Quantcast

How To Remove Malware and Thwart Its Dirtiest Tricks

By Sam Cook

Learn how to undo the damage cause by fake anti-virus scanners.

It’s every Windows user’s worst nightmare. You boot up your machine to play some games do some work, but instead of seeing your usual desktop, you get a hideous pop-up claiming that viruses and hardware errors are destroying your computer. The warning is completely bogus, of course, generated by malware that’s trying to scare a credit card number out of you. But the phony program is right about one thing: your system has been infected, and now you have to deal with it. There are lots of genuine malware removers available for free that can help, but even with such noble code on your side it can be tricky to completely undo the damage—modern malware digs into a system like a tick, employing devious tactics to prevent its own removal.

Here’s how to deal with some of the most common infections.

First, a few caveats. Many malware infections can be cleaned out with legit scanning software (Malwarebytes is our current favorite), but unless you format your hard drive and install a fresh copy of Windows, there are no guarantees that the system is completely clean. If you’re comfortable using a computer that’s only been disinfected, check it again a few days later, making sure to update your malware scanner first.

Stop the Spread

It’s a good idea to disconnect your machine’s network connection as soon as you recognize an infection—this ensures that the bad stuff doesn’t spread across your home network, and that it’s not downloading anything worse while you’re trying to remove it. Download your malware scanner and its manual updates onto another computer, then use a USB key to transfer them to the infected machine. (Make sure to format that key before you reuse it aftwareward, too.)

Get Around a Complete Takeover

Malware often locks you out of your own system, not wanting you to do anything put put in a credit card number. So how do you even install the scanning software, much less run it? In some cases malware only does its dirty work on the account that gets infected, so simply logging out and logging in under a different user name will often get you back to the desktop.

If that doesn’t work, restart the machine into Safe Mode by hitting F8 while it’s booting. From Safe Mode, you should be able to install a malware scanner, run it, and remove enough of the infection to break the lock-out. Once you can get back into your account with a normal boot, repeat the scan and clean process. When that’s coming up clean, reconnect to the Internet and scan once again (some baddies like to hide when the connection is off).

Restore .EXE Associations

That malware doesn’t want you installing anything that could disable it, so it might go so far as to corrupt your .EXE file association—making your system act like it’s never seen an executable before. And often this trick is no simple settings change, either; it’s the result of an altered registry key. Fortunately, you can restore file associations with a little help from some handy .reg files, whether you’re using Windows XP or Windows 7. Grab the ones for .EXE and keep them on hand.

Bring Back the Web

Even once you’ve banished malicious software from your machine, you may find that your web browser seems to think you have no connection. If the malware took the amateur route, it may have simply switched on your browser’s proxy server setting, but left the address blank—you can fix that easily enough by unchecking the option (Every browser organizes its settings a little differently, you may have to hunt around a bit). Be wary if the proxy server address is set to an external IP you don’t recognize, however, since that could indicate that the malware was trying to capture your passwords.

If the browser proxy settings are right and you still can’t load web pages, the malware has likely done some deeper connection corruption. There are a couple of commands that can help you though, both of which are run from a command window.

netsh int ip reset resetlog.txt

This command will reset the Windows TCP/IP settings that the malware messed with. You’ll need to restart after using it. Note that this is a complete reset to the default settings, so any special changes you made could get wiped out as well. If your browser still isn’t working, you can also try:

netsh winsock reset

Another system reset will be in order afterwards, and when the system is back up make sure to restore the connection with:

ipconfig /release

and

ipconfig /renew

Final Thoughts

Malware is constantly evolving new ways to be incredibly annoying, but now you’ve got some basic tools to deal with some common issues. Have any other tips for dealing with malware? Let us know in the comments below!

Promo photo via Flickr user JD Hancock