Windows malware removal

A couple of videos and a list of free software that can be helpful in removing malware from personal Windows systems.

What follows is focused on personal, home or small office, systems but could be useful in an enterprise environment.

Here’s a good video by Brian (Britec09) that shows how these tools can be used to decontaminate an infected Windows PC:

This second video from Brian presents a really heavily infected PC that gives him the chance to do a more thorough demonstration of his removal methodology:

The tools featured in the above videos are listed below in the order that they normally should be run. All of these should be free to download from reputable sources (the links provided were safe at the time this post was originally written).

Kaspersky Rescue Disk. Reboot the machine using this disk and run scan. This allows you to move around the system disk without running any potentially infected services or executables that could interfere with your cleanup efforts. Once done scanning and taking the recommended actions remove the rescue disk and reboot.

TDSSKiller. This is intended to kill all processes known to be malevolent. Run the update and then scan, taking the actions recommended.

MalwareBytes Free. MalwareBytes should be run on a regular basis as a check on your regular antivirus solution, even when you don’t think you’re infected. Always check for updates before scanning. Be careful not to install in “trial mode”, but instead to install and run the free version. Do a quick scan and delete malware found, then reboot.

HitManPro. This is another malware remover that focuses on particularly nasty programs. Run a scan and delete all malware found.

Rogue Killer. Another anti-malware specialist. Scan with this and delete reported malware.

Adw Cleaner. Adware is distracting, and can carry or obscure the presence of awful malware. Scan and delete it using this tool, then reboot the system.

Farbar Service Scanner. Checks services and reports what may be broken or disabled (like your system firewall). If a key service is found to be disabled, re-enable it and then run this scanner to verify all is well.

ComboFix. A malware removal and system repair tool. Malware can and does damage key system components and configurations. Run a scan and take recommended action, then reboot.

CCleaner. Another good removal and repair utility that is a good supplement to ComboFix. Scan and act on its recommendations.

At this point you should run MalwareBytes again to verify all malware it knows about is gone.

ESET Online Scanner. This is a good, online, virus scanner that can be used to double-check your regular antivirus service (I use Microsoft Security Essentials on all my Windows machines).

This entry was posted in Security on by .

About phil

My name is Phil Lembo. In my day job I’m an enterprise IT architect for a leading distribution and services company. The rest of my time I try to maintain a semi-normal family life in the suburbs of Raleigh, NC. E-mail me at philipATlembobrothersDOTcom. The opinions expressed here are entirely my own and not those of my employers, past, present or future (except where I quote others, who will need to accept responsibility for their own rants).