Please read through this entire removal guide before starting, to avoid any mistakes. Things can and do go wrong.
Proper Protection Prior to Infection avoids all this.
Symptoms of a infected computer
- When you start your computer, or when your computer has been idle for many minutes, your
- Internet browser opens to display Web site advertisements.
- When you use your browser to view Web sites, other instances of your browser open to display Web site advertisements.
- Your Web browser’s home page unexpectedly changes.
- Web pages are unexpectedly added to your Favorites folder.
- New toolbars are unexpectedly added to your Web browser.
- You cannot start a program.
- When you click a link in a program, the link does not work.
- Your Web browser suddenly closes or stops responding.
- It takes a much longer time to start or to resume your computer.
- Components of Windows or other programs no longer work.
- Emails being sent out that you did not send
- How Malware Spreads – How did I get infected
- What is Malware?
- What Is A Backdoor Trojan?
- Danger: Remote Access Trojans
- Rootkits: The Obscure Hacker Attack
- CryptoLocker Information Guide and FAQ
It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive. Disconnect the infected computer from the internet before transferring the files. This will cut the connection between it and the BotHerder@What is a Botnet?. When a computer is infected by Malware, it is being controlled by an actual person. The main goal by the Malware makers are to scam you out of money, steal your credit card information, spam/infect all your contacts, use your computer as a Bot and steal your email accounts. If you have been a victim of this, please contact your Bank ASAP about the possible fraud of your credit card, change your email passwords from a different computer and contact your Friends ASAP and advise them of what has happened so they can take the neccessary steps to protect their computer.
“Computers in a botnet, called nodes or zombies, are often ordinary computers sitting on desktops in homes and offices around the world. Typically, computers become nodes in a botnet when attackers illicitly install malware that secretly connects the computers to the botnet and they perform tasks such as sending spam, hosting or distributing malware or other illegal files, or attacking other computers. Attackers usually install bots by exploiting vulnerabilities in software or by using social engineering tactics to trick users into installing the malware. Users are often unaware that their computers are being used for malicious purposes.”
If your computer is infected by any kind of Rogue/Ransomware DO NO CLEANING until the Removal is complete. Doing so could remove important Windows files/folders that have been moved or hidden by the Malware and cause you to reinstall the operating system. Move to step 2
Two Steps that should be done before using ANY malware removal tool
No.1 Create a New Restore point
No.2 Back-up your registry with ERUNT
NOTE: At this time, The Infected computer should be DISCONNECTED from Internet. You can transfer the files via a CD/DVD, external drive, or USB flash drive from a CLEAN Computer
- Close all open internet browser windows
- Run ATF Cleaner by double clicking it.
- Once the program opens, click the box next to Select All
- Note: This will delete all cookies saved by sites that you have visited, so if you need to keep any cookies for automatic logins etc then uncheck the Cookies option
- Once that’s all set click on the Empty Selected button and it will remove the temporary files from your system.
- If you use Firefox or Opera browsers then click the appropriate button at the top of the program and delete the temp files from them as well following the same procedure.
Download Malwarebytes’ Anti-Malware, or MBAM, and save it to your Desktop:
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to the following:
- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware
- Then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform Quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- If it asks for a Restart DO SO, Very Important
- Malwarebytes’ Tutorial
Now please download SUPERAntiSpyware and save to Desktop
- Once downloaded, close all programs and Windows on your computer, including this one.
- Double-click the icon on your desktop named SUPERAntiSpyware.exe. This will start the installation. Keep following the prompts in order to continue with the installation process.
- Please select your language you want the program to use and then press the OK
- You will now be prompted to update the SUPERAntiSpyware definitions. Please press the Yes button to allow the program to download and install the latest updates
- After the definitions are updated, the welcome screen for SUPERAntiSpyware will appear.
- When you get to the screen asking if you would like to send the diagnostics, you can choose to allow it to or not. Either choice will have no affect on the effectiveness of its malware scan. When you get to the last screen, click on the Finish button.
- You will now be prompted if you would like SAS to protect your home page. If you select the Protect Home page option, SUPERAntiSpyware will alert you if another program is trying to change your browser’s home page. Click Yes
- Then you will be at the main screen for SUPERAntiSpyware. Click the Preferences button, then Scanning Control tab, and put a checkmark in the following options
- Close browsers before scanning.
- Scan for tracking cookies.
- Now press the Close button to go back to the main screen.
- Click on the Scan your Computer… button to begin the scanning process. You should select the Perform Complete Scan option and then press the Nextbutton to start scanning your computer.
- When the scan is finished a screen will appear showing the summary of what was detected. You should click on the OK button to close the summary screen box and continue with the removal process.
- You should now click on the Next button to remove all the listed malware. If it displays a message stating that it needs to reboot, please press the Yes button to allow it to do so. VERY IMPORTANT to DO
- Click the Repair Tab after the restart if any issues still remain and SAS will atempt to fix them.
Tutorials and Troubleshooting
- SUPERAntiSpyware Tutorial
- SUPERAntiSpyware Online Scanner
- SUPERAntiSpyware Portable
- SUPERAntiSpyware Forum
Alternative Scanners that can also be used
ESET Online Scanner as a clean-up scan to remove any leftover’s
- Note: You will need to use Internet Explorer for this scan.
- Click Start
- When asked, allow the ActiveX control to install
- Click Start again
- Make sure that the options Remove found threats and the option Scan unwanted applications is checked
- Click Scan and wait for the scan to finish
Download Ccleaner for a good clean-up, save to Desktop
- Close all open internet browser windows
- Double click on the ccsetup file to start the installation of the program.
- Select your language and click OK, then click Next.
- Read the license agreement and click I Agree.
- Click Next to use the default install location. Click Install then click Finish to complete installation.
- Double click the CCleaner shortcut on the desktop to start the program.
- On the Windows tab, under Internet Explorer, uncheck Cookies if you do not want them deleted. (If deleted, you will likely need to re-enter your passwords at all sites where a cookie is used to recognize you when you visit)
- If you use Firefox or any other Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.
- Click on the Options icon at the left side of the window, then click on Advanced. uncheck Only delete files in Windows Temp folders older than 24 hours.
- Click on the Cleaner icon on the left side of the window, then click Run Cleaner to run the program.
- Caution: In Windows XP it is not recommended that you use the Registryfeature unless you are very familiar with the registry as it has been known to find legitimate items for removal, which can cause issues with other programs. In Windows Vista and Win 7 these issues have been fixed.
- NOTE: Ccleaner during a Registry Clean-up will offer a Back-up of the Registry. Click Yes at the prompt. Default location of the Back-ups are in USER NAME/DOCUMENTS
- After CCleaner has completed its process, click Exit.
- NOTE:Only done when computer is in fact clean
- NOTE:System Restore is NOT to be used as a virus removal as many of todays Rogue’s/Malware infect System Restore when loaded onto a computer
- NOTE: Do NOT turn System Restore off prior to starting this removal process. If a mistake is made, System Restore may be the only way to fix what has been done without reinstalling the operating system
- Turn System Restore Off
- Restart Computer
- Turn System Restore On
- Create New Restore Point
See below for instructions on how to use System Restore.