If you recognize a known malware program, don't panic! Try to find out as much as you can about the software before deciding to delete it, as removing the wrong program or removing a program incorrectly can cause more problems than the spyware itself. Many people think that by uninstalling an application that came bundled with malware will remove the malware from your computer as well. This is not always true. To remove malware effectively you need to download a program or two that scans your hard drive, detects the malware, and then removes it.
These Anti-malware software will clean up your registry from the malware and works great in pair with the Firewall. Once you've removed the identified spyware and the adware, the Firewall won't let them back in, if used in tandem. So it is much easier to automate cleaning your machine with a program especially targeted to do so.
Why not remove it manually?
It's possible, but not recommended as it can be very daunting and potentially destructive to your computer system since many of these programs go to great lengths to hide on a users system. In most of the cases there are additional components which remain hidden on your hard drive and which may try to reinstall themselves and continue to send out information. Removing these adware/shareware programs can be very difficult and sometimes complicated as they leave behind stuff you can't get rid of, buried in places all over the registry. To clean it means tearing down the registry and knowing what files to look into.
Where to start & How to proceed?
Now, time to see how to actually clean up the PC of malware. The following instructions assume that you suspect that your system is infected by an unknown malware from the symptoms that were similar to those given in the earlier post and you have not run any spyware removal program. Also bear in mind that some adware and spyware have uninstallers, some others have uninstallers that can be downloaded from the vendors web site. If you know the name(s) of the malware afflicting your system, check the Add/Remove Programs section of the control panel or the respective pest's website for removal instruction. The recommendation is to follow the instructions below even if you have used their uninstallers, which is supposed to remove them completely but seldom does and in worst cases they install further malware.
Let's do it step by step.
Step-1. Reputed anti-virus programs are foremost in any Malware removal procedure. If you have anti-virus software (like Norton, Mcafee, AVG, Avast.. etc.,) installed in your system , please update it with their latest definitions and perform a full scan. If any malware is found, notedown the name of the malware and quarantine or delete it.
Step-2. Optionally or if you don't have any resident anti-virus scanner installed in your system, perform an online virus scan from any of the links below.
- Panda Activescan
- eTrust Antivirus Web Scanner
- BitDefender Scan Online
- Symantec Security Check
- McAfee FreeScan
- Dr.Web Online Check
If any malware found, note down the name of the malware and let the online scanner fix it.
Step-3. Optional step: Online Trojan Scan. Nearly all of the virus scans also scan for trojans, but a dedicated trojan scan will definitely do the job better. There are very few online trojan scanners. They can automatically remove trojans or prompt you to remove them or you can also set it only to generate a report about the trojans found.
There are dedicated trojan scanners available for download, which can also be used for scanning.
This works only in Windows XP and 2000. "This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times."
The plus version has features like real time monitoring, scanning within archives, automatic updates etc.
"This program contains only the basic scanner. Background Guard, Automatic Updates and other advanced features are only available with a² Personal".
The following are widely believed to be two of the most powerful trojan scanners available in the market, but they don't come free. They offer un-crippled trial versions good for 30days.
(Note: The TDS software line was discontinued with effect from 22nd July 2005. Currently ewido seems to be doing well not only on the Trojan side but also on the Spyware front.)
The trial version must be updated manually following the instructions below:
Close TDS if it is running.
"Download the latest RADIUS database: Latest Radius.td3 (Important: Right-click and choose Save Target As)
Save the downloaded radius.td3 file to your TDS directory, over-writing the existing radius.td3"
You can then start TDS and it will load the new database. Please note the reference count to see if you are up to date, if TDS-3 warns you to update, dont update again
Please note to update the definitions manually before scanning, by following instructions below:
Download the latest ruleset following instructions in their homepage. How do I manually update the TrojanHunter rule files?
"Finally, extract the files in the zip archive to your rule file base directory (this will usually be the directory where you have installed TrojanHunter unless you have changed it in the Options page in the scanner). If asked whether you want to replace existing files with the same name, answer Yes. You now have the latest update installed, but you must restart the Scanner and Guard before the new update is loaded"
The steps 2 and 3 are optional to run at this point, if you choose not to run now I recommend that they may be run after cleaning with Spybot S&D, Ad-aware, Microsoft Anti-Spyware and HijackThis to make absolutely sure that your system is 100% clean.