Vincenzo Di Russo
Had this question 43
Question
  • This thread is locked from future replies
Vincenzo Di Russo asked on
| 534604 views

How to get rid of malware

You may experience any one or more of the following symptoms:
- When you start your computer, or when your computer has been idle for many minutes, your - Internet browser opens to display Web site advertisements.
- When you use your browser to view Web sites, other instances of your browser open to display Web site advertisements.
- Your Web browser's home page unexpectedly changes.
- Web pages are unexpectedly added to your Favorites folder.
- New toolbars are unexpectedly added to your Web browser.
- You cannot start a program.
- When you click a link in a program, the link does not work.
- Your Web browser suddenly closes or stops responding.
- It takes a much longer time to start or to resume your computer.
- Components of Windows or other programs no longer work.

See:
http://support.microsoft.com/kb/827315/en-us
"Unexplained computer behavior may be caused by deceptive software".

1.
Run the Microsoft Windows Malicious Software Removal Tool

 

2. Download ATF Cleaner by Microsoft MVP Atribune from http://www.atribune.org/ 

- Double-click ATF-Cleaner.exe to run the program.

- Click Select All found at the bottom of the list.

- Click the Empty Selected button.

- Click Exit on the Main menu to close the program.

- Shutdown/restart the computer.

 

3. Next, download Malwarebytes' Anti-Malware (Free for personal use) to your desktop.

- Double-click mbam-setup.exe and follow the prompts to install the program.

- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

- If an update is found, it will download and install the latest version.

- Once the program has loaded, select Perform full scan, then click Scan.

- When the scan is complete, click OK, then Show Results to view the results.

- Be sure that everything is checked, and click Remove Selected.

 

4. Download, install, update and run: SUPERAntispyware (freeware) 

- How do I download and install SUPERAntiSpyware?

- Customer Service and Product Support (FAQs)

 

5. If still no joy see and follow carefully:
"Checking for/Help with Spyware, Malware and Hijackware"

 

 

In the event you need further assistance with malware removal, I suggest you follow the instructions at one of the ASAP Member sites that provides malware removal assistance. 

 

Part of this Guided Help courtesy of my colleague MVP Consumer Security Corrine

 

Hope this helps.


Vincenzo Di Russo
Microsoft MVP Windows Internet Explorer, Windows & Security Expert - Since 2003.
Moderator in the Microsoft Answers and TechNet Forums
My MVP Profile: https://mvp.support.microsoft.com/profile/Vincenzo
Vincenzo Di Russo - Microsoft® MVP Windows Internet Explorer, Windows & Security Expert ~ since 2003
Corrine.
Found this helpful 9
Answer
Corrine. replied on
MVP

Reply

Update:  Guided Help Part Two
When all else fails, HijackThis v2.0.2 (http://aumha.org/downloads/hijackthis.exe ) is the preferred tool to use (in conjunction with some other utilities).
Recently, many of the security help forums have begun moving away from HijackThis (HJT) as an initial tool, finding it useful only for a general idea of possible issues.  Malware today is often not visible in a HJT log.  In addition, preliminary cleaning often results in the issue not being visible in a HJT log. 

As a result, it is suggested that anyone seeking additional assistance pay particular attention to the preliminary requirements of the site where they are obtaining help.  It is particularly useful to the analyst if a clear and concise explanation of the nature of the problem is provided along with all requested logs. 

The help sites are very busy.  As a result, it may be a few days before a response is received.  It is advisable that you track your topic so you will know when an analyst has replied.  Because many of the sites track new help requests by zero (0) responses, it is not recommended that you "bump" your post.  Most sites have a place to post if you think your problem has been overlooked. 

It is important to note that many of the tools used at the security help forums are extremely powerful.  If used incorrectly can turn your expensive computer into a large paperweight. For that reason, it is advisable that you seek help at an established, recognized site with trained analysts and not attempt to use specialized tools or fixes without proper guidance.  You can find Microsoft MVPs and other trained analysts at the following help sites:


ASAP Member Forums Providing Log Analysis

Dansk - Danish
Spywarefri

Deutsch - German Spezifisch deutschsprachige Computerhilfe-Foren (german-language sites to get help from):
a-squared Anti-Malware Sie haben Probleme mit a-squared Anti-Malware? Fragen Sie hier unsere Experten!

