windows - How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC? - Super User


what should if windows computer seems infected virus or malware?

  • what symptoms of infection?
  • what should after noticing infection?
  • what can rid of it?

this question comes frequently, , suggested solutions same. community wiki attempt serve definitive, comprehensive answer possible.

feel free add contributions via edits.

here's thing: malware in recent years has become both sneakier , nastier:

sneakier, because travels in packs. subtle malware can hide behind more obvious infections. there lots of tools listed in answers here can find 99% of malware, there's 1% can't find yet. mostly, 1% stuff new: malware tools can't find because came out , using new exploit or technique hide tools don't know yet.

malware has short shelf-life. if you're infected, new 1% one part of infection. won't whole infection: part of it. security tools find , remove more obvious , well-known malware, , remove of visible symptoms (because can keep digging until far), can leave little pieces behind, keylogger or rootkit hiding behind new exploit security tool doesn't yet know how check. anti-malware tools still have place, i'll later.

nastier, in won't show ads, install toolbar, or use computer zombie anymore. modern malware go right banking or credit card information. people building stuff no longer script kiddies looking fame; organized professionals motivated profit, , if can't steal directly, they'll something can turn around , sell. might processing or network resources in computer, might social security number or encrypting files , holding them ransom.

put these 2 factors together, , it's no longer worthwhile attempt remove malware installed operating system. used @ removing stuff, point made significant part of living way, , no longer make attempt. i'm not saying can't done, saying cost/benefit , risk analysis results have changed: it's not worth anymore. there's @ stake, , it's easy results seem effective.

lots of people disagree me on this, challenge not weighing consequences of failure enough. are willing wager life savings, credit, identity, you're better @ crooks make millions doing every day? if try remove malware , keep running old system, that's exactly you're doing.

i know there people out there reading thinking, "hey, i've removed several infections various machines , nothing bad ever happened." suggest need add "yet" end of statement. might 99% effective, have wrong 1 time, , consequences of failure higher once were; cost of 1 failure can outweigh of other successes. might have machine out there still has ticking time bomb inside, waiting activated or collect right information before reporting back. if have 100% effective process now, stuff changes time. remember: have perfect every time; bad guys have lucky once.

in summary, it's unfortunate, if have confirmed malware infection, complete re-pave of computer should first place turn instead of last.

here's how accomplish that:

before you're infected, make sure have way re-install purchased software, including operating system, not depend on stored on internal hard disk. purpose, means hanging onto cd/dvds or product keys, operating system may require create recovery disks yourself. don't rely on recovery partition this. if wait until after infection ensure have need re-install, may find paying same software again. rise of ransomware, it's extremely important take regular backups of data (plus, know, regular non-malicious things hard drive failure).

when suspect have malware, other answers here. there lot of tools suggested. issue best way use them: rely on them detection. install , run tool, finds evidence of real infection (more "tracking cookies") stop scan: tool has done job , confirmed infection.1

at time of confirmed infection, take following steps:

  1. check credit , bank accounts. time find out infection, real damage may have been done. take steps necessary secure cards, bank account, , identity. change passwords @ web site accessed compromised computer. do not use compromised computer of this.
  2. take backup of data (even better if have one).
  3. re-install operating system using disks shipped computer, purchased separately, or recovery disk should have created when computer new. make sure re-install includes complete re-format of disk; system restore or system recovery operation not enough.
  4. re-install applications.
  5. make sure operating system , software patched , date.
  6. run complete anti-virus scan clean backup step two.
  7. restore backup.

if done properly, take between 2 , 6 real hours of time, spread out on 2 3 days (or longer) while wait things apps install, windows updates download, or large backup files transfer... it's better finding out later crooks drained bank account. unfortunately, should yourself, or have techy friend you. @ typical consulting rate of around $100/hr, can cheaper buy new machine pay shop this. if have friend you, nice show appreciation. geeks love helping set new things or fix broken hardware hate tedium of clean-up work. it's best if take own backup... friends aren't going know put files, or ones important you. you're in better position take backup are.

soon of may not enough, there malware capable of infecting firmware. replacing hard drive may not remove infection, , buying new computer option. thankfully, @ time i'm writing we're not point yet, it's on horizon , approaching fast.

if absolutely insist, beyond reason, want clean existing install rather start over, love of god make sure whatever method use involves 1 of following 2 procedures:

  • remove hard drive , connect guest disk in different (clean!) computer run scan.

or

  • boot cd/usb key own set of tools running own kernel. make sure image obtained , burned on clean computer. if necessary, have friend make disk you.

under no circumstances should try clean infected operating system using software running guest process of compromised operating system. that's plain dumb.

of course, best way fix infection avoid in first place, , there things can that:

  1. keep system patched. make sure promptly install windows updates, adobe updates, java updates, apple updates, etc. far more important anti-virus software, , part it's not hard, long keep current. of companies have informally settled on releasing new patches on same day each month, if keep current doesn't interrupt often.
  2. do not run administrator default. in recent versions of windows, simple leaving uac feature turned on.
  3. use firewall tool. these days default firewall in windows enough. may want supplement layer winpatrol helps stop malicious activity on front end. windows defender works in capacity extent well. basic ad-blocker browser plugins becoming increasingly useful @ level security tool.
  4. set browser plug-ins (especially flash , java) "ask activate".

  5. run current anti-virus software. distant fifth other options, traditional a/v software isn't effective anymore. it's important emphasize "current". have best antivirus software in world, if it's not date, may uninstall it.

    for reason, recommend microsoft security essentials. (since windows 8, microsoft security essentials part of windows defender.) there far better scanning engines out there, security essentials keep date, without ever risking expired registration. avg , avast work in way. can't recommend anti-virus software have pay for, because it's far common paid subscription lapses , end out-of-date definitions.

    it's worth noting here mac users need run antivirus software, too. days when away without long gone.

  6. avoid torrent sites, warez, pirated software, , pirated movies/videos. stuff injected malware person cracked or posted — not always, enough avoid whole mess. it's part of why cracker this: cut of profits.
  7. use head when browsing web. weakest link in security chain. if sounds true, is. obvious download button 1 want use more when downloading new software, make sure read , understand on web page before click link. also, prefer download software , updates/upgrades directly vendor or developer rather third party file hosting websites.

1 time point out have softened approach on last year. today, "infections" fall under category of pups (potentially unwanted programs) , browser extensions included other downloads. these pups/extensions can safely removed through traditional means. these large enough percentage of malware may stop @ point , try add/remove programs feature or normal browser option remove extension. however, @ first sign of deeper — hint software won't uninstall — , it's repaving machine.


Comments

Post a Comment

Popular posts from this blog

download - Firefox cannot save files (most of the time), how to solve? - Super User

this not full duplicate of this question or this question , though base question same. however, questions have no answers. for on half year have problems downloading files firefox. when click on download link, download dialog opened asking me do, save or open it. immediately, there error/warning pop-up (twice, can see 1 @ first) ok button. looks this message : "c:\users\%user%\appdata\local\temp\wbbdv9k8.zip.part not saved because source file not read. try again later or contact server administrator." replace '%user%' name of user trying download. after closing pop-up, download dialog disappears , have minimize firefox , open again, see other pop-up. downloading exact same file internet explorer work, not desired. i tried solutions here . tried solutions here . tried disabling extensions. tried fixing permissions on temp folder. tried making files , folder in profile directory non-readonly. tried running firefox administrator. tried
Read more

windows - "-2146893807 NTE_NOT_FOUND" when repair certificate store - Super User

i try repair certificate store in windows 10 doing c:\windows\system32>certutil -store -user ‎330000019dba8d5dddb98062a900000000019d "personal" certutil: -store command failed: 0x80090011 (-2146893807 nte_not_found) certutil: object not found. i have double check mmc, certificate details serial number of certificate. still fail repair certificate store. can please help? i getting same error when trying export pfx. turns out had export c:\cert.pfx instead of cert.pfx (it trying export file cert store ( cert:\localmachine\my ).
Read more

sql server - "Configuration file does not exist", Event ID 274 - Super User

sql server 2014 standard in server 2012 r2 i installed sql server 2014 in drive d: i following error: microsoft ssis service: registry setting specifying configuration file not exist. attempting load default config file. simply add c:\program files\microsoft sql server\1?0\dts\binn\msdtssrvr.ini.xml to default reg_sz value in: hkey_local_machine\software\microsoft\microsoft sql server\1?0\ssis\serviceconfigfile where ? replaced matching sql server version
Read more