Malware Removal Guide has been Updated for 2013, Video to Follow

Hi guys.  I’ve updated the malware removal guide for 2013.  If you’d like to add something or make a correction that I’ve missed, please let me know in a comment below.  I’m working on a rather long step-by-step video that follows all the sections in this guide.

Here’s a summary btw –

Removal Guide Overview

  1. Backup – How to backup up your important personal documents just in-case your PC become inaccessible.
  2. Gathering the needed software for this guide.
  3. Bootable Antivirus – Why bootable antivirus is the best way to remove malware.
  4. Bootable Antivirus Disc – How to create a bootable antivirus disc.
  5. Bootable Antivirus Disc – How to scan your PC with a bootable antivirus disc.
  6. Cleanup – Round up the remnants and remove them.
  7. Prevent it from happening again.

,

17 Responses to Malware Removal Guide has been Updated for 2013, Video to Follow

  1. Simon December 5, 2012 at 6:01 pm #

    How helpful would using Hirens Boot CD be

    http://www.hiren.info/pages/bootcd

    • malwarekilla December 5, 2012 at 7:09 pm #

      Never used it. Never had to I guess.

      • Simon December 5, 2012 at 7:25 pm #

        It just seems it has AntiMalware products all wrapped up into one package, thought it might be useful, thats all 🙂

      • Bubba December 7, 2012 at 6:05 am #

        thought I give you a suggestion to make a video on how to build and use tje Hirens Boot CD on a highly infected machine.

        • Simon December 7, 2012 at 9:59 am #

          That would be cool, and if it could be done on a USB stick even better I think

  2. John December 6, 2012 at 6:02 am #

    I like hiren’s better than ubcd4win because it loads much faster.

    • Simon December 6, 2012 at 12:32 pm #

      From what I can see you can put it onto a USB stick as well, which might be easier than carrying a CD

  3. Dave December 6, 2012 at 3:21 pm #

    Hey Guys, Hirens is great and I can’t imagine doing this work without it because you don’t have to download all those programs like ccleaner, sas, mbam, etc. I hardly ever boot from it just pop the cd in and access the programs that way. I usually boot in to safe mode and run the programs from there. Example, I had one yesterday that had some fake antivirus on it and I just popped in the hirens and ran rkill to stop the processes from running then ran sas followed by mbam rebooted and the machine was pretty much good to go. Although then windows update wouldn’t turn on so I downloaded windows repair by tweaking.com via bleeping computer downloads and that was fixed. The unit didn’t have a AV on it so I put MSE on it and it cleaned a remnant or 2 and all was good other than managing add ons in their browser (always tons of toolbars and weird search engines to disable) to speed up internet access. Each situation is different and not all are that easy but that is my basic plan of attack. I too will always ask the customer what needs to be backed up before I start. I will also create a restore point sometimes before I start and use double driver off the hiren’s to backup drivers as a precaution just in case I have to do a re-install. Sorry about the long comment but wanted to share what works for me.

    • Simon December 6, 2012 at 3:44 pm #

      @Dave : You actually use it in the OS environment itself to combat malware rather than as a boot up ?

      • Dave December 6, 2012 at 4:08 pm #

        I do if the machine is not severely infected and it usually works great. I will mostly boot in to safe mode because usually the malware won’t run there and the scans are faster although on the one yesterday I just decided to use rkill in regular mode and it stopped all the popups and scanners from the fake av from running. I then used sas and mbam from the hiren’s. No downloading just update them and ran them and rebooted and it was pretty much clean. I usually run ccleaner first but I didn’t on that one yesterday, I did run it after cleanup though.

  4. malwarekilla December 6, 2012 at 3:54 pm #

    After my KRD flash drive destroys anything serious I’ll boot back into normal mode and run ccleaner, mbam and hitman pro. Going bootable is the only way (IMO) to safely disinfect system files that may otherwise have been destroyed while the OS was running. It takes extra time, yes, but I know I’ll have a smooth appointment with the client.

    • Dave December 6, 2012 at 4:39 pm #

      I respect that approach and you are the man Matt. Love what you do and please keep sharing with us all. I really like having this where we can all share ideas. In my situation I don’t do much in the way of onsite repairs as I live in a smaller town and most customers will just bring them in so I have plenty of time to try different things usually. I charge a flat rate for most work I do and I have another business as well so I’m usually less than what others charge for computer repair. Many customers just need a computer tuneup because they just don’t know how to properly maintain a computer. I have a checklist of things to do when I perform that service. Have seen a good many with the FBI moneypak lately and I’m surprised how easy it is to remove.

      • Dave December 6, 2012 at 5:01 pm #

        Speaking of flash drives are you guys sort of paranoid about using them on infected machines. I use a program called USB Panda Vaccine to disinfect my flash drives before I use them on machines. Also, could an infected machine allow a flash drive to be infected from a bootable environment?

        • Dave December 6, 2012 at 5:20 pm #

          After reading your comment Matt, about booting is the only way to go, I may have to rethink my method.

      • malwarekilla December 6, 2012 at 9:08 pm #

        Thanks Dave, I’ll continue to share everything with you guys. I charge a flat fee as well. If I can get clients to drop off their PC’s then it’s cheaper for them and a lot easier on me. I’m planning on doing more remote appointments (mostly just Tune-Ups) soon, so that’ll be interesting.

        I’m sorta shocked at how easy the FBI Ransonware is to remove too, but I guess everything is when you’re using a bootable rescue disk.

  5. ZOU December 9, 2012 at 2:20 pm #

    Matt says: “After my KRD flash drive destroys anything serious I’ll boot back into normal mode and run ccleaner, mbam and hitman pro”

    You rock. I like that you are efficient, methodical (as one can be in light of new threats) and effective in your scientific approaches to malware removal. Your clients are in good hands. No doubt about that.

  6. B.L.Von Schroder February 17, 2013 at 11:18 pm #

    Just happened to come across your sight,Matt,when I desperately needed it .Was getting really discouraged trying to fix the viruses on my computer. Can’t thank you enough for your excellent videos. Please don’t remove the old ones yet as nu-bees like me need this basic information. Thank you so much! You’ve saved me $$$ !

Leave a Reply