How To: Re­move mal­ware from a PC

ERIC GEIER and JOSH NOREM ex­plain how to clean out and re­store your Win­dows 10 com­puter to a pris­tine state

Tech Advisor - - How To -

Is your com­puter run­ning slower than usual? Are you get­ting lots of pop-ups? Have you seen other weird prob­lems crop up? If so, your PC might be in­fected with a virus, spy­ware, or other mal­ware – even if you have an an­tivirus pro­gram in­stalled. Though

other prob­lems such as hard­ware is­sues can pro­duce sim­i­larly an­noy­ing symp­toms, it’s best to check for mal­ware if your PC is act­ing up and we’ll show you how to do it your­self.

Step 1: En­ter Safe Mode

Be­fore you do any­thing, you need to dis­con­nect your PC from the In­ter­net, and don’t use it un­til you’re ready to clean your PC. This can help pre­vent the mal­ware from spread­ing and/or leak­ing your pri­vate data.

If you think your PC may have a mal­ware in­fec­tion, boot your PC into Mi­crosoft’s Safe Mode. In this mode, only the min­i­mum re­quired pro­grams and ser­vices are loaded. If any mal­ware is set to load au­to­mat­i­cally when Win­dows starts, en­ter­ing in this mode may pre­vent it from do­ing so. This is im­por­tant be­cause it al­lows the files to be re­moved eas­ier since they’re not ac­tu­ally run­ning or ac­tive.

Sadly, Mi­crosoft has turned the process of boot­ing into safe mode from a rel­a­tively easy process in Win­dows 7 and Win­dows 8 to one that is de­cid­edly more com­pli­cated in Win­dows 10. To boot into Win­dows Safe Mode, first click the Start But­ton in Win­dows 10 and se­lect the Power but­ton as if you were go­ing to re­boot, but don’t click any­thing. Next hold down the Shift key and click Re­boot. When the full-screen menu ap­pears, se­lect Trou­bleshoot­ing, then Ad­vanced Op­tions, then Startup Set­tings. On the next win­dow click the Restart but­ton and wait for the next screen to ap­pear (just stick with us here, we know this is long). Next you will see a menu with num­bered startup op­tions; se­lect num­ber 4, which is

Safe Mode. Note that if you want to con­nect to any on­line scan­ners you’ll need to se­lect op­tion 5, which is Safe Mode with Net­work­ing.

You may find that your PC runs no­tice­ably faster in Safe Mode. This could be a sign that your sys­tem has a mal­ware in­fec­tion, or it could mean that you have a lot of le­git­i­mate pro­grams that nor­mally start up along­side Win­dows. If your PC is out­fit­ted with a solid-state drive it’s prob­a­bly fast ei­ther way.

Step 2: Delete tem­po­rary files

Now that you’re in Safe Mode, you’ll want to run a virus scan. But be­fore you do that, delete your tem­po­rary files. Do­ing this may speed up the virus scan­ning, free up disk space, and even get rid of some mal­ware. To use the Disk Cleanup util­ity in­cluded with Win­dows 10 just type Disk Cleanup in the search bar or after press­ing the Start but­ton and se­lect the tool that ap­pears named Disk Cleanup.

Step 3: Down­load mal­ware scan­ners

Now you’re ready to have a mal­ware scan­ner do its work – and for­tu­nately, run­ning a scan­ner is enough to re­move most stan­dard in­fec­tions. If you al­ready had an an­tivirus pro­gram ac­tive on your com­puter, you should use a dif­fer­ent scan­ner for this mal­ware check, since your cur­rent an­tivirus soft­ware may not have de­tected

the mal­ware. Re­mem­ber, no an­tivirus pro­gram can de­tect 100 per­cent of the mil­lions of mal­ware types and vari­ants.

There are two types of an­tivirus pro­grams. You’re prob­a­bly more fa­mil­iar with real-time an­tivirus pro­grams, which run in the back­ground and con­stantly watch for mal­ware. An­other op­tion is an on-de­mand scan­ner, which searches for mal­ware in­fec­tions when you open the pro­gram man­u­ally and run a scan. You should have only one real-time an­tivirus pro­gram in­stalled at a time, but you can have many on­de­mand scan­ners in­stalled to run scans with mul­ti­ple pro­grams, thereby en­sur­ing that if one pro­gram misses some­thing a dif­fer­ent one might find it.

