This is a general guide for cleaning an infected computer. Some infections require further work or an experienced eye to remove; meaning you should get someone out to look at it for you.
Some infections replace or infect important system files and the act of cleaning them can leave your system in an unstable state. There is a chance that Windows will no longer boot after removing infections as important files had to be deleted to complete the operation. The steps listed below will not delete any of your personal files unless they have been identified as infected. It is your responsibility to keep your data safe. Please backup any important data before proceeding with this guide.
You will need to download some tools from the internet. If the internet is unusable on the infected computer because of browser hijacks, then you may need to download the tools onto a USB flash drive from a clean computer. You may be able to get your infected browser working well enough to download these tools by going into the add-ons section and removing anything that looks suspicious.
Most of these tools do not update themselves automatically, so its a good idea to download new versions each time you need them.
Download the following tools:
- RKill - Ends bad processes that can interfere with the clean up process
- TDSSKiller - Finds very specific rootkit infections. Quick to scan, worth doing
- ADWCleaner - Another malware scan. Restarts your computer when it completes. Run it last.
- MalwareBytes - Final scan to remove final traces. MalwareBytes is now a full features antivirus. I used to recommend purchasing this to run beside your normal antivirus. It is now a viable option to replace your antivirus.
Uninstall suspicious programs
Some Possibly Unwanted Programs or PUPs can simply be removed from the Programs and Features list in Windows. Go to Control Panel and find "Programs and Features" or "Uninstall a Program". Scroll through the list and remove anything with the words coupon, toolbar, savings and anything that looks to be bad. Be careful not to remove important software and drivers from this list, just because you don't recognise it, doesn't mean its bad; do a quick google on your phone if you are unsure. Try checking www.shouldiremoveit.com
Disable your antivirus temporarily
Some antivirus programs might flag your new scan tools because of the way they work. Its best to disable your AV before downloading the tools, or plugging in your flash drive. Most antivirus products have a right-click menu with some sort of disable option. Find it in the system tray (down near the clock) and right click the icon. Some require you to open the app and go into settings to turn off realtime protection.
This will also speed up the scanning process.
Run your scans:
Time to run the scans with your new tools. Only run one tool at a time and don't fret if you don't understand what they are telling you. Run each tool as administrator to give them full access to the system. Right click -> "Run as Administrator".
- RKill - Black text window. Just wait for it to finish, and close the notepad window it opens at the end.
- TDSSKiller - Accept a couple of agreements. Click "Change Parameters". Select "Detect TDLFS file systems". Click OK then "Start Scan". If it finds anything rootkit related, write it down and hit continue. Do some research on this infection after you finish the scans to be sure you have it all gone. something like "cidox removal guide"
- ADWCleaner - This one restarts your computer when it is done, so be ready for that. Accept the agreement and hit "Scan" on the main window. When it is finished, hit "Clean". Several prompts will appear explaining what it is doing, just hit OK and wait for you computer to restart on its own.
- MalwareBytes - This program actually installs onto your computer. You can remove it later if you want, but I actually recommend purchasing a Premium license and leaving it on, its a great tool. When it finishes installing and opens, hit the "Update" link to be sure it is up to date. Then we want to enable the rootkit scanner by going to "Setting -> Detection and Protection" and checking the box next to "Scan for rootkits". Hit the "Scan" button at the top and click "Start Scan". This one can take half an hour or so on some computers. When it finishes, hit the button at the bottom which should say "Apply actions" or "Remove Selected" (It has changed over the years). It sometimes asks to restart your computer - do that.
Check if the infection is gone
Fire up each web browser and be sure that web pages load properly. Sometimes you need to fix your home page which can be done in the settings. Chrome sometimes needs to be "Reset" which is done in the bottom "Advanced" section of the settings. Its a good idea to reset your Internet Explorer settings too from the "Advanced" tab in "Internet Properties" found in the Control Panel.
If you Steam game client is infected, then check out my guide on cleaning Steam - Steam browser hijacked
If the infection persists, then you may need to seek further advice either online from r/techsupport or from a local computer repair company.
Check your antivirus
If you disabled your antivirus before running the scans, then make sure that it is re-enabled. While you are there, make sure that your subscription has not expired and that it is fully up to date.
Additional free protection
Install Unchecky to help prevent those PUPs from side-loading when you install software.
Preventing future infection
Most of the machines I clean already have paid antivirus installed. The customer thinks that they are safe because they have paid for protection and use a big brand. Unfortunately having the most popular antivirus product installed on your system doesn't mean you have the best protection. Most antivirus products either do not bother detecting PUPs or do a lousy job of it because they are not technically classed as malware.
Possibly Unwanted Programs or PUPs can add extra toolbars or ads to pages on your web browsers. They can offer to speed up your system, update drivers, or clean up infection; for a fee. Basically if you didn't install it, and it is annoying or wants money from you, then its probably a PUP. Some of these programs can negatively affect you privacy or let more junk in. You need to keep them out.
Most antivirus programs do a pretty good job of keeping traditional viruses out of your computer, but you need something to keep the PUPs out too. I recommend and use an antivirus product called Emsisoft Internet Security which has a dual virus scanning engine, and pretty good PUP protection built in, as well as a good personal firewall. If you don't want the firewall, then they have a cheaper version called Emsisoft AntiMalware. Also install Unchecky which I mentioned earlier.
Here are my affiliate links. If you plan on purchasing these products, then help me out and use my links please. I found and joined the affiliate programs for products that I like, use and recommend. Not the other way around.