1) When you start searching the internet for suggestions on how to fix malware problems, you will more than likely end up with hundreds of rather long, in-depth solutions involving installing this or that "anti-malware" software. In my experience though, in most cases those type solutions are overkill. Quite often all that's needed is a simple windows system restore. If you have a rough idea of when the problems started, and there's a restore point earlier than that, just do a system restore.It's incredibly simple and painless, as all it restores are system files. Now a lot of people freak out over the idea of a "system restore", thinking they will lose their personal files like email, pictures, music, etc., but that's NOT what this process does. All your data files are untouched and left exactly as they are.
To perform a system restore, just click START | PROGRAMS | ACCESSORIES | SYSTEM TOOLS | SYSTEM RESTORE and follow the directions from there. Or if you want more detailed instructions, click here. Odds are that will fix the problem and you will be back in business.
2) Unfortunately a lot of the nastier malware will disable system restore and remove all past restore points, so quite often this option won't work. If that's the case, the next thing to do is a quick system scan with a utility called HijackThis. This tool has lost a lot of its usefulness over time, as most malware these days is way too sophisticated to be exposed by a simple tool like this. But it's quick, and sometimes you can easily spot the culprit and proceed from there.
3) If no joy there, the next thing to try is a program called MalwareBytes (MBAM). It's by far and away the best of the malware detection programs, IMO. However, most of the malware these days knows full well about MBAM, and so will disable it -- but you should definitely give it a shot. If it has been disabled by the malware there are usually ways around that -- by booting in to safe mode, renaming files, etc. It might take a bit of work, but if you can get MBAM to run it's definitely worth the effort.
4) If no luck with MalwareBytes for whatever reasons, you might spend a little bit of time trying other malware programs like SUPERAntiSpyware. But odds are if MBAM won't clean it, none of the others will. Also, at this point there's a good possibility that what you are dealing with is a rootkit. And if that's the case, you are pretty much done for. I haven't seen any rootkit software that's really much help at all. Sometimes by googling the symptoms you can find someone somewhere who has been infected with exactly what you have and will have step-by-step removal instructions using a specific rootkit software package. But unless you can find something like that, there aren't any effective generic ways of removing a rootkit.
5) Finally, I have a very important rule of thumb -- never spend more than two hours trying to remove malware. Right now the bad guys are so far ahead of the good guys that quite often you are fighting a losing battle from the gitgo. If you can't get it clean in two hours, odds are you aren't ever going to get it clean. So drop back and punt with a re-format and re-install. These days none of the malware is attacking data, so it's easy enough just to back up all the data files and then get a clean start.
6) Once you do have the system clean, to keep it clean install a good antivirus program like AVG and make sure windows firewall is on. If you are not running behind some type of router, get one -- they are extremely cheap, easy to set up, and provide you with a good hardware firewall. As far as security software goes, for the average user everything else is liable to cause more problems than it solves -- most people end up so confused by advanced security programs that they just end up allowing everything or get so frustrated they uninstall it all together or just ignore it when it does warn them about something.
Finally, the best way to avoid malware is to NEVER, NEVER install any software that you are not 100% sure is legitimate. 90%+ of the malware problems that I see are a result of the user falling for some type of email/web gimmick to get them to install some software that will protect them or speed up their computer -- when in fact the software is itself malware. If you ever see some type of prompt telling you that you have such-and-such a problem and to just click here to solve the problem -- ignore it. If it's a legitimate prompt, it won't be installing software, it will be saying something about quarantining a file or ignoring a request. If you follow just this one simple rule, you'll probably never have to deal with malware.
June, 2010