English
247Fixes
5 Star Support
a-squared Anti-Malware If you have problems with a-squared Anti-Malware?
Amazingtechs
Atribune.org
BestTechie
Bluetack Internet Security Solutions
CyberAnswers.org
D-A-L Computer Help
Freedomlist
Gladiator Security
LandzDown
Lockergnome
Log'N'Rock
MalwareBytes
MalWare Removal
NutnWorks
Security Cadets
Security Central
Smokey's Security Forums
SpyWare BeWare!
SpywareInfoForum
Techmonkeys
Tech Support Forum
Tech Support Guy
TeMerc Internet Countermeasures
The Spykiller
TnT - Tips 'n' Tricks
WhatTheTech
Windows Forum

Español - Spanish Sitios de ayuda contra el spyware en idioma español
a-squared Anti-Malware Tiene problemas con a-squared, con la página de inicio de a-squared o con algún Malware en especial? Siéntase libre de pedir ayuda.
InfoSpyware
ForoSpyware

Finnish Suomalaisia sivuja mistä saada malwaren poisto-apua (Finnish sites to get help from):
Virustorjunta

Français - French Voici des forums français sur lesquels vous trouverez une aide rapide et efficace :
a-squared Anti-Malware Vous avez des problèmes avec a-squared Anti-Malware ou avec certain Malware? Demandez ici à nos experts!
Assiste.com
Zebulon

Italiano - Italian
a-squared Anti-Malware Hai problemi con a-squared Anti-Malware o con malware speciale? Chiedi pure aiuto.
Alground Research Center

Nederlandstalig - Dutch Op deze Nederlandstalige forums wordt U snel en efficiënt geholpen :
Hijackthis.nl
Nucia / Anti Spyware Offensief
PCHelper

Portuguese
Linha Defensiva

Serbian/Croatian
MyCity


non-ASAP Forums Providing Log Analisis

Deutsch - German Spezifisch deutschsprachige Computerhilfe-Foren (German-language sites to get help from):
HijackThis.de Support Board
Protecus
Rokop Security
TrojanBoard

English
Asksomeone.net
Aumha.org
BleepingComputer
Dell Community Forum - HJT room
DSL Reports
Geeks to Go
MajorGeeks
PC Pitstop Forums
Safer-Networking
SpywareHammer
Spyware Warrior

Français - French
IDN - Infos-Du-Net
Vista-XP.fr
FS - Futura-Sciences
PCA - PC-Astuces
Génération Nouvelles Technologies
Telecharger.Com/01net

Nederlandstalig - Dutch
BlueMedicine
Minatica.be
Corrine, Microsoft MVP This posting is provided "AS IS" without warranty, and confers no rights.
Corrine, Microsoft MVP
This posting is provided "AS IS" without warranty, and confers no rights.
Vincenzo Di Russo
Found this helpful 7
Answer

Guided Help Part Two

When all else fails, HijackThis v2.0.2 (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in conjunction with some other utilities).
HijackThis will NOT fix anything on its own, but it will help you to both identify and remove any hijackware / spyware with assistance from an expert.
Download: http://aumha.org/downloads/hijackthis.exe

Post your log to:
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30,
or another appropriate forum for review by an expert in such matters

If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
Or you might consider deleting the User Profile altogether (although I wouldn't and trust the security of all other Profiles).

Courtesy of my colleague Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

Hope this helps,


Vincenzo Di Russo - Microsoft MVP Windows Internet Explorer, Windows Desktop Experience & Security - Since 2003.
~ My Blog: http://blogs.dotnethell.it/vincent/
Vincenzo Di Russo - Microsoft® MVP Windows Internet Explorer, Windows & Security Expert ~ since 2003
Vincenzo Di Russo
Found this helpful 7
Answer

Guided Help Part Two

When all else fails, HijackThis v2.0.2 (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in conjunction with some other utilities).
HijackThis will NOT fix anything on its own, but it will help you to both identify and remove any hijackware / spyware with assistance from an expert.
Download: http://aumha.org/downloads/hijackthis.exe

Post your log to:
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30,
or another appropriate forum for review by an expert in such matters

If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
Or you might consider deleting the User Profile altogether (although I wouldn't and trust the security of all other Profiles).

Courtesy of my colleague Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

Hope this helps,


Vincenzo Di Russo - Microsoft MVP Windows Internet Explorer, Windows Desktop Experience & Security - Since 2003.
~ My Blog: http://blogs.dotnethell.it/vincent/
Vincenzo Di Russo - Microsoft® MVP Windows Internet Explorer, Windows & Security Expert ~ since 2003
Corrine.
Found this helpful 9
Answer
Corrine. replied on
MVP

Reply

Update:  Guided Help Part Two
When all else fails, HijackThis v2.0.2 (http://aumha.org/downloads/hijackthis.exe ) is the preferred tool to use (in conjunction with some other utilities).
Recently, many of the security help forums have begun moving away from HijackThis (HJT) as an initial tool, finding it useful only for a general idea of possible issues.  Malware today is often not visible in a HJT log.  In addition, preliminary cleaning often results in the issue not being visible in a HJT log. 

