Malware/Virus Remediation on a Windows-Based Computer


The following steps are a generic process to allow you to scan/remove most malware/viruses from your computer.  As these threats can vary in complexity and are ever-evolving additional steps may be necessary but this list is a typical starting point which should cover most issues.  Please note that I can make no guarantees with the use of this software.

RKill

This program will attempt to terminate processes running by the malware to prevent you from scanning your computer.
  1. Go to the following website:  https://www.bleepingcomputer.com/download/rkill/
  2. Click one of the green boxes to "DOWNLOAD NOW" (I recommend downloading from bleeping computer).
  3. Double click on the rkill file that you downloaded.
  4. The program will run and notify you that it finished and if any changes were made by the program.

AdwCleaner

This program is a quick removal tool for certain malware and browser hijackers
  1. Go to the following website:  https://toolslib.net/downloads/viewdownload/1-adwcleaner/
  2. Click on the big blue "Download Now" button on the right side of the page.
  3. Double click on the adwcleaner file that you downloaded.
  4. Agree to the license agreement.
  5. On the main screen click on the "Scan" button.
  6. Let the computer scan your system (this will take a few minutes).
  7. Once the scan finishes click the "Clean" button.
  8. Once the various threats are removed the tool will require you to reboot and provide you with a log file after the restart.

Malwarebytes

Malwarebytes is an adware and malware scanner.  This tool can also run continuously on the system (and is a worthwhile investment) but for now we will just use the basic scanning/removal features.
  1. Go to the following website:  https://www.malwarebytes.com/
  2. Click on the "FREE DOWNLOAD" button on the main page.
  3. Double click on the mb3-setup file that you downloaded.
  4. Accept the license agreement when prompted.
  5. Uncheck the box to create a Desktop shortcut.
  6. After the install click on teh "Protection Settings" button in the Malwarebytes box that appeared in the lower right corner of the screen.
  7. Normally we would tweak many settings but as we are only using this to scan you should toggle the following boxes:
  8. Click on "Dashboard" from the list of options on the left of the screen.
  9. On the right side of the screen verify that Updates are "Current".
  10. Click on "Scan" from the list of options on the left side of the screen.
  11. Choose "Custom Scan" and click "Configure Scan"
  12. Check all of the scan boxes and all of the drive letters listed.
  13. Click "Scan Now"
  14. The scanning process may take several hours to complete.  Once it finishes allow it to remove any threats that it finds and reboot your computer.

Superantispyware

Another useful removal tool but we are going to skip it here as it is a little dated.


Antivirus Software

There are numerous options for antivirus software available for your computer.  The only recommendation that I can make here is that you should have some sort of antivirus program on your machine and it should be current with the program and updates (many times users still have just an expired trial version from when they bought the computer.  Some programs are free and some cost money to maintain.  The most popular ones are as follows:
  1. Norton Security (http://norton.symantec.com/norton/ps/bb/ushard/3up_ns1_ns_nsbu_us_en_notw_brnf_nort.html?om_sem_cid=hho_sem_sy:us:bs1:en:e|kw0000006084|12316524939|c&nortoncountry=us)  - this is a paid program but is very good
  2. Windows Defender - Microsoft includes this with all Windows 10 machines if an existing program is not detected.  It is free and works OK.
  3. Avast Free Antivirus (https://www.avast.com/en-us/index) - This program is free and only requires you to register with an email.  It works pretty well.
  4. AVG Free Antivirus (http://www.avg.com/us-en/free-antivirus-download) - This program is also free and works pretty well.

Other Information

If the malware is still on your machine after these steps it may be necessary to revert your system back to a time before the virus (system restore) or you may need to take it to a place for service (the Microsoft store in the Galleria does a wonderful job).

You should remember to always keep your machine patched and up-to-date AND definitely take regular backups of your important files on your machine.  Your computer and any websites you use should have strong passphrases (this is different from passwords) and these passwords should be at least 10 characters long using a combination of letters/numbers/special characters).  Try not to use the same password on multiple sites and if you use things like sentences for various sites (ex - I walk my dog!) it becomes easier to remember.  For the most critical sites (such as email/facebook) you can and I strongly recommend that two-factor authentication is turned on to make it more difficult for others to access your accounts.  These websites will go through the process in detail on their help pages.

A few backup suggestions:
http://www.pcworld.com/article/2095481/storage/if-we-show-you-how-to-back-up-your-pc-for-free-will-you-finally-do-it.html
http://www.pcworld.com/article/2905400/windows/3-easy-steps-anyone-can-take-now-to-back-up-a-pc.html