If you think you have a Spyware/Malware Infection or a Virus

(Malware is a term that covers viruses, trojans, minor spyware and serious spyware infections.)
by ilago

• Search results are being redirected
• You are getting a lot of popups
• Your browser is being directed to a page you didn't pick and can't change
• You can't access a normal search engine like Google or Yahoo
• Your computer is running very slowly
• You have strange error messages that you don't understand
• You have icons in the system tray that you can't identify
• Your desktop has been changed or has a scary message
• You can't update your antivirus
• You can't get to any security related sites with your browser - eg symantec, McAfee or Windows Update

These procedures have been updated to reflect the more recent types of malware infections. Some of the programs used have changed to more effective applications.

These steps will remove some of the standard well-known spyware infections and may be enough to remove your problem.

Download Malwarebytes Anti-Malware:

• http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button
• http://www.majorgeeks.com/Malwarebytes_Antimalware_d5756.html
• http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select “Perform Quick Scan”, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• *Make sure that everything is checked, and click Remove Selected.* You must do this or the items won't be removed.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report into a new topic in Techtalk to get some additional help with removal.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

There is a good tutorial here on the installation and use of MBAM.

SuperAntiSpyware is a also an option, although it is not always as effective as MBAM

* Download and install SUPERAntiSpyware Home Edition here: http://www.superantispyware.com/downloads/SUPERAntiSpyware.exe
Use the configuration and deep scan method to do a full system scan in Safe Mode. Save the log so you can post it in a thread if needed.

• Do an online virus scan. Some spyware infections damage or inactivate your own antivirus software so an online scan is a better way to check that you don't have a virus infection. Not all on line scans remove malware, but they do help with identification.
  

• Eset online virus scanner
  
• Kaspersky On Line Scan
  
• Bit Defender Place a check on everything under “Scan Options”
  

Standalone Antivirus Products

This product does not need to be installed on your system. It runs as a standalone executable which is complete with current antivirus definitions. The .exe file can be deleted once the infection is cleaned up.

• DrWeb CureIt

Keep the log/results file for any on line scan or standalone scan you do so you can post it in the forum. They are helpful for working out what the problem may be when it's not immediately obvious. The log files can list confusing entries such as “grayware” or “not-a-virus” or “potentially unwanted”. Do not delete any of these files they may be necessary, or even essential files. The scan is simply advising you in these cases.

In many cases these procedures will remove known infections. But many infections need special tools or utilities that have special instructions for use.

You may need to use a Cleanup tool to remove accumulated caches and temporary files. Please see the tutorial page on How to clean up your computer on the index on the left hand side of the page. Please do not clean up before running scans. There is some malware that moves system files into temp file locations and if removed these files would be unrecoverable.

Please Note:

HijackThis is no longer as useful as it once was. TrendMicro have updated it a little, but most recent variants of malware are easily able to evade the parts of the system than HijackThis scans. Further information on revised procedures will be posted shortly.

You may be asked to post a HijackThis log for further information. The details for using and posting HijackThis logs:

• Using and Posting HijackThis logs

*Unregistered users of the ABC forums are moderated and do not appear straight away. If you intend on posting it is advised you sign up to the ABC forums so your posts will appear immediately.