UPDATED 3-Step Virus/Spyware/Malware Removal Instructions

Status
Not open for further replies.

Julio Franco

Posts: 9,090   +2,042
Staff member
Very Important: Malware infections can possibly lead to identity theft, stolen bank funds, misuse of credit card information etc. Therefore we strongly encourage you to read this thread before deciding what course of action to take regarding your infection.

If after reading the above you wish to clean your system, please follow the steps below and create new topic HERE.

NOTE: This thread is a work in progress. As malware evolves, so must the programs that find the bad entries and remove them. Thanks to all the members who have kept this progress going.

  • These steps are NOT meant to be a one-stop-fix-all.
  • If your computer cannot stay running, as in it either cannot boot, or, it is automatically restarting after a certain amount of time, then just start a new thread and ask for help.
  • The threads are used to help you produce some logs, so we can see if your system needs further attention and cleaning.
  • Please make sure you complete ALL steps in this thread, in the order that they are listed BEFORE you post the requested log files.
  • Make sure, you PASTE all logs. If some log exceeds the 50,000 character post limit, split it into a couple of replies.
  • Please run all scans in Normal Mode unless instructed otherwise. If you are not able to access Normal mode, please let us know.
  • Do not perform a System Restore while we are cleaning, as this can reinfect the system.
  • Please stay with your thread. We usually mark your thread inactive after 5 days, to help maintain the list of active topics.
  • If you have any problems following any of the instructions, please ask for assistance in the thread you start.
  • Do NOT PM malware helpers asking for help.
  • We don't provide 911 services. We're just volunteers providing free help in our free time so please be patient.
-
Step 1: Antivirus scanning

If you have a functioning, updated antivirus program, please leave it enabled pm the system for now. Do NOT add any of the free AV programs below.

If you're NOT running any antivirus, you should install one now. If you install a new antivirus, be sure to update it. - Neither a scan nor log are requested at this time.

Recommended Free Antivirus for temporary means:
-

Step 2: Farbar Recovery Scan Tool (FRST)
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both and try to run them. Only one will run on your system. That will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt).


STEP 3: Log Handling Instructions
Start new topic in our Malware Removal forum and provide following logs:

  • FRST.txt
  • Addition.txt

Make sure all logs are pasted not attached. Attached logs won't be reviewed.
Please do not put logs in a quote box or code box.


If any further steps are recommended, it will be done so in your thread.

DO NOT make any other changes to your computer (like installing programs,using other cleaning tools, etc.), until it's officially declared clean!!!
 
Instructions have been shortened and updated for future convenience towards users as well as helpers.
Credits to originator, Blind Dragon, and a few others, namely - kimsland, xxdanielxx, CCT, and Bobbye for their input.
 
Changelog:

July 2010
* New changes, mostly on the order and clearness of the guide's wording.

April 2010
* New rules/steps - brought completely up to date.
* Special thanks to Bobbye and Broni for the continued support on the forums and for the instructions.

* Many, many changes before writing this.
* Step 6, contributed by Blind Dragon. Updated AVG AS for SuperAntiSpyware OR Malwarebytes' Anti-Malware.
* Most installers available straight from TechSpot Downloads section.
* Added disclaimer/special rules for the malware board.

October 2010
* Step 4, deleted statement that GMER does not run on W7, 64 bit.

November 2010
* Step 4. Completely revised Step 4 (per Broni) but added "Show all" warning (per Bobbye).
* Step 1. Added line ref running scans in normal mode before Step 1 (per Bobbye).

March 2011
* Replaced Extended Guidelines section with edited material from Broni's post. (per Bobbye's request)

May 2011
* Deleted Step 2. (per Broni's request) Renumbered steps and changed thread title from 8-Step to 7-Step to reflect changes.

June 2011
*Revised Step 1. (per Bobbye's request)
*Added an instruction near top. (per Broni's request)

July 2011
*Added an instruction in Step 5, "Do not put logs in a quote box or code box." (per Bobbye's request)

August 2011
*Deleted last section about updating. (per Broni's request) Changed thread title from 7-Step to 6-Step.

September 2011
Replaced certain text with: "Neither a scan nor log are requested at this time." Revised some related wording. (per Bobbye's request)

October 2011
Changed Step 6 to "Note." (per Broni's request)

November 2011
Updated links in Step 3. (per Broni's request)
Revised Gmer instructions. (issue raised by Bobbye and per Broni's request)

January 2012
Revised recommended free anti-virus programs in step 1. (per Broni's request)
Added note to end of Step 3. (per Broni's request)
Changed url in Malwarebytes link. (per Bobbye's request)

August 2012
Overall clean-up, no changes to the content, only cosmetic.

November 2012
GMER step removed.
Redundancy cleaned up, as well as grammar and spelling.
Post style clean up.

April 2014
MBAM new instructions updated.

March 8th 2015
DDS and MBAM replaced with FRST.

April 2015
Spelling, minor punctuation corrections.

December 2019
Clean up.
 
Status
Not open for further replies.
Back