Malware-Removal1

Virus removal can be very time consuming and become tricky real quick. In my experience, I’ve listed some tools below and some screenshots that will hopefully help make the process a little easier. I suggest downloading these tools and keeping them on a USB drive or on a CD. Also remember to periodically check the links for new versions of these files as well.

Disclaimer: Selecting the wrong options or deleting the wrong files could make your system inoperable. It is highly recommended that you let a professional remove viruses and malware.

Registry Fixes For Disabled Features

If you go through removal tools and find out your registry is disabled or your task manager, save these files to your desktop and try running them.
Enable Registry
Enable Task Manager
Enable Folder Options
Restore Hidden Files

TFC – Temp File Cleaner by OldTimer


monthly_07_2012_thumb-fe97c75277f80c77ba552cc609c7b4f7-tfc

This file will end all running tasks and clear out the temp files for all users (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs).

When finished, a reboot is required so that it can clean up any remaining locked files. This is a good tool to run before you move on.

TDSSKiller


kaspersky-tdsskiller-12

This program is great for removing rootkits and it is simple to run. Just download the exe from the link above, save it on your system, then run it and Start Scan.

Malwarebytes

– This is one of my favorites and one I’ve had the most success with over the years.
1186760019-1

Double Click mbam-setup.exe to install the application.•Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

•If an update is found, it will download and install the latest version.
•Once the program has loaded, select “Perform Quick Scan”, then click Scan.

•The scan may take some time to finish,so please be patient.
•When the scan is complete, click OK, then Show Results to view the results.
•Make sure that everything is checked, and click Remove Selected.

•When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
•The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

OTL


OTL_Main_Tutorial

•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Select All Users
•Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
•Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
•When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

RogueKiller


• Quit all programs
• Start RogueKiller.exe.
• Wait until Prescan has finished …
• Click on Scan

01_RKScan

• Wait for the end of the scan.
• The report has been created on the desktop.
• Click on the Delete button.
• Next click on the ShortcutsFix

Farbar Service Scanner

– This is good if you have internet connection problems or firewall problems, or have a sirfef (consrv.dll infection).

FSS-1

Tick “All” options.
Press “Scan”.
It will create a log (FSS.txt) in the same directory the tool is run.

Specific Virus Removal Walkthroughs

FBI Moneypak Win32/Reveton Virus Ransomware
Rootkit.Boot.Harbinger.a RootKit Virus
boo/cidox.b
Win32/TrojanDownloader.Waski.A