If you think your PC is in­fected, we rec­om­mend us­ing an on-de­mand scan­ner first and then fol­low­ing up with a full scan by your real-time an­tivirus pro­gram. Among the free (and high-qual­ity) on-de­mand scan­ners avail­able are BitDe­fender Free Edi­tion ( y9azd346), Kasper­sky Virus Re­moval Tool (tinyurl. com/y7jc5­dat), Mal­ware­bytes (­dacdk), Mi­crosoft’s Ma­li­cious Soft­ware Re­moval Tool (tinyurl. com/q3jf3v8), Avast ( and Su­perAn­tiSpy­ware (

Step 4: Run a scan with Mal­ware­bytes

For il­lus­tra­tive pur­poses, we’ll de­scribe how to use the Mal­ware­bytes on-de­mand scan­ner. To get started, down­load it (­dacdk). If you dis­con­nected from the In­ter­net for safety rea­sons when you first sus­pected that you might be in­fected, re­con­nect to it so you can down­load, in­stall, and up­date Mal­ware­bytes;

then dis­con­nect from the In­ter­net again be­fore you start the ac­tual scan­ning. If you can’t ac­cess the In­ter­net or you can’t down­load Mal­ware­bytes on the in­fected com­puter, down­load it on an­other com­puter, save it to a USB flash drive, and take the flash drive to the in­fected com­puter.

After down­load­ing Mal­ware­bytes, run the setup file and fol­low the wiz­ard to in­stall the pro­gram. Once the pro­gram opens, it will au­to­mat­i­cally ac­ti­vate a trial of the paid ver­sion that en­ables real-time scan­ning. You won’t get charged after the trial ends, how­ever – by de­fault, the pro­gram re­verts to the stan­dard free ver­sion in 14 days. In the mean­while, you can dis­able the real-time scan­ning for those two weeks if you pre­fer.

To run a scan, switch from the Dash­board tab to the Scan tab. Keep the de­fault scan op­tion (‘Threat Scan’)

se­lected and click the Start Scan but­ton. It should check for up­dates be­fore it runs the scan, but make sure that hap­pens be­fore you pro­ceed.

Though it of­fers a cus­tom-scan op­tion, Mal­ware­bytes rec­om­mends that you per­form the threat scan first, as that scan usu­ally finds all of the in­fec­tions any­way. De­pend­ing on your com­puter, the quick scan can take any­where from 5 to 20 min­utes, whereas a cus­tom scan might take 30 to 60 min­utes or more. While Mal­ware­bytes is scan­ning, you can see how many files or ob­jects the soft­ware has al­ready scanned, and how many of those files it has iden­ti­fied ei­ther as be­ing mal­ware or as be­ing in­fected by mal­ware.

If Mal­ware­bytes au­to­mat­i­cally dis­ap­pears after it be­gins scan­ning and won’t re­open, you prob­a­bly have a rootkit or other deep in­fec­tion that au­to­mat­i­cally

kills scan­ners to pre­vent them from re­mov­ing it. Though you can try some tricks to get around this ma­li­cious tech­nique, you might be bet­ter off re­in­stalling Win­dows after back­ing up your files (as dis­cussed later), in view of the time and ef­fort you may have to ex­pend to beat the mal­ware.

Once the scan is com­plete, Mal­ware­bytes will show you the re­sults. If the soft­ware gives your sys­tem a clean bill of health but you still think that your sys­tem has ac­quired some mal­ware, con­sider run­ning a cus­tom scan with Mal­ware­bytes and try­ing the other scan­ners men­tioned ear­lier. If Mal­ware­bytes does find in­fec­tions, it’ll show you what they are when the scan is com­plete. Click the Re­move Se­lected but­ton in the lower left to get rid of the spec­i­fied in­fec­tions. Mal­ware­bytes may also prompt you to restart your PC in or­der to com­plete the re­moval process, which you should do.

