Saturday, October 20, 2012

How to remove Malware, Rootkits, Trojans and keloggers on your system

Here is a step by step guide on how to clean your pc if you suspect that you have some form of malware or you already had an infection. This guide consists of the most up to date scanners and cleaners for hard to remove infections including rootkit injection type malwares.

*This guide will be using some very powerful cleaning application so please be very cautious in doing the steps. Make a backup of your files, your registry,and create a restore point. *



Let's start.

Download RogueKiller from HERE and save it on your desktop.

When finished, close all running programs and double click Roguekiller to run.

Roguekiller will scan and detect problems in your registry, if problems are found, just click the necessary option to fix the problem. *Again, be careful and take a good look of those entries before deleting*



Next we move to another application that will remove Rootkits in your system if there are any.

So what is a rootkit?

A rootkit for Windows systems is a program that penetrates into the system and intercepts the system functions (Windows API). It can effectively hide its presence by intercepting and modifying low-level API functions. Moreover it can hide the presence of particular processes, folders, files and registry keys. Some rootkits install its own drivers and services in the system (they also remain “invisible”).


Download TDSSKiller HERE and save it on your desktop
  • Double click to run then click on "Change Parameters"
  • Put a check on "Loaded Modules", you will then be asked to reboot for changes to take effect. do it.
  • TDSSKiller will automatically start upon reboot then go back to "Change Parameters" and select ALL other options by putting a check mark on it.
  • Now Click the Start Scan button to start the disinfection process.
  • If infections are found, you will be presented with 3 options, Cure, Skip, Delete. Always choose "Cure" for the option if available, if not, you have to decide whether to skip if you're sure it's a false positive or you can delete it.
  • A reboot will be required if a disinfection has been made.



Next, let's go a little step further for a more thorough disinfection of your system.

Download the latest Combofix from HERE and save it on your Desktop.

Detailed guide for using Combofix: Read This First!


MAKE SURE:
  • To Backup your REGISTRY
  • To Create a RESTORE POINT
  • Disable ALL Antivirus running in your system.
  • Close ALL Programs and windows.
  • Run Combofix and DO NOT MOUSE CLICK ANYWHERE WHEN IT'S RUNNING. 
  • Wait, wait and wait! Give it time. It can take from 10 minutes to an HOUR depending on the machine.

From here on, we might have gotten most if not all of the infections. But to be sure, let's run one more scanner and cleaner on your system.


Download HitmanPro from HERE and save it on your desktop
  • Double click on the file to run. click YES if UAC prompts you.
  • Click "Next" and choose "I want to perform a one time scan" if you don't want to install HitmanPro on your system.
Click Next to start the scan. Just follow and choose the necessary actions when prompted.


We're almost done! right now, you have a clean pc free of malware and rootkits but have quite a mess from all those reports and quarantined files made. So let's do some house cleaning.
  • Rename combofix.exe to uninstall.exe then double click on it. This will uninstall combofix and all files associated with it.
  • Delete the reports generated by tdsskiller on your desktop
  • Go to C:\ and delete the text files from roguekiller,combofix,tdss and other related folders.
  • Download Ccleaner from HERE and install. Run cleaner and start cleaning. 

That's it! you also might want to check out Malware Prevention and Protection Tips to prevent future infections. Good luck and Safe computing!



No comments:

Post a Comment