Clean up after a malware infection
1 TAKE A FAIL-SAFE BACKUP
Repairing Windows can lead to unforeseen consequences. Start by creating a full drive image using your back-up tool – Macrium Reflect Free (www.macrium.com/reflectfree.aspx) is our go-to tool. Make sure you’ve also created emergency rescue media – just in case.
2 REBOOT INTO SAFE MODE
Click Start > Settings > Update & Security > Recovery and click ‘Restart now’ under ‘Advanced start-up’. Choose Troubleshoot > Advanced options > Start-up Settings to select Safe mode (we recommend the ‘Safe Mode with Networking’ option to retain internet access).
3 FIX SAFE MODE
If Safe mode won’t work, reboot or restore your backup if your PC no longer boots. Install and run Windows Repair (www.tweaking.com), switch to the ‘Repairs – Main’ tab, click ‘Open Repairs’. Untick ‘All Repairs’, then choose ‘23 – Repair Windows Safe Mode’ and click Start Repairs. Try Safe mode again.
4 REPAIR FROM SAFE MODE
If not already installed, download and run the portable version of Windows Repair. Choose ‘Preset: Malware Cleanup Repairs’ from the ‘Repairs – Main’ tab to select repairs linked to malware infections. Click ‘Start Repairs’ to hopefully fix the worst of the damage. Reboot into normal mode.
5 FIX INTERNET PROBLEMS
If you’re unable to access the internet or network after cleaning up after malware try the repairs offered in one or both of Complete Internet Repair 5 (www.rizonesoft.com/downloads/complete-internet-repair/) and NetAdapter Repair All In One (https://sourceforge.net/projects/netadapter/).
6 DECRYPT RANSOMWARE
If files have been left encrypted and you have no backups to call on, make a note of the ransomware type from your security logs and visit www.nomoreransom.org – upload two of your encrypted files and paste in the ransom note to detect its type and hopefully locate a free decryption tool.