How to remove malware from your computer
How to remove malware from your computer - Guide
If we make an analogy between a computer and a human, then we can say that computer malware is what is a disease for a human. Just as, unfortunately, many diseases can attack the human body, so there is much malware that can attack your computer. Therefore, in the category of "malware", we include all software or files that were created to cause damage.
The most common types of malware
The most common types of malware we encounter are computer viruses, trojans, worms, spyware, hijackers, and some types of adware.
Ransomware - It is software that locks files on your computer and asks for a ransom to unlock them. The ransom is usually paid in Bitcoin cryptocurrency.
Adware - Software that creates pop-ups or displays advertisements. Not every adware is malware, as there is a legitimate use of this software.
Fake Technical Support Scams - Software that displays false notifications that something is wrong with your computer, allegedly from Microsoft or another legitimate company. These fake notifications also include a fake technical support phone number that will try to sell you unnecessary software and/or service.
Backdoor - Software that allows a user to perform commands and tasks on your computer from a remote location without your permission. They are used to launch attacks on other computers, to distribute protected software and media, and to hack other computers.
Dialer - Software that calls "expensive" phone numbers, such as hotlines, and creates large phone bills for you.
Hijackers - software that takes control of certain Internet functions such as redirecting a user's homepage to an attacker's homepage, redirecting queries to unwanted browsers, and replacing popular search engine search results with results created by an attacker.
Spyware - Software that monitors your activities or information on your computer and sends them to a remote location without your knowledge.
Trojan - Software that is designed to look benign and that performs malicious activities or provides backdoor access to your system.
Virus - Software that, when launched, can replicate itself by infecting other software and files on your computer. The virus can wipe your hard drive, show you annoying messages, and it can do nothing but multiply. They are usually localized on a specific computer and cannot spread independently to other computers. The virus is sometimes misused as a synonym for Trojans and worms.
Worm - Software that, when launched, can spread to other computers. It does this either by using the technique of sending mass emails to addresses it finds on a computer or by infecting computers on a remote location over the Internet using known security vulnerabilities.
How malware infects your computer
Like any software, malware requires a startup to do what it was made for. The most common infection occurs by changing the Windows Registry so that the malware starts automatically at boot time. There are many ways to run the software in Windows so that it is not easy for the average user to find it manually.
Fortunately, there is software that helps us see the various software that starts automatically when you start Windows. You can use, for example, free and detailed Autoruns software. When you run it, it will list all the software that starts automatically when you start Windows. Most of this software is secure and you don’t have to do anything unless you’re sure they don’t need to run at Startup.
When you start Autoruns or similar software, study the software that starts automatically before you take action.
Use Antivirus and Antimalware software to remove malware and protect against infection
When using AV software, be sure to check that it is properly updated or that it uses the latest definitions. If you do not have AV software installed, both free and commercial solutions are available.
We also recommend that you install and scan your computer with a high-quality antimalware solution. Antimalware software often updates its definitions earlier than AV software.
Two great tools to remove malware
- SymDiag (Symantec)
- Malwarebytes
Also read our instructions on how to scan your computer using SymDiag and Malwarebytes tools and remove the malware.
If after applying these solutions you still think that your computer is infected, you need to manually remove malware.
How to manually remove malware
If you find malware and want to remove it, follow these steps:
- Download and unzip the Autoruns software to the C: \ Autoruns folder
- Start the computer from the Safe Mode option to avoid the malware starting while you are performing the removal procedure. Many malware monitors registry entries (registry keys) that allow them to be run, and if you notice that registry keys have been removed, they will automatically replace them. Starting your computer from the Safe Mode option will in most cases prevent the malware from starting. Download and unzip the Autoruns software to the C: \ Autoruns folder
- Go to the C: \ Autoruns folder you created in the first step and run the autoruns.exe file.
- When the program starts, click on Options and enable the following options by clicking on them (checked boxes will appear next to each of these options):
- Include empty locations.
- Verify Code Signatures.
- Hide Signed Microsoft Entries.
- Press F5 to refresh the startup list after these new settings.
- Autoruns shows information about startup entries in 8 different tabs. In most cases, you'll find the file you're looking for in the Logon or Services tabs, but check the other tabs to make sure the malware isn't loading elsewhere. Click on each tab and look for the file you want to remove. The file name is in the Image path column. You may find more than one entry associated with the same file as it is common for malware to make multiple startup entries. It is important to note that many malware is disguised using the same names as legitimate Microsoft files. Therefore, it is important to know exactly which file you want to remove and in which folder it is located.
- When you find an entry that is related to malware, you need to delete it so that it does not start the next time you start your computer (right click and delete and that startup entry will be removed from the Registry).
- In this step, you need to delete the file via My Computer or Windows Explorer. If you do not see the file, it may be hidden. For more information, read "How to see hidden files" (for Windows 7, Windows 8, and Windows 10).
- Once you have removed the malware entries from the Registry and deleted the malware files, you can normally start the computer that is now free of malware.
How to protect against malware
To prevent a similar scenario in the future, you need to take appropriate measures when using your computer. You need to use the latest versions of AV and antimalware software (eg some software that removes spyware) and keep them running, you need to use the latest version of the OS, you need to use a firewall and open only those attachments and pop-ups. up windows that you know are safe.
There is advanced persistent malware that is much more difficult to remove and to which the procedure in this text cannot be applied. However, for most malware, the procedure described is effective.