|
First and foremost, prevention is the best medicine. But assuming you're reading this because it's too late for that, I'll save the I-told-you-so's for my article on backups in the IT Consulting section of the site. It used to be that if you picked up an infection, a little electronic penicillin in the form of ad-ware removal tools and a good anti-virus scan could get you back in business. These days it's a little more dicey.
Malware has become so sophisticated, and embeds itself so deeply, that even your best efforts cannot guarantee a clean and secure system. Combine that with the fact that most of us use our PCs and the Internet for banking and shopping regularly, and it's almost not worth the risk to try to clean an infected system because you may never be completely confident that you got everything.
Here's my best advice: Wipe your system and start over.
That said, it's a daunting specter to imagine wiping out a system completely and starting over. So if you really want to try it and have weighed the risks vs. the benefits, here's my best advice: Wipe your system and start over. No? OK, then. Keep reading for my second-best advice.
Tools for Removing Viruses and Malware
The tools that I still like are the following:
- Hijack This! (Search download.com for the current version)
- Spy Bot Search and Destroy
- AdAware (Sometimes)
- BitDefender Anti-Virus Update: BitDefender is *not* free. I've started using AVG Free Edition for client PCs and it seems to work pretty well.
- (Update) MalwareBytes - This is a great tool. It is recommended that you run it in normal mode (not Safe Mode).
- (Update) SuperAntiSpyware - This also seems to work really well and is replacing AdAware in my regular process.
You'll need to download, install, and update all of these tools. If your system is so infested that you can't even do that, it is sometimes possible to download the installers and necessary definition updates on another PC, burn a CD, and copy and install to the problem PC.
Reboot in Safe Mode, Then Scan
Once you've got everything installed and updated, reboot in safe mode. If you don't know how to do that, you probably shouldn't be attempting this yourself anyway, so just set up a service appointment now.
Once you've booted in safe mode, start scanning. Run the tools in the order outlined above. Run them all once, let them clean whatever they can, then reboot (again in safe mode), then run them all again. The second time, look at the results much more carefully, because now it should just be the stuff that couldn't be cleaned the first time. Look at this list and then research product specific removal tools.
You might see CoolWebSearch or SmitFraud in the list now. You'll need to search for removal tools made specifically for those items. Sometimes even they are variant particular, so it could take some leg work (or, more likely, precision Googling).
Lather, Rinse, Repeat
Repeat these last steps as many times as it takes. It can be frustrating, but I am not aware of another option. Once you're able to run these scans without any new detections, it's time for the real test. Reboot normally and run them all one more (hopefully final) time and hope for the best.
As I said, you can never have full confidence that a compromised system is "safe" without wiping out the OS and reinstalling from the ground up, but for cases when that's not a viable option, you have to make do.
Mobilitechs is an IT consulting firm serving Lancaster, PA and Reading, PA. We can answer any questions related to virus removal or malware removal as well as other computer repair or network security services. |