If your prob­lems per­sist after you’ve run the threat scan and it has found and re­moved un­wanted files, con­sider run­ning a full scan with Mal­ware­bytes and the other scan­ners men­tioned ear­lier. If the mal­ware ap­pears to be gone, run a full scan with your real-time an­tivirus pro­gram to con­firm that re­sult.

Step 5: Fix your web browser

Mal­ware in­fec­tions can dam­age Win­dows sys­tem files and other set­tings. One com­mon mal­ware trait is to mod­ify your web browser’s home page to re­in­fect the PC, dis­play ad­ver­tise­ments, pre­vent brows­ing, and gen­er­ally an­noy you.

Be­fore launch­ing your web browser, check your home page and con­nec­tion set­tings. For In­ter­net

Ex­plorer right-click the Win­dows 10 Start but­ton and se­lect Con­trol Panel, then In­ter­net Op­tions. Find the Home Page set­tings in the Gen­eral tab, and ver­ify that it’s not some site you know noth­ing about. For Chrome, Fire­fox or Edge, sim­ply go to the set­tings win­dow of your browser to check your home page set­ting.

Step 6: Re­cover your files if Win­dows is cor­rupt

If you can’t seem to re­move the mal­ware or if Win­dows isn’t work­ing prop­erly, you may have to re­in­stall Win­dows. But be­fore wip­ing your hard drive, copy all of your files to an ex­ter­nal USB or flash drive. If you check your email with a client pro­gram (such as Out­look or Win­dows Mail), make sure that you ex­port your set­tings and mes­sages to save them. You should also back up your de­vice driv­ers with a util­ity such as Dou­ble Driver (­jqd­wyq), in case you don’t have the driver discs any­more or don’t want to down­load them all again. Re­mem­ber, you can’t save in­stalled pro­grams. In­stead, you’ll have to re­in­stall the pro­grams from discs or re­down­load them.

If Win­dows won’t start or work well enough to per­mit you to back up your files, you may cre­ate and use a Live CD, such as Hiren’s BootCD (HBCD) (, to ac­cess your files.

Once you have backed up ev­ery­thing, re­in­stall Win­dows ei­ther from the disc that came with your PC, by down­load­ing the in­stal­la­tion im­age from Mi­crosoft, or by us­ing your PC’s fac­tory re­store op­tion, if it has one. For a fac­tory re­store you typ­i­cally must press a cer­tain key on the key­board dur­ing the boot process

in or­der for re­store pro­ce­dure to ini­tial­ize, and your PC should tell you what key to press in the first few sec­onds after you turn it on. It there’s no on-screen in­struc­tions con­sult your man­ual, the man­u­fac­turer, or Google.

Keep­ing your com­puter clean

Al­ways make sure that you have a real-time an­tivirus pro­gram run­ning on your Win­dows PC, and make sure this pro­gram is al­ways up-to-date. If you don’t want to spend money on yearly sub­scrip­tions, you can choose one of the many free pro­grams that pro­vide ad­e­quate pro­tec­tion, such as Avast, AVG (, Panda (­br­jsw) or Co­modo (

In ad­di­tion to in­stalling tra­di­tional an­tivirus soft­ware, you might con­sider us­ing the free OpenDNS ser­vice ( to help block dan­ger­ous sites. And if you fre­quent shady sites that might in­fect your PC with mal­ware, con­sider run­ning your web browser in sand­box mode to pre­vent any down­loaded mal­ware

from harm­ing your sys­tem. Some an­tivirus pro­grams, such as Co­modo, of­fer sand­box­ing fea­tures, or you can ob­tain them through a free third-party ap­pli­ca­tions such as Sand­boxie (sand­

When you think that you’ve rid your PC of mal­ware in­fec­tions, dou­ble-check your on­line ac­counts, in­clud­ing those for your bank, email, and so­cial net­work­ing sites. Look for sus­pi­cious ac­tiv­ity and change your pass­words – be­cause some mal­ware can cap­ture your pass­words.

If you have a backup sys­tem in place that au­to­mat­i­cally backs up your files or sys­tem, con­sