If you think you have a Spyware/Malware Infection or a Virus

(Malware is a term that covers viruses, trojans, minor spyware and serious spyware infections.)
by ilago

• You are getting a lot of popups
• Your browser is being directed to a page you didn't pick and can't change
• You can't access a normal search engine like Google or Yahoo
• Your computer is running very slowly
• You have strange error messages that you don't understand
• You have icons in the system tray that you can't identify
• Your desktop has been changed or has a scary message
• You can't update your antivirus
• You can't get to any security related sites with your browser - eg symantec, McAfee or Windows Update

These procedures have been updated to reflect the more recent types of malware infections. Some of the programs used have changed to more effective applications.

These steps will remove some of the standard well-known spyware infections and may be enough to remove your problem.

• Clean up your computer first as explained Here to remove temporary files, temporary internet files, the files in your recycle bin and stored cookies. You might lose some saved passwords. If you've been using the Recycle bin to store files - remove the ones you want and save them in a safe place like My Documents. The Recycle bin is not an ordinary folder and can be corrupted by some spyware infections. This cleanup makes the scans you will need to do a lot quicker. Forcing the malware programs to scan every single piece of junk that has been accumulated makes scans take a long time and add a lot of “false positives” to the end results.
  

• Download Malwarebytes Anti-Malware:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button http://www.majorgeeks.com/Malwarebytes_Antimalware_d5756.html http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select “Perform Quick Scan”, then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * *Make sure that everything is checked, and click Remove Selected.* You must do this or the items won't be removed. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy and paste the entire report into a new topic in Techtalk to get some additional help with removal.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

SuperAntiSpyware is a also an option, although it is not always as effective as MBAM

* Download and install SUPERAntiSpyware Home Edition here: http://www.superantispyware.com/downloads/SUPERAntiSpyware.exe
Use the configuration and deep scan method to do a full system scan in Safe Mode. Save the log so you can post it in a thread if needed.

• Do an online virus scan. Some spyware infections damage or inactivate your own antivirus software so an online scan is a better way to check that you don't have a virus infection. Not all on line scans remove malware, but they do help with identification.
  

• Kaspersky On Line Scan
  
• Bit Defender Place a check on everything under “Scan Options”
  

Standalone Antivirus Products

This product does not need to be installed on your system. It runs as a standalone executable which is complete with current antivirus definitions. The .exe file can be deleted once the infection is cleaned up.

• DrWeb CureIt

Keep the log/results file for any on line scan or standalone scan you do so you can post it in the forum. They are helpful for working out what the problem may be when it's not immediately obvious. The log files can list confusing entries such as “grayware” or “not-a-virus” or “potentially unwanted”. Do not delete any of these files they may be necessary, or even essential files. The scan is simply advising you in these cases.

In many cases these procedures will remove known infections. But many infections need special tools or utilities that have special instructions for use.

Please Note:

HijackThis is no longer as useful as it once was. TrendMicro have updated it a little, but most recent variants of malware are easily able to evade the parts of the system than HijackThis scans. Further information on revised procedures will be posted shortly.

You may be asked to post a HijackThis log for further information. The details for using and posting HijackThis logs:

• Using and Posting HijackThis logs

*Unregistered users of the ABC forums are moderated and do not appear straight away. If you intend on posting it is advised you sign up to the ABC forums so your posts will appear immediately.