DACS Malware Removal Toolkit
Part 6 – How to Remove Malware
If you have a recent backup of your c drive, from just before the infection occurred:
- Backup your data drive.
- Restore the c drive from this backup.
- Do a “full” scan with your anti-malware application. If your anti-malware application identified issues, then your recent drive was probably not clean of malware (or, less likely, your computer has a root kit, which is not corrected by restoring the c drive).
- See if your computer works normally.
- If you are still getting DNS hijacks, but your anti-malware application identifies no issues, then consider if you have a Router DNS Hijack (that anti-malware applications will not find).
If you do not have a recent backup of your c drive, then do these steps in the order shown:
- Backup your data drive.
- Turn off any CD Emulation programs.
- Clean folders of temporary files and cookies.
- Run CCleaner.
- Do a “full” scan with your anti-malware application.
- If your anti-malware application identified issues, tell it to remove these. Then reboot and do another full scan to see if the problem reappears (as there can be an underlying problem that reappears with reboot).
- See if your computer works normally. If not, do a couple online scans at the online sites of reputable anti-malware companies.
- Ask for advice on one of the Malware Removal Forums (see below). Follow their directions.
- Format the c drive and reinstall your application software. (Then be more careful to make backups!)
Additional strategies, if you want to be especially careful:
- Even after you think you have removed the malware, maintain copies of your c drive backup from a little and a lot prior to this infection (and so label these backups) … so that you have backups if you later discover that the you were not able to remove the malware.
What you should NOT do:
- Do NOT download or use any off-brand so-called anti-virus software. Do not trust software that you find with a google search, unless it comes directly from a site of a reputable anti-malware company. Do not trust any “free virus software” that appears in a popup window after your computer is infected. There is a lot of so-called anti-virus software that actually carries malware within it … exactly the opposite as claimed (such as “Spyware Protect 2009”).
- Do NOT use your computer for any banking or credit card related tasks, when there is any sign of infection.
How to Use Malware Removal Forums:
- These websites offer free advice. They ask for donations, but they are not pushy about donations.
- These websites are staffed by “volunteers” and they are not fast. You need to figure on waiting a few days before you get the first bit of advice. After that, you will go back and forth frequently within each day … but it may still take a few days to solve the problem. Be patient.
- You will need a second computer … because you really should not use the computer under scrutiny … and because you will need a way to post stuff on the internet and read advice.
- These forums are very effective.
Malware Removal Forums:
Specific Tools for Cleaning Issues:
- CCleaner. A great general purpose tool for removing malicious cookies and adjusting the startup applications. (http://forums.majorgeeks.com/showthread.php?t=35407)
- CWShredder. If your computer has the common browser hijack called CoolWebSearch, then use this tool to remove it.
Other things to know:
- You may need to use “safe mode” (usually obtained by pressing F8 during boot)
- You may need to display hidden files and directories
Some Malware removal tools:
Save the logs after running each of these tools.
Tools to Remove Rootkits
- GMER
- BitDefender RootkitUncover
- Trend Micro RootkitBuster
|
