H3XED

How to Safely Clean Malware, Spyware and Viruses from an Infected PC

Feb 6, 2015   Windows   Nick Vogt   Comments
Please note that this post is over a year old and may contain outdated information.
This method of cleaning a computer requires that you have access to another computer as well as a clean USB drive. This method is more effective than just running a spyware scanner with Windows booted normally, but may take a little longer.


Step 1


If you haven't yet, shut down the infected PC. If the malware or viruses are preventing Windows from shutting down, you should long-hold the power button until the PC shuts down. If all else fails, cut the power, though that should be a last resort as it could cause data loss, especially on older hard drives.


Step 2


On a safe PC, visit www.malwarebytes.org by typing that URL into your address bar (or copying and pasting it). Do not visit Malwarebytes from a search engine result, even if you're on a safe PC. Low-level malware often targets search results and points them to fake or malicious pages. Malwarebytes is a common target because it is so popular.

Malwarebytes

Once on Malwarebytes' website, click on "Free Version Download".

Malwarebytes

It should start downloading an exe file with the file name "mbam-setup" and the version number.


Step 3


Once the Malwarebytes installer exe is downloaded, open it up and confirm the Security Warning if you are presented with one (click Run).

Malwarebytes

Go through all the normal installation steps (language select, agreement, location, etc) but uncheck any boxes that want to install other software or start any trials.

Malwarebytes


Step 4


Start Malwarebytes on the safe PC if it hasn't already. It will automatically update its database. You need to have an Internet connection on the safe PC. Once it is done updating, you can exit it.


Step 5


You now need to grab the updated data files, as this is what you will manually copy over to the infected PC. Find the folder named "Malwarebytes" in your "ProgramData" or "Application Data" folder:

For Windows Vista & 7:
C:\ProgramData
For Windows XP:
C:\Documents and Settings\All Users\Application Data
Note: Your Windows may be installed on a different drive letter.

Copy the "Malwarebytes" folder to your USB drive. The easiest way to copy is to right-click on the folder, click copy, and then right-click while in the USB drive on an empty space and click paste. Then delete the contents of the "Logs" and "Quarantine" folders that are inside the "Malwarebytes Anti-Malware" folder on the USB drive.

Also copy the Malwarebytes installation exe (mbam-setup) to the USB drive.


Step 6


Go back to the infected PC and boot it into Safe Mode. To do this, hold down F8 shortly after hitting the power button. Once you're presented with a screen with the option to start in Safe Mode, select that option using the arrow keys and hit enter.

Safe Mode Screen Windows

Do not choose "Safe Mode With Networking". That will boot several unnecessary Internet-related services and drivers.

Let your computer fully start in Safe Mode. You may see a bunch of text scrolling over the screen and it may take longer than usual. This is normal.

Once at the desktop the resolution may be changed. Go ahead and close any prompts or help windows that come up.


Step 7


Insert the USB drive into the infected PC (while it's in Safe Mode) and double-click the mbam-setup exe to install Malwarebytes. Go through the installation procedure. At the end of the installer, be sure to uncheck the box that says to start Malwarebytes when done. We don't want it to start up yet as we still have to manually update the data.


Step 8


While still on the infected PC, find the location of the "Malwarebytes" data folder and delete it. Here is the location again if you need it:

For Windows Vista & 7:
C:\ProgramData
For Windows XP:
C:\Documents and Settings\All Users\Application Data
Now copy the "Malwarebytes" folder from your USB drive to where the one you just deleted used to be. You now have the updated rules definitions for Malwarebytes to use.


Step 9


Start Malwarebytes using the desktop or start menu icon (still on the infected PC in Safe Mode). Click "Scan Now".

Malwarebytes

This scan may take several minutes to an hour depending on the performance of the PC and how full the hard drive is.

Malwarebytes


Step 10


When the scan is finished, you will see a summary of the infected files contained. There will probably be quite a few. Go ahead and select the option to remove or quarantine them all. Malwarebytes may prompt you to restart after completing. Go ahead and do so. If not, restart the computer normally and let it boot normally.


Done


The PC should be clean at this point and ready to go. I recommend running Malwarebytes again when booted normally, to see if anything managed to evade it before. It is a good idea to run Malwarebytes on a regular basis and keep it updated. Perhaps every week or if you notice any strange behavior.
Share This Post
Twitter

Comments (0)

Share This Post
Twitter
H3XED © Nick Vogt   RSS   Policies   Twitter