windows - How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC? - Super User
what should if windows computer seems infected virus or malware?
- what symptoms of infection?
- what should after noticing infection?
- what can rid of it?
this question comes frequently, , suggested solutions same. community wiki attempt serve definitive, comprehensive answer possible.
feel free add contributions via edits.
here's thing: malware in recent years has become both sneakier , nastier:
sneakier, because travels in packs. subtle malware can hide behind more obvious infections. there lots of tools listed in answers here can find 99% of malware, there's 1% can't find yet. mostly, 1% stuff new: malware tools can't find because came out , using new exploit or technique hide tools don't know yet.
malware has short shelf-life. if you're infected, new 1% one part of infection. won't whole infection: part of it. security tools find , remove more obvious , well-known malware, , remove of visible symptoms (because can keep digging until far), can leave little pieces behind, keylogger or rootkit hiding behind new exploit security tool doesn't yet know how check. anti-malware tools still have place, i'll later.
nastier, in won't show ads, install toolbar, or use computer zombie anymore. modern malware go right banking or credit card information. people building stuff no longer script kiddies looking fame; organized professionals motivated profit, , if can't steal directly, they'll something can turn around , sell. might processing or network resources in computer, might social security number or encrypting files , holding them ransom.
put these 2 factors together, , it's no longer worthwhile attempt remove malware installed operating system. used @ removing stuff, point made significant part of living way, , no longer make attempt. i'm not saying can't done, saying cost/benefit , risk analysis results have changed: it's not worth anymore. there's @ stake, , it's easy results seem effective.
lots of people disagree me on this, challenge not weighing consequences of failure enough. are willing wager life savings, credit, identity, you're better @ crooks make millions doing every day? if try remove malware , keep running old system, that's exactly you're doing.
i know there people out there reading thinking, "hey, i've removed several infections various machines , nothing bad ever happened." suggest need add "yet" end of statement. might 99% effective, have wrong 1 time, , consequences of failure higher once were; cost of 1 failure can outweigh of other successes. might have machine out there still has ticking time bomb inside, waiting activated or collect right information before reporting back. if have 100% effective process now, stuff changes time. remember: have perfect every time; bad guys have lucky once.
in summary, it's unfortunate, if have confirmed malware infection, complete re-pave of computer should first place turn instead of last.
here's how accomplish that:
before you're infected, make sure have way re-install purchased software, including operating system, not depend on stored on internal hard disk. purpose, means hanging onto cd/dvds or product keys, operating system may require create recovery disks yourself. don't rely on recovery partition this. if wait until after infection ensure have need re-install, may find paying same software again. rise of ransomware, it's extremely important take regular backups of data (plus, know, regular non-malicious things hard drive failure).
when suspect have malware, other answers here. there lot of tools suggested. issue best way use them: rely on them detection. install , run tool, finds evidence of real infection (more "tracking cookies") stop scan: tool has done job , confirmed infection.1
at time of confirmed infection, take following steps:
- check credit , bank accounts. time find out infection, real damage may have been done. take steps necessary secure cards, bank account, , identity. change passwords @ web site accessed compromised computer. do not use compromised computer of this.
- take backup of data (even better if have one).
- re-install operating system using disks shipped computer, purchased separately, or recovery disk should have created when computer new. make sure re-install includes complete re-format of disk; system restore or system recovery operation not enough.
- re-install applications.
- make sure operating system , software patched , date.
- run complete anti-virus scan clean backup step two.
- restore backup.
if done properly, take between 2 , 6 real hours of time, spread out on 2 3 days (or longer) while wait things apps install, windows updates download, or large backup files transfer... it's better finding out later crooks drained bank account. unfortunately, should yourself, or have techy friend you. @ typical consulting rate of around $100/hr, can cheaper buy new machine pay shop this. if have friend you, nice show appreciation. geeks love helping set new things or fix broken hardware hate tedium of clean-up work. it's best if take own backup... friends aren't going know put files, or ones important you. you're in better position take backup are.
soon of may not enough, there malware capable of infecting firmware. replacing hard drive may not remove infection, , buying new computer option. thankfully, @ time i'm writing we're not point yet, it's on horizon , approaching fast.
if absolutely insist, beyond reason, want clean existing install rather start over, love of god make sure whatever method use involves 1 of following 2 procedures:
- remove hard drive , connect guest disk in different (clean!) computer run scan.
or
- boot cd/usb key own set of tools running own kernel. make sure image obtained , burned on clean computer. if necessary, have friend make disk you.
under no circumstances should try clean infected operating system using software running guest process of compromised operating system. that's plain dumb.
of course, best way fix infection avoid in first place, , there things can that:
- keep system patched. make sure promptly install windows updates, adobe updates, java updates, apple updates, etc. far more important anti-virus software, , part it's not hard, long keep current. of companies have informally settled on releasing new patches on same day each month, if keep current doesn't interrupt often.
- do not run administrator default. in recent versions of windows, simple leaving uac feature turned on.
- use firewall tool. these days default firewall in windows enough. may want supplement layer winpatrol helps stop malicious activity on front end. windows defender works in capacity extent well. basic ad-blocker browser plugins becoming increasingly useful @ level security tool.
- set browser plug-ins (especially flash , java) "ask activate".
run current anti-virus software. distant fifth other options, traditional a/v software isn't effective anymore. it's important emphasize "current". have best antivirus software in world, if it's not date, may uninstall it.
for reason, recommend microsoft security essentials. (since windows 8, microsoft security essentials part of windows defender.) there far better scanning engines out there, security essentials keep date, without ever risking expired registration. avg , avast work in way. can't recommend anti-virus software have pay for, because it's far common paid subscription lapses , end out-of-date definitions.
it's worth noting here mac users need run antivirus software, too. days when away without long gone.
- avoid torrent sites, warez, pirated software, , pirated movies/videos. stuff injected malware person cracked or posted — not always, enough avoid whole mess. it's part of why cracker this: cut of profits.
- use head when browsing web. weakest link in security chain. if sounds true, is. obvious download button 1 want use more when downloading new software, make sure read , understand on web page before click link. also, prefer download software , updates/upgrades directly vendor or developer rather third party file hosting websites.
1 time point out have softened approach on last year. today, "infections" fall under category of pups (potentially unwanted programs) , browser extensions included other downloads. these pups/extensions can safely removed through traditional means. these large enough percentage of malware may stop @ point , try add/remove programs feature or normal browser option remove extension. however, @ first sign of deeper — hint software won't uninstall — , it's repaving machine.
Comments
Post a Comment