As a result, it is suggested that anyone seeking additional assistance pay particular attention to the preliminary requirements of the site where they are obtaining help.  It is particularly useful to the analyst if a clear and concise explanation of the nature of the problem is provided along with all requested logs. 

The help sites are very busy.  As a result, it may be a few days before a response is received.  It is advisable that you track your topic so you will know when an analyst has replied.  Because many of the sites track new help requests by zero (0) responses, it is not recommended that you "bump" your post.  Most sites have a place to post if you think your problem has been overlooked. 

It is important to note that many of the tools used at the security help forums are extremely powerful.  If used incorrectly can turn your expensive computer into a large paperweight. For that reason, it is advisable that you seek help at an established, recognized site with trained analysts and not attempt to use specialized tools or fixes without proper guidance.  You can find Microsoft MVPs and other trained analysts at the following help sites:


ASAP Member Forums Providing Log Analysis

Dansk - Danish
Spywarefri

Deutsch - German Spezifisch deutschsprachige Computerhilfe-Foren (german-language sites to get help from):
a-squared Anti-Malware Sie haben Probleme mit a-squared Anti-Malware? Fragen Sie hier unsere Experten!

English
247Fixes
5 Star Support
a-squared Anti-Malware If you have problems with a-squared Anti-Malware?
Amazingtechs
Atribune.org
BestTechie
Bluetack Internet Security Solutions
CyberAnswers.org
D-A-L Computer Help
Freedomlist
Gladiator Security
LandzDown
Lockergnome
Log'N'Rock
MalwareBytes
MalWare Removal
NutnWorks
Security Cadets
Security Central
Smokey's Security Forums
SpyWare BeWare!
SpywareInfoForum
Techmonkeys
Tech Support Forum
Tech Support Guy
TeMerc Internet Countermeasures
The Spykiller
TnT - Tips 'n' Tricks
WhatTheTech
Windows Forum

Español - Spanish Sitios de ayuda contra el spyware en idioma español
a-squared Anti-Malware Tiene problemas con a-squared, con la página de inicio de a-squared o con algún Malware en especial? Siéntase libre de pedir ayuda.
InfoSpyware
ForoSpyware

Finnish Suomalaisia sivuja mistä saada malwaren poisto-apua (Finnish sites to get help from):
Virustorjunta

Français - French Voici des forums français sur lesquels vous trouverez une aide rapide et efficace :
a-squared Anti-Malware Vous avez des problèmes avec a-squared Anti-Malware ou avec certain Malware? Demandez ici à nos experts!
Assiste.com
Zebulon

Italiano - Italian
a-squared Anti-Malware Hai problemi con a-squared Anti-Malware o con malware speciale? Chiedi pure aiuto.
Alground Research Center

Nederlandstalig - Dutch Op deze Nederlandstalige forums wordt U snel en efficiënt geholpen :
Hijackthis.nl
Nucia / Anti Spyware Offensief
PCHelper

Portuguese
Linha Defensiva

Serbian/Croatian
MyCity


non-ASAP Forums Providing Log Analisis

Deutsch - German Spezifisch deutschsprachige Computerhilfe-Foren (German-language sites to get help from):
HijackThis.de Support Board
Protecus
Rokop Security
TrojanBoard

English
Asksomeone.net
Aumha.org
BleepingComputer
Dell Community Forum - HJT room
DSL Reports
Geeks to Go
MajorGeeks
PC Pitstop Forums
Safer-Networking
SpywareHammer
Spyware Warrior

Français - French
IDN - Infos-Du-Net
Vista-XP.fr
FS - Futura-Sciences
PCA - PC-Astuces
Génération Nouvelles Technologies
Telecharger.Com/01net

Nederlandstalig - Dutch
BlueMedicine
Minatica.be
Corrine, Microsoft MVP This posting is provided "AS IS" without warranty, and confers no rights.
Corrine, Microsoft MVP
This posting is provided "AS IS" without warranty, and confers no rights.
Vincenzo Di Russo
Found this helpful 0

Reply

Hi Corrine,

thank you very much for your update!
Vincenzo Di Russo - Microsoft MVP Windows Internet Explorer, Windows Desktop Experience & Security - Since 2003. ~ My Blog: http://blogs.dotnethell.it/vincent/
Vincenzo Di Russo - Microsoft® MVP Windows Internet Explorer, Windows & Security Expert ~ since 2003
Corrine.
Found this helpful 2
Corrine. replied on
MVP

Reply

You're welcome.  I thought providing a list of some of the known international help sites would aid people needing further assistance.  The trick is to remember to keep the list updated.   :)

