Removing Malware and Spyware
“My computer is running slow.” - I hear this all the time. Chances are, said computer is infected with some sort of virus/toolbar/Spyware/Malware. Congratulations, you probably did it to yourself. Some of these pests people freely download. Shop at home toolbar? ✔ AOL any toolbar? ✔ Any desktop weather tool? ✔ Daily Bible Verse/Horoscope/Stock tip? ✔ Coupon printer? ✔
These are all toolbars that slow down your Internet use and/or your computer overall.
Did you download an anti-virus tool from a popup ad? Bingo! How about a speed check or PC health checkup? Bingo again.
It is time to clean all of that stuff off. Now for a secret. This is what I do when I clean/tweek someone's computer at $50 an hour.
Click on any image to see a larger version.
What does an Infected Computer Look Like?
It has very normal looking names and may in fact sound like a good thing to have, like “Speed up your computer.” The only thing is, it doesn't. These are images from a computer I cleaned recently.
This leads to the question I am always asked, “How did it get there?” Easy, you downloaded it.
When I first started computer work, there was the Kournikova computer virus. I had, and probably have someplace, an article about the Kournikova virus entitled, Everything I need to know about computer safety I learned from a naked tennis star. The Kournikova virus spread to hundreds of thousands of computers because people, almost entirely at work (it was spread through Outlook), clicked on an email promising naked pictures of Anna Kournikova.
The lesson was pretty simple. Should you be looking at porn at work? Why did you click on the attachment?
Did your aunt take a sudden interest in porn and forget how to spell? Why did you click on the attachment?
Do you normally get emails from Michael Jordan? Why did you click on the attachment?
In May, 2014 I attended a computer security conference. One of the main topics was dealing with malware. How did malware get on your computer? You clicked on it.
So the modern list:
- Did you install an anti-virus product? Then why are you clicking on a pop up ad?
- Where you looking for help speeding up your computer? Then why are you clicking on a pop up ad?
- Did you change your search engine? Do you want to change your search engine? When you do an Internet search, are you getting the result you want the first time?
You will need a few tools. Computer tools, no trip to The Home Depot here. Get yourself a USB drive. Now with a different computer, not the infected one we are going to download some tools. Copy all of these to your USB drive.
|WinPatrolToGo||http://www.winpatrol.com/download.html||Go to the downloads page. Make sure to get the to go version.|
|Revo Uninstaller||http://www.revouninstaller.com/revo_uninstaller_free_download.html||Make sure to get the free version|
|AdwCleaner||http://www.bleepingcomputer.com/download/adwcleaner/dl/125/||Wait a second for the download to start.|
|SmiteFraudFix||http://siri.geekstogo.com/SmitfraudFix.php||More advanced. Some of the documentation is in French. Live with it.|
It is going to be best if you copy all of these tools to the desktop on the infected computer. Then start WinPatrolToGo. It is an .exe and does not need to install. Your startup screen should look like this:
Look at your startup programs. This is a clean example. Look for things that start toolbars. If you see something that should not be on this list, make a note of it, but do not Remove it right now. Next look at the Active Tasks. Once again, right now we are looking for information. After you have written down the information on an active task and determined it should not be running, you can kill it. NOTE: Some viruses cannot be stopped with this tool.
This is the same screen from an infected computer. Unfortunetly WinPatrolToGo does not highlight the bad stuff as I have in this image.
You want the path information on the info page. “C:\program files\vmware\wmaretools\vmtoolsd.exe” in this case. VMWare tools is not a virus.
Now look at the IE Helpers. Kill off ones for tool bars. Especially AVG or other Anti-virus tool bars.
Cleaning with Revo Uninstaller
The Revo Uninstaller is one of my favorite tools. It is the first thing I install on a new computer to remove the junk that comes “free” out of the box. It works better than the Microsoft provided Add/Remove programs tool that is part of Windows. Install and start Revo Uninstaller.
This is the main Revo screen for the same computer as the WinPatrol screen above. See the highlighted programs? Those are our targets. For each program, click on the program in the list and click on remove. You want the moderate level of removal. Just follow the next buttons. The first step is running the program's uninstaller. What a surprise! the built in uninstaller doesn't do much to really uninstall the software.
The next step cleans the registry1). The final step removes the no longer needed files. Unfortuneteley, you need to run each program individually.
Should I remove it?
If you don't know what a program on the Revo list is, right click on it. It will open a search for that program. Hewlett-Packard printers install a bunch of things you don't need, but they need to stay. Never heard of Bonjour Service? No problem it is a part of Apple. If you have iTunes, QuickTime, or an iPhone, you need Bonjour. Some things to look out for are Torrent clients, After you have removed the offending programs, restart your computer and then restart Revo.
The next tool to run is ADWCleaner. Bleeping Computer is a great website on malware and what all is running on your computer. I trust them. ADWCleaner constantly updates. It is ok to download the update. The publisher is in France and some of the instructions are not in English. You should be ok. ADWCleaner will require a reboot when it is finished.
The final tool on this list is Smitefraud fix. This will correct damage done to your computer by malware. It must be run in safe mode2) so it is best to copy it to the root of the C:\ drive and then boot into safe mode and run it.
f8key and then choose safe mode