Reddit Techsupport Wiki

Virus and Malware Detection and Removal

20pages on
this wiki

This guide assumes the infected system is running some flavor of Microsoft Windows (XP, Vista, 7). The steps/instructions below should be an effective approach to cleaning most modern spyware and malware. It may also be a convienent "shopping list" to download useful utilities and build an Incident Response USB Stick.

  1. DON'T FREAK OUT… You aren't the first person to ever get infected,.. and there are plenty of great scanners/utilities available on the Internet. Hopefully you have a USB stick or a 2nd computer handy to download necessary tools. Now lets get started….
  2. Determine the extent of damage/infection:
    • Can you open TASK MANAGER ? If you can successfully open TASK MANAGER, then click on the "Processes" tab and look for any processes with random/scrambled or suspicious looking names (Example: 33Z8JQPQ17WZOO_BAT.EXE ) … right-click and END TASK on these strange files and then watch to see if they come back. Hopefully they don't come back, which will gain you a few moments to run scanning tools (see below). If you're not comfortable END TASK'ing unknown processes,. then use a tool like sRKILL to help you. Some malware restarts itself,.. so a trick I use is to note the # of running processes listed in TASK MANAGER,.. and watch that number fluctuate as I run RKILL. You'll know RKILL has finished when it dumps out a txt/logfile. You may need to run RKILL multiple times to be effective. RKILL will stop/prevent unknown background processes from running,.. and that will gain you a foothold to run other more comprehensive scanning tools.
    • If you can't open TASK MANAGER (or it opens and closes almost instantly).. then that's a sign you're more deeply infected and we'll have to use other scanning tools (see below) to clean things up.
    • Another diagnostic technique I use is to try Google searching on words like "combofix" and "tdsskiller". If you click on the search results and are redirected to some weird/unknown website.. then this is another sign you're more deeply infected.
  3. Because many of todays most frequent infections are multi-exploit (meaning: they infect your system in multiple ways),.. the best strategy to clean them is also by using multiple scanning tools. I usually use a three-stage approach:

Other useful tips:

  • Some malware likes to add proxy settings to the browser. If you open Internet Explorer, click on the TOOLS menu, go down to "Internet Options" then > connections > LAN settings > make sure nothing is checked (assuming you're not using a corporate proxy)
  • If you've cleaned up your system and EXE files no longer work,.. fix them by running the "EXE File Association Fix".
  • If you are seeing adds/popups in Chrome, but not in other browsers, and you have run AV scans which find nothing, odds are the infection is in your Chrome User Profile. Follow these directions to rebuild the profile.

Around Wikia's network

Random Wiki