Corrine, Microsoft MVP This posting is provided "AS IS" without warranty, and confers no rights.
Corrine, Microsoft MVP
This posting is provided "AS IS" without warranty, and confers no rights.
Vincenzo Di Russo
Found this helpful 1

Reply

Hi again Corrine,

I agree with you ;-)

Now I hope that one MSFT - Moderator makes this thread "Sticky", thanks!
Vincenzo Di Russo - Microsoft MVP Windows Internet Explorer, Windows Desktop Experience & Security - Since 2003. ~ My Blog: http://blogs.dotnethell.it/vincent/
Vincenzo Di Russo - Microsoft® MVP Windows Internet Explorer, Windows & Security Expert ~ since 2003
Karen0451
Found this helpful 0
Karen0451 replied on
I'm sorry but should have said that I'm using my laptop to post this message and be on the net, the problem is with my
Dell desktop (Vista)....
Karen
Ken - Former Support Engineer
Found this helpful 1
Ken - Former Support Engineer replied on

Reply

Hi Karen0451

Please go to your original Post
http://social.answers.microsoft.com/Forums/en-US/InternetExplorer/thread/e4b33e63-d298-4ca7-ab66-56fba9c56117

If you need to download/reinstall Internet Explorer, you can do it on your laptop, burn it to a CD then re-install it on the Desktop.

http://www.microsoft.com/windows/internet-explorer/?ocid=ie8_s_d69beac7-83c7-4a58-a655-68831a2e474a

Were you successfull in removing the Virus/Malware?

Ken
Microsoft Answers Support Engineer
Visit our Microsoft Answers Feedback Forum and let us know what you think.
Vincenzo Di Russo
Found this helpful 0
Vincenzo Di Russo replied on

Reply

Thank you MSFTs and Moderators for making this thread sticky!

Cheers,
Vincenzo Di Russo - Microsoft MVP Windows Internet Explorer, Windows Desktop Experience & Security - Since 2003. ~ My Blog: http://blogs.dotnethell.it/vincent/
Vincenzo Di Russo - Microsoft® MVP Windows Internet Explorer, Windows & Security Expert ~ since 2003
Avatarrrr
Found this helpful 0
Avatarrrr replied on

Reply

An Excellent post Mr. Di Russo ^5

Typically, I run the MRT tool (Microsoft Windows Malicious Software Removal Tool, or, mrt.exe, for those that do not know) from an elevated (Administrator) command prompt.

During the monthly patching cycle, the mrt is updated in the system32 directory as I'm sure you know.  This file is larger than the one offered by Microsoft on the page you listed.  I realize that Microsoft recommends using the method you have described but, I feel the version in the system32 directory has more definitions and I am not aware that it is "targeted" by malware authors.  Please correct me if I am wrong.

I'll quote a part from:
http://support.microsoft.com/?kbid=890830#Faq

The easiest way to download and run the tool is to turn on Automatic Updates. Turning on Automatic Updates guarantees that you receive the tool automatically every month. If you have Automatic Updates turned on, you have already been receiving new versions of this tool monthly. The tool runs in quiet mode unless it finds an infection. If you have not been notified of an infection, no malicious software has been found that needs your attention.

I did Google to see if this the mrt is targeted and came up empty, pretty much.  I have also not seen any blogs from cnet, zdnet or slashdot about this.  It also happens, sometimes, that a user is blocked from the Internet by malware and cannot get updates to any malware removal program.

I highly believe in the mrt so I am going to suggest the following for running the mrt locally:
Open an Administrator command prompt:  Pres the Orb or start key, Or, use the Windows key and type:
cmd
Press all these keys together: CTRL+SHIFT+ENTER and deal with UAC as required.
type, in the command box that opens:
mrt and press enter.
In the windows that opens, click next then, choose the radio button for Full scan and click next.

Allow the tool to complete.  This may take quite a while, depending.
If an infection is found, follow the on screen instructions.
If an infection is not found, press Finish.

I would also like to add Windows Defender to your list. It is continually being improved.  It has also been given a thumbs up by one malware author:
http://blogs.zdnet.com/security/?p=2385
and
http://blogs.technet.com/mmpc/archive/2008/10/10/malware-writer-wants-an-eye-to-eye-with-us.aspx

I am open to a dialogue about this posting.  I will follow all advice given about this post and, if so requested, delete it.

Kind Regards,
Avatar

edit:  I forgot to mention this can be done from the Recovery Enviroment.
orouka
Found this helpful 1
orouka replied on

I've just posted my own question about adserv cookies but your posting may be able to help me.  Will the steps you suggest remove adserv cookies and block them in future?

Previous Previous Page of 3 Next Next