Malware Removal Procedure

This is NOT an end-all guide to removing your viruses and spyware.

However, using the procedure listed here will resolve 80% of malware-related issues, as well as help protect you from future infection, and works on all but the most stubborn and invasive of viruses and spyware. Removing viruses and spyware with this method will allow you to access your computer normally again.

This method is recommended only for Intermediate and Advanced users. Beginners should not install or use any of the programs listed and should instead see a professional service technician.

Step 1

Download, update and run ComboFix.exe from Safe Mode with Networking.

ComboFix is an invaluable program for removing rootkits, viruses and spyware and should be the first line of attack against any malware infection. Disable your active Anti-Virus and Anti-Spyware programs before running ComboFix, as they can interfere with the processes taking place or even quarantine ComboFix as a “virus” itself. If ComboFix warns you that a rootkit has been detected, take note of the filename for future reference.

DO NOT TURN OFF, RESTART OR OTHERWISE INTERFERE WITH YOUR COMPUTER WHILE COMBOFIX IS RUNNING!

When ComboFix has finished, skim through the log to check for infected system files and to see if ComboFix was able to resolve them. If a system file is listed and ComboFix states that it was unable to repair the file, you will need to repair this file manually by deleting the existing copy and extracting a new one from your Operating System Disc.

Step 2

Download, update and run MalwareBytes Anti-Malware from Safe Mode with Networking.

MalwareBytes is an anti-malware tool with high detection rates and that also repairs incorrect or suspicious registry changes, such as DisabledFirewall or DisabledSecurityCenter, etc. It’s also fast. Once you’ve completed a Full Scan with MalwareBytes, remove the listed items and restart your machine.

Step 3

Download, update and run SuperAntiSpyware from normal startup. (You cannot install this program in Safe Mode.)

The name is a little cheesy and even looks like it could be fake malware itself, but this one is legitimate and very useful for removing viruses and spyware. Run a Full Scan with SuperAntiSpyware to pick up anything the first two may have missed.

Step 4

Run GMER from normal startup.

GMER will analyze all currently running processes, active system files, active dlls and the like in search of rootkit activity. If anything suspicious appears on GMER, you will need to delete the file in question and replace it with a good copy from your Operating System Disc. This frequently occurs in atapi.sys, ftdisk.sys and tcpip.sys.

Step 5

Purchase, install, update and run a Quality Antivirus Program

Any of the programs listed at this link will do. The reason you were infected in the first place is because your first line of defense (active protection) against malicious scripts and software failed you, and will continue to fail you in the future unless you have quality antivirus and anti-spyware protection. In this industry, you get what you pay for — being cheap and sticking to AVG Free or your pre-installed AOL-version of McAfee is going to land you right back on this page in a month, and maybe in worse shape next time around. Prevent it in the first place with a solid paid program.

If you are still having issues…

If after completing this process in full you still have issues with your machine, you can either take it to a service professional or make a copy of your data, format your hard drive and reload your Operating System.