How to remove a Trojan, Virus, Worm, or other Malware

Table of Contents

1. 
   Diallers,
   Trojans, Viruses, Worms Oh My!
   
2. 
   How
   these infections start
   
3. Use
   an anti-virus and anti-malware program to remove the
   infections
   
4. 
   How
   to remove these infections manually
   
5. 
   How
   to protect yourself in the future
   
6. 
   [You must be registered and logged in to see this link.]
   

Dialers, Trojans, Viruses, and
Worms
Oh My!
If you use a computer, read the newspaper, or watch the news,
you will know about computer viruses or other malware. These are
those
malicious programs that once they infect your machine will start
causing
havoc on your
computer. What many people do not know
is that there are many different types of infections that are
categorized
in the general category of Malware.

Malware - Malware is programming or files that are
developed
for the purpose of doing harm. Thus, malware includes computer
viruses, worms,
Trojan horses, spyware, hijackers, and certain type of adware.

This article will focus on those malware that are considered
viruses, trojans, worms, and viruses, though this information can be
used
to remove the other types of malware as well. We will not go into
specific
details about any one particular infection, but
rather
provide
a
broad overview
of
how these infections can be removed. For the most part these
instructions
should allow you to remove a good deal of infections, but there are
some
that need special steps to be removed and these won't be covered
under this
tutorial.
Before we continue it is important to understand
the generic malware terms that you will be reading about.

Adware - A program that generates pop-ups on your
computer
or displays advertisements. It is important to note that not all
adware programs
are necessarily considered malware. There are many legitimate
programs that
are given for free that display ads in their programs in order to
generate
revenue. As long as this information is provided up front then they
are generally
not considered malware.
Backdoor - A program that allows a remote user to
execute
commands and tasks on your computer without your permission. These
types of
programs are typically used to launch attacks on other computers,
distribute
copyrighted software or media, or hack other computers.
Dialler - A program that typically dials a premium
rate
number that has per minute charges over and above the typical call
charge.
These calls are with the intent of gaining access to pornographic
material.
Hijackers - A program that attempts to hijack
certain Internet
functions like redirecting your start page to the hijacker's own
start page,
redirecting search queries to a undesired search engine, or replace
search
results from popular search engines with their own information.
Spyware - A program that monitors your activity or
information
on your computer and sends that information to a remote computer
without your
knowledge.
Trojan - A program that has been designed to
appear innocent
but has been intentionally designed to cause some malicious activity
or to
provide a backdoor to your system.
Virus - A program that when run, has the ability
to self-replicate
by infecting other programs and files on your computer. These
programs can
have many effects ranging from wiping your hard drive, displaying a
joke in
a small box, or doing nothing at all except to replicate itself.
These types
of infections tend to be localized to your computer and not have the
ability
to spread to another computer on their own. The word virus has
incorrectly
become a general term that encompasses trojans, worms, and viruses.
Worm - A program that when run, has the ability to
spread
to other computers on its own using either mass-mailing techniques
to email
addresses found on your computer or by using the Internet to infect a
remote
computer using known security holes.

How these infections start
Just like any program, in order for the program to work, it
must be started. Malware programs are no different in this respect
and must
be started in some fashion in order to do what they were designed to
do.
For the most part these infections run by creating a configuration
entry
in the Windows

Registry in order to make these programs start when your
computer
starts.
Unfortunately, though, in the Windows operating system there
are many different ways to make a program start which can make it
difficult
for the average computer user to find manually. Luckily for us,
though, there
are programs that allow us to cut through this confusion and
see
the
various
programs that are automatically starting when windows boots. The
program
we recommend for this, because its free and detailed, is [You must be registered and logged in to see this link.] from
Sysinternals.

When you run this program it will list all the various programs that
start
when your computer is booted into Windows. For the most part, the
majority
of these programs are safe and should be left alone
unless
you know
what you are doing or know you do not need them to run at startup.
At this point, you should download [You must be registered and logged in to see this link.] and
try it out. Just run the Autoruns.exe and look at all the
programs that start automatically. Don't uncheck or delete anything
at this
point. Just examine
the information to see an overview of the amount of programs that
are starting
automatically. When you feel comfortable with what you are seeing,
move on
to the next section.


Use an anti-virus and anti-malware
program to
remove the infections
Make sure you are using an anti-virus program and that the anti-virus
program
is updated to use the latest definitions. If you do not currently have
an anti-virus
installed, you can select one from the following list and use it to
scan and
clean your computer. The list below includes both free and commercial
anti-virus
programs, but even the commercial ones typically have a trial period
in which
you can scan and clean your computer before you have to pay for it.

• Kaspersky
  Anti-virus
  
• ESET
  Nod32
  
• [You must be registered and logged in to see this link.]
  
• [You must be registered and logged in to see this link.]
  
• [You must be registered and logged in to see this link.]
  
• Microsoft
  Security Essentials
  
• Trend
  Micro
  
• [You must be registered and logged in to see this link.]
  

It is also advised that you install and scan your computer with
MalwareBytes'
Anti-Malware and SUPERAntiSpyware. Both of these are excellent
programs and
have a good track record at finding newer infections that the more
traditional
anti-virus programs miss. Guides on how to install and use these
programs can
be found below.

How
to use Malwarebytes' Anti-Malware to scan and remove malware from
your computer
How
to use SUPERAntiSpyware to scan and remove malware from your
computer

After performing these instructions if you still are infected, you
can use
the instructions below to manually remove the infection.

How to remove these infections
manually

We have finally arrived at the section you came here for. You
are most likely reading this tutorial because you are infected with
some
sort of malware and want to remove it. With this knowledge that you
are infected,
it is also assumed that you examined the programs running on your
computer
and found one that does not look right. You did further research by
checking
that program against our [You must be registered and logged in to see this link.] or
by searching in Google and have learned that it is an infection and
you now
want to remove
it.

If you have identified the particular program that is part of the
malware,
and you want to remove it, please follow these steps.

1. 
   Download and extract the [You must be registered and logged in to see this link.]
   program by Sysinternals to C:\Autoruns
   
   
   
2. Reboot into Safe
   Mode so that the malware is not started when you are doing
   these steps. Many malware monitor the keys that allow them to
   start and
   if they notice they have been removed, will automatically
   replace that
   startup key. For this reason booting into safe mode allows us to
   get
   past that defense in most cases.
   
3. Navigate to the C:\Autoruns folder you created in Step
   1 and double-click on autoruns.exe.
   
4. When the program starts, click on the Options menu and
   enable the following options by clicking on them. This will place a
   checkmark
   next
   to each of these options.
   
   
   1. Include empty locations
      
   2. Verify Code Signatures
      
   3. Hide Signed Microsoft Entries
      
   
   


5. Then press the F5 key on your keyboard to refresh the
   startups list using these new settings.
   
6. The program shows information about your startup entries in 8
   different
   tabs. For the most part, the filename you are looking for will be
   found under
   the Logon or the Services tabs, but you
   should check all the other tabs to make sure they are not loading
   elsewhere
   as well. Click on each tab and look through the list for the
   filename that
   you want to remove. The filename will
   be found
   under
   the Image
   Path column.
   There may be more than one entry associated with the same file as it
   is common
   for malware
   to create multiple startup entries. It is important
   to note that many malware programs disguise themselves by using
   the same
   filenames as valid
   Microsoft files. it is therefore important to know exactly which
   file, and
   the folder they are in, that you want to remove. You can
   check our Startup
   Database for that information
   or ask for help in our [You must be registered and logged in to see this link.].
   
7. Once you find the entry that is associated with the malware, you
   want to
   delete that entry so it will not start again on the next reboot. To
   do that
   right click on the entry and select delete. This startup
   entry will now be removed from the Registry.
   
8. Now that we made it so it will not start on boot up, you should
   delete
   the file using My Computer or Windows Explorer. If you can not see
   the file,
   it may be hidden. To allow you to see hidden files you can follow
   the
   steps for your operating system found in this tutorial:
   
   [You must be registered and logged in to see this link.]
   
9. When you are finished removing the malware entries from the
   Registry and
   deleting the files, reboot into normal mode as you will now be clean
   from
   the infection.
   

How to protect
yourself in the
future

In order to protect yourself from this happening again it is
important that
take proper care and precautions when using your computer. Make sure
you have
updated antivirus and spyware removal software running, all the latest
updates
to your operating system, a firewall, and only open attachments or
click on
pop-ups that you know are safe. These precautions can be a tutorial
unto itself,
and luckily, we have one created already:

Simple
and easy ways to keep your computer safe and secure on the Internet

Please read this tutorial and follow the steps listed in order to be
safe
on the Internet. Other tutorials that are important to read in order
to protect
your computer are listed below.

Understanding
Spyware, Browser Hijackers, and Dialers
Understanding
and Using a Firewall
Safely
Connecting a Computer to the Internet
Using
SpywareBlaster to protect your computer from Spyware, Hijackers, and
Malware
Using
IE-Spyad to enhance your privacy and Security

Conclusion
Now that you know how to remove a generic malware from your
computer, it should help you stay relatively clean from infection.
Unfortunately
there are a lot of malware that makes it very difficult to remove
and these
steps will not help you with those particular infections. In
situations like
that where you need extra help, do not hesitate to ask for help in
our [You must be registered and logged in to see this link.].
We also have a self-help section that contains detailed fixes on
some of
the more common infections that may be able to help. This self-help
section
can be found here:

[You must be registered and logged in to see this link.]