 |
6. How to remove malware
If you suspect that your system is infected and you need to manually remove the malware, follow these steps:
- In order to remove malware manually, you should be in Safe Mode first. Press the F8 key when you start your computer in Windows, and select the 'safe mode' option on the screen.
If this procedure does not work, try changing the start-up option, if necessary, to boot from floppy/CD and insert a clean boot disk or CD. Then reboot.
- Run an up-to-date antivirus program from a clean CD. Note all suspicious files it detects or save the scan report.
- Use malware-specific removal tools (see AntiVir Removal Tool). They can repair (if possible) infected files and registry entries and they can remove other malware-related files from the infected system.
- Manually disinfect the system:
- Find and terminate malware processes and remove non-malware files related and used by malware.
Tips: apart from the suspicious file names enumerated in a scan report, identify irregular file names or directories, strange file properties (hidden files, no file version or supplier name, abnormal file dates…); look-up the malware name on the Internet, to find out more details about the files it uses to run;
- Eliminate malware entries from the Registry, INI files, Services (Windows NT), Start Menu, Task Scheduler;
- Check the installed screensaver programs, games and other utilities;
- Delete web browser cache (Temporary Internet Files) and browser history, cookies and other suspect temporary files;
- Empty the Recycle Bin.
- Install an up-to-date antivirus program on your system.
- Reboot.
- Run a complete disk scanning.
- Make a habit of elementary security rules! (see "How to stay protected against malware infections")
Virus Science
 Print this page
|
|
Virus threats 
.gif)
