This post demonstrate the method for removing malware that have developed over the past couple of years. Malware includes virus, spyware, scareware, worm, root kit, or trojan infections.
First, boot the PC into Safe Mode. I always do this--no matter the type or severity of the infection. Booting into Safe Mode accomplishes two things. One, it disables services upon which the malicious software relies. Most of the pop-ups and the 'self defense mechanisms' associated with malware are crippled in Safe Mode. 'Self defense mechanisms' include blocking antivirus software from being installed, detecting the infection, or removing the infection. Two, booting into Safe Mode simply allows the scans to run much faster.
After you have booted into Safe Mode, run the portable version of You are not allowed to view links.
. This will remove a lot of junk and speed up scan times. Start up CCleaner, configure what you want removed by checking or un-checking the various boxes, and click Run Cleaner.
Next, click on the Registry tab and then click Scan for Issues. I have never run into any problems, but go ahead and back up the registry before fixing the issues that it will find. I usually back up the registry to the root of the C:\ drive or somewhere that the client won't find it and mistakenly reinstall it.
Next, install You are not allowed to view links.
. MalwareBytes is an excellent malware remover. After you have it installed, update it. If you have just downloaded the installer minutes before installing the software, update it anyway.
Next, return to the Scanner tab and run a Quick Scan. I have never found it necessary to do a Full Scan.
When the scan completes, close the text file that pops up and press the 'Remove Selected' button. Reboot, as instructed. Make sure to reboot into Safe Mode, again.
If you removed several hundred infections. It's a good idea to run the scan again after rebooting.
Next, run the portable version of You are not allowed to view links.
. Yes, it's a horrible name for software(or anything for that matter.) It sounds like something from a Japanese monster movie, but it's also an excellent malware removal tool.
Again, update first.
After updating is complete, click the Scan you Computer... button. Choose Perform Quick Scan and then click the Next Button.
SuperAntiSpyWare takes considerably longer to perform it's scan than MalwareBytes does. Be patient, remove the selected infections, and reboot as instructed. If the system is a x86 (i.e. a 32-bit system) reboot into Safe Mode. We have one more step to perform.
If it is a x64 system, you should be done. Boot the computer normally and check it out. Make sure that everything behaves as it should. Make sure that no proxies are set that shouldn't be set. Browse a few antivirus sites and Microsoft.com. If you can't browse these sites, start the process over from the beginning, the system is still infected. Also try scanning with whatever antivirus software your client already has installed. That is, assuming that it is up to date.
If you are working on a 32-bit system, run You are not allowed to view links.
from Bleeping Computer. Be forewarned, the developers of this software do not want you to run it with out their supervision. That being said, I have run ComboFix countless times and never had any problems. Again, be sure to read the disclaimer.
If ComboFix tells you that it needs an update, update it. If it tells you that the recovery console needs installing, install it. Otherwise, let it run. If ComboFix finds root kits, it may need to reboot the system. Don't do it yourself and don't worry about Safe Mode. Let the software do it's thing.
That should do it. Again, check the system out to see that it behaves as it should. Make sure that no proxies are set that shouldn't be set. (Internet Options>Connections Tab>LAN Settings Button>Proxy Server Section.) As above, browse Microsoft's site and a few big name anti-virus software companies' web sites.
If after performing the above process you find the system still infected, remove the hard drive from the system, slave to another clean system and run MalwareBytes and SuperAntiSpyWare on the infected drive. Also, scan the slaved drive with software like AVG or Microsoft Security Essentials.