Five Steps to Manually Remove Malware and Spyware
This step-by-step guide to removing malicious Malware manually should only be attempted by people that are comfortable in working in the Windows registry and consider their computer skills as “advanced”.
The Windows registry is the central nervous system of the computer and serious damage can be caused by making changes in code. As such, use this guide at your own risk!
1. Give the Devil a Name
Your computer is running like an old dog and you’re getting bugged by annoying popup ads — or maybe you’re already dealing with the blue screen of death. Whatever the symptom is, you know that you’ve picked up some grade-A certified Malware along the way.
The first step in eliminating Malware is firstly knowing what you are dealing with. Trojans can carry with them multiple payloads, each of them being a potential Malware threat. Even if you know what the Malware threat is, and what files is associated with it, you may well be missing the hidden Spyware file or virus timebomb.
The best way to identify all the threats on your computer is to conduct an independent scan. Most Spyware distributors offer a free scan before purchasing the product, and since we are trying to remove the Malware on the cheap, we may as well take advantage of this.
1.1. Download a anti-Spyware program with an inbuilt free scan. Check the links at the bottom of this article for our recommendation for the best free scanners.
1.2. Conduct the ‘full’ scan from the program’s interface
1.3. Note the file names, types and locations associated with the Malware threat.
In particular, you are looking for four separate values realting to the threat:
- Files (e.g. [%SYSTEM%]CMPROP.DLL)
- Folders (e.g. [%SYSTEM%]volorume.Vdll)
- Registry Keys (e.g. HKEY_CLASSES_ROOTCLSID{500BCA15–57A7–4eaf-8143–8C619470B13D})
- Registry Values (e.g. HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun, BM7fefe868=Rundll32.exe “[%SYSTEM%]ljhjdqgd.dll”,s)
2. Stop Heathen! Halt Your Wicked Processes!
The next steps in removing Malware from your computer are conducted in the windows task manager.
2.4. Open the Windows task manager by right clicking the task bar and selecting “Task Manager” from the list. Alternatively, pressing Ctrl+Alt+Delete will open the Task Manager.
2.5. Switch the Task Manager to ‘Processes’
2.6. Locate the process that you want to terminate and click the ‘End Process’ button.
Be aware that this isn’t the place to be terminating processes willy-nilly. Ensure that the process that you want to terminate (ie. the Malware) is the only thing that you are terminating — if you are unsure, leave it! You can cause real damage to your PC in some cases.
3. I Cast Thee Out of This Place!
Now that you have stopped the Malware process, you can attempt to locate the file and delete it permanently from your system. Note that you will need to locate and delete all files associated with the Malware. If you leave any files associated with the Malware threat on your hard drive it can re-seed itself and you are left with a (still) infected PC.
3.1. Search for the file. Using a Windows Vista OS, search for the file using the Start > Search > Search Everywhere function.
3.2. Locate the file directory (ie. C:/Users/Your Name/Really_Nasty_Spyware) in Windows Explorer.
3.3. Unhide hidden files. Because Malware threats often hide themselves away in your system, you will need to make sure that no files are hidden. To ‘unhide’ folders using Vista,
- a. Open the Control Panel
- b. Click on the Folder Options link
- c. Click on the View tab
- d. Click on Show Hidden Folders
- e. Click the radio button titled Show hidden files and folders
- f. Remove the check mark next to Hide extensions for known file types and
- g. Remove the check mark next to Hide Protected operating system files
- h. Click Apply.
3.4 Delete the Files. You can use a DOS prompt if you like, but so long as you have unhidden all the files correctly, you should be able to delete the Malware files from within Windows Explorer. Ensure that you delete all files associated with the Malware threat (remember to use your scan reulsts from step 1).
4. Restore The Holiest of Holies
Many Malware programs install Registry Keys into the Windows Registry which change the way that your computer functions. Even if you have deleted the files associated with the Malware, if it has installed registry keys you can still find that the Malware persists on your computer.
It needs to be restated that Registry changes should only be attempted by confident computer users and no changes should be made without first backing up your registry.
4.1. Open the registry editor in XP by clicking Start > Run and typing “regedit” in the ‘Open’ field. Alternatively, in Vista, click Start and then Search Everywhere for “regedit”
4.2. Find the Malware registry keysin the Registry Editor by pressing Ctrl+F and entering the key.
4.3. Delete the Registry Key by right clicking the Registry Key and selecting Delete:
5. This Home Is Free From Evil
Following these instructions should see you free from most simple Malware threats, but often rootkits and trojans can hide files (even when you’ve ‘unhidden’ files in Windows Explorer) and set up sophisticated startup program scripts that relauch the threat even once the files have been deleted from your computer.
In these cases, there are some additional steps that you may need to take to make sure that your computer is free from the Malware threat. These steps are continued in the Help! I Still Have Malware — More How-To Steps to Manually Remove Stubborn Malware Threats article.
Cheers, and Safe Surfing!
Alice McDonald and team of BestAntivirusPro
