The Ultimate Malware Removal Guide

Share and earn Cybytes
Facebook Twitter LinkedIn Email

For the past few days, you’ve noticed how your PC’s doing some strange things. For one, it’s a lot slower than before. It takes longer to boot up and for some reason many programs seem to crash or freeze up, even if they didn’t do that before.

After a few more days, pop-ups start to appear randomly in your browser. Even your homepage has been changed.

If you’ve been having these sort of symptoms and others like it, then there’s a very high chance your device might be malware infected. It’s certainly not a fun experience, but there are ways to fight back against the malware and take back your PC.

So how do you remove malware? Let’s not waste time and find out.

0.   Backup your documents and files before you start to remove the malware [OPTIONAL]

If you have a deep and severe malware infection, consider backing up your important files and documents. That’s because many malware programs might damage your system and delete important files if it senses a removal process taking place.

We strongly recommend you backup your files on an external source, such as a DVD/CD’s, USB sticks or external drives.

Backing up files and documents on cloud solutions such as Google Drive or Dropbox runs the risk of exposing your personal account information to keyloggers and screen grabbers.

Usually, the files you’ll backup such as Word documents, photos, videos and so on, will be clean. That’s because malware programs are just that, programs, and in order for (most of) them to launch an infection you need to run them.

Even so, if you want to be sure you don’t re-infect yourself with the backup, we recommend you use some of these specialized tools to scan the backup before you reuse the information.

1.   Start your PC in Safe Mode with Networking

The first step you should take is to boot up your PC in Safe Mode with Networking. This will make Windows boot up only critical processes, and prevent some malware ones from starting up. This gives you access to the PC in case of a severe and deep infection.

Here’s how you can get into Safe Mode on Windows 10 and 8, as well as older versions of Windows, such as Windows 7/XP.

2.   Clean your temporary files 

To make the scanning processes quicker and simpler, you’ll need to clear up unessential temporary files from your PC.

To do this, simply right click on a windows drive, such as C:/ or D:/, go to Properties, and go do Disk Cleanup. From the menu, choose which file types you want the cleanup to delete and remove.

3.   Here are some of the best free malware removal tools

In order to clean up your PC, you’ll need some specialized software to find and clean up the malicious scanning tools. Here’s a list of all the software you’ll need over the course of the cleanup. We’ll cover them more in-depth once we get to use them.

All of these programs are free, and most of them are fairly small in size, under 100 Mb. Some of them however, such as Malwarebytes 3.0 and HitmanPro have full functionality available only for a trial period.

These are some of the best malware removal programs out there
Click To Tweet

4.   Use Rkill to freeze and stop any malicious processes

Many malware programs have built in survival measures. These are used to detect installation and activation of various security products such as antivirus or anti-malware software.

Rkill will bypass these measures and kill the malware processes, allowing you to install and use all of the other malware and adware remover tools we’ve mentioned above.

To use Rkill, simply download the program and run it. But be sure you don’t turn off or restart your PC after that, or else the malware processes will start again.

5.   Kaspersky TDSSKiller is a free malware removal tool for Windows

Rootkits are nasty types of malware that boots up at the same time as your PC and hide the activity of other malicious software. Rootkits will even gain administrator rights in order to provide deeper access to other types of malware. For this reason, rootkits are difficult to find and remove.

Kaspersky TDSSKiller is one of the better rootkit removal software out there. Thankfully, it’s free and easy to use. Simply download and follow the 3-4 steps required to start the scan and run the rootkit removal.

6.   Start removing malware with Malwarebytes 3.0

Malwarebytes Anti-Malware will scan and remove malicious software you have on your PC. It’s a free program, with a small 55 Mb installer and has a 14 day free trial with full features such as malware removal, ransomware protection, rootkit killer and even a repair function for any damaged files.

Use the “Scan now” feature and be sure to remove and kill any malware the product identified.

7.   Use ADWCleaner to remove any browser malware you might have on your PC.

ADWCleaner is a product that specializes in removing adware and browser hijackers. This includes corrupted toolbars, adware and other type of malware that have infected your browser.

This is an important step since an infected browser might try to download other malware programs on your PC.

8.   Junkware Removal Tool will clean up any leftover software on your PC.

This free malware removal tool will cleanup any leftover malicious software, and also clear up any remaining junk data used by the malware.

9.   Use HitmanPro to do a final double check for any remaining hidden malware

HitmanPro is an excellent second opinion scanner designed to find and identify malware programs other security products somehow skipped.

And best of all, it’s free! Just like all the other programs mentioned in this article. However, its full features are only enabled for a 30 day trial period, after which you will need to purchase the full license.

10.  Reset your browser settings

Malware will often change your settings in order to facilitate more malicious downloads. For this reason, you should review some of these settings, particularly your browser ones.

Fix any browser shortcuts the malware might have altered

First, Right click on your browser and then go to Properties.

Under the Shortcut tab you will see a Target field.

The malware might have altered the target field and included a URL in it. So what happens is that now your browser will start up on this page each time you boot it up.

In normal use, the browser target should look something like this:

Chrome: “C:Program Files (x86)GoogleChromeApplicationchrome.exe”

In our example case, the browser was targeted to go to a suspicious website, designed to download malware on your PC.

To fix this, simply remove the URL that comes after .exe”.

Browser hijackers will change your homepage

Instead of changing the “Target” field in the “Shortcut” tab, some malware will simply modify your browser homepage.

Chrome browser: Go to the Settings button in the top right corner of the browser. Once there, go to the On startup section.

The first two options don’t have any homepage whatsoever, so you can go ahead and select either one of those.

If however, you want to have your own homepage, then check the option to Open a specific page or set of pages and then click on Set pages. This should take you to this window where you can add or delete malicious links sneakily set as homepage.

Settings for Firefox: You can access the Options menu in the top right corner of the browser. This will immediately take you to the General tab, where you can reset your homepage as you see fit.

Double check your proxy settings

Some malware can even change what Internet server you use to connect to the web. Simply removing the malware won’t reset these proxy settings, so it’s something you should fix before considering your PC squeaky clean.

To access your proxy settings, first go to Control Panel, then Network and Internet and finally press Internet Options.

In the Internet Options menu, go to the Connections tab.  Press the LAN settings button.

Make sure that Automatically detect settings is checked in, and that the other two options, “Use automatic configuration script” and “Use a proxy server for your LAN” are empty.

Ideally, your settings should look like this:

11. Things to do after the malware cleanup

Your PC is now cleaned up, but it’s impossible to know just how much damage the malware might have caused. Some malware programs operate stealthily, and don’t visibly affect your PC. Instead, they may collect personal information of yours such as passwords, credit card data, completed forms and screenshots.

Here are some measures you should follow to limit any damage from such data leaks.

Here’s what you should do AFTER a malware infection.
Click To Tweet

Start using two-factor authentication and change all your passwords

If among other things you were also infected with a keylogger, then there’s a high chance your passwords and accounts were compromised.

That’s why you should urgently change all of your passwords, before the malicious hacker has a chance to exploit them and lock you out of your accounts.

Secondly, start using two factor authentication to add another layer of protection to your account.

Keep your software updated

Outdated software are a major cause of malware infections, mostly because they come with many vulnerabilities exploited by cybercriminals.

Keeping your software permanently up to date will greatly limit any windows of opportunity a malicious hacker might have to infect your device.

We know it can be a chore to constantly update your software, particularly those that patch frequently. But our own Heimdal FREE will automatically update your software, without any annoying confirmation pop-ups. It’s light and unobtrusive, so it won’t slow down your system.

Use a good antivirus

An antivirus is a must-have piece of software if you want to keep your device safe and information secure. The real trick is to find the right one for your needs.

Once you’ve decided on one, be sure to keep it updated at all times. So that any vulnerabilities it might have are patched while also keeping an updated malware database.

A traffic filtering solution will keep a lot of malware away

Cybersecurity would be easy if an antivirus could detect 100% of malware out there, but it can’t. Fileless malware and some rootkits are so well programmed and obfuscated, they can be nearly impossible to detect.

traffic filtering software will nicely complement an antivirus, since it scans incoming and outgoing traffic for any malware, and then blocks that traffic from entering your PC. In other words, the malware never reaches your device.

We believe our own Heimdal PRO is a great security program for the job, and will guard your traffic to make you don’t get infected and also don’t leak personal information.

A few cybersecurity tips & tricks to help  keep you safe in the future

There’s a saying in the cyber security industry: “The best antivirus is you”. Not even security software can keep you safe if you keep putting yourself in harm’s way.

Here’s an in-depth list of articles on what types of threats lurk on the Internet and how you can keep yourself safe against them.

What other malware removal tools have you used?

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Heimdal Security
We protect users and companies from cyber-criminal actions, by keeping confidential information and intellectual property safe. We build products focused on proactive cyber security and we dedicate a big part of our efforts to cyber security education for everyone.
Promoted Content
Expert Roundup: Is Internet Security a Losing Battle?
A while ago, one of our readers asked us to answer the following questions: Is Internet security a losing battle? How come companies are always 1-2 steps behind the fight? How can the bad guys respond so fast?That reader is certainly not the only one with this issue on his mind. Many Internet users feel discouraged by the current state of cyber crime and its consequences, and the rest don’t yet understand why they should care about it. We wanted to do something to change this.Naturally, users like you and me are not the only ones who wrestle this dilemma. Within the industry, cyber security experts are deeply involved in studying the causes and changes which have brought us to this point so they can create better solutions. Each of these experts brings a different perspective to the discussion, because no single person can ever claim to have the full picture.That is why we reached out to some of the most experienced cyber security specialists in the field to gather their thoughts on the topic. We believe that the questions we received are justified and they deserve an honest answer. And you will find plenty of them in the article!

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge



We recommend always using caution when following any link

Are you sure you want to continue?