Just Uninstall It
Not all malware is highly sophisticated. Many of them can be uninstalled just like any other program, so before you go any further, bring up the Control Panel and head over to Programs and Features. Scan the list for any signs of adware, toolbars, or anything else that's obviously unwanted software and simply uninstall it. Is your system back to normal? If so, then great, you got off easy! If not, blurt out a few curse words (you'll feel better) and then continue reading.
Fight Software with Software
One of our favorite and most reliable anti-malware programs is Malwarebytes . There's both a free and paid version, the latter of which adds proactive protection like real-time monitoring and conveniences like scheduled scanning. For removing existing malware, the free version is sufficient.
What's neat about Malwarebytes is that it scans for a wide range of rogue software, like spyware, adware, some viruses, and even rootkits. Be advised that Malwarebytes isn't intended as a standalone antivirus program, but as a supplement. Or, in this case, as a cleanup tool.
The first thing you should do when running Malwarebytes is to update the database so that it can scan for the latest threats. Just click the Update Now now link and let it do its thing.
See that big Scan Now button at the bottom? Don't click it just yet. First, click the Settings option and navigate to Detection and Protection . Even though Malwarebytes scans for rootkits, you first have to enable the option, and this is where you'll find it—check the Scan for rootkits box.
Now, go to the Scan heading and select Threat Scan , which is the recommended option. This will run a comprehensive sweep of your system and could take a long time to finish. Find something else to do for a bit—ride a bike, catch up on some reading, make love, play a console game, grab some lunch, or anything else you can think of that's more fun than watching a system scan. When it's finished, audit the list of threats for any false positives and uncheck them, then click Remove Selected .
Solicit a Second (or Third) Opinion
As much as we like Malwarebytes, there's no single program out there capable of detecting and removing every piece of malicious software. For a machine that's in particularly bad shape, it pays to run multiple spyware sweeps. Which ones? There are several out there, and one that we still like is Spybot Search and Destroy .
As with all of these programs, be sure to update the definitions database first—just click the Update icon. The first update can take a few minutes, even on a fast Internet connection, so be patient. Once it's finished, click System Scan and let it sweep your system for junk.
As you can see, these programs are pretty self explanatory, so rather than walk you through each one, here's a list of software we recommend running on badly infected machines:
There are others out there, and if you have a favorite, feel free to add it to the list. Remember, it might not always be necessary to run several different programs, but for a machine that's in really rough shape, it doesn't hurt to blitz the opposition using multiple tools.
Better Safe Mode than Sorry
In some cases, you may not be able to run or even install the aforementioned malware removal software. Some of the more sophisticated malware will block them outright, and if that's the case, you should try booting into Safe Mode. The same is true if a piece of malware manages to reinstall itself after you've already removed it.
To boot into Safe Mode, shut down your system, turn it back on, and start tapping the F8 key. Instead of booting into Windows, you should see an Advanced Boot Options menu. Select the Safe Mode with Networking option. This will load just the essential Windows drivers while also giving you Internet access so that you can download, install, and update anti-malware software.
If you're having trouble booting into Safe Mode, another way in there is to boot into Windows as you normally would. Click the Start menu , select Run , and type msconfig . Select the Boot tab and under the Boot options heading, check the Safe boot box. Mark the Network radio bubble and click Apply, then reboot your system.
Scan for Viruses
Microsoft's built-in Windows Defender in Windows 8.1 (separate download in prior versions) does a good job overall of detecting viruses, and if that's what you're rolling with, update the database and scan your system. Otherwise, do the same with whichever antivirus software you're using. If you're not using one, either enable Windows Defender or seek out a free AV such as Avast , AVG , Avira , Bitdefender , Comodo , or Panda , to name a few of the no-cost options. Be sure to install only one, as multiple AV programs can conflict with each other (though it's okay to run them with malware removal tools like Malwarebytes).
Bring Out the Big Guns
At this point, you've scanned for viruses, run multiple anti-malware programs, rooted out any rootkits, and cleaned up your browsers, yet your system is still acting up. That's bad news, but don't go throwing in the towel just yet. Instead, download HijackThis .
HijackThis is a simple little utility that audits your registry, browser settings, and system services. It only takes a few seconds to run, however, it doesn't discern between good and malicious entries, so don't go deleting entries willy-nilly.
There's no installation required here—just fire up HijackThis and select the top option so that it saves the results to a log file. In a few seconds, you'll see a long list of entries. Scroll through them and look for any obviously malicious entries. For example, if you know you've been infected by a particular piece of malware and you see references to it in the HijackThis results, check the box.
Most of the entries will be safe, so be careful what you check. You could even break functionality of a legitimate program or cause other problems by checking certain entries. This is where the log comes in handy. When the scan finished, it should have populated a Notepad file with the results. Highlight the entire text and copy it to your clipboard.
Now head to I Am Not A Geek , paste the contents in the box, and click Parse. Potentially malicious entries will be highlighted red, but before you click the check box in HijackThis, look up each one in Google so that you're sure of what you're removing.
There are several other online analyzers, such as HiJackThis.de Security and HiJackThis.co . Try using at least two, and if you still need help, solicit advice from a forum such as Bleeping Computer .
As a last resort before wiping your system clean and starting anew, there's ComboFix , an aggressive program that hunts for persistent infections and attempts to remove them. It was developed by the folks at Bleeping Computer and they recommend not running it unless specifically requested, so keep that in mind. It's also worth noting that ComboFix doesn't yet work in Windows 8.1 or Windows 2000, though it does run in Windows 8, 7, Vista, and XP.
If it's finally come to this, follow the instructions in Bleeping Computer's guide and when it's finished running, see if your system is back to normal. Should problems remain, post a copy of the log ComboFix generated into the forum thread where it was recommended that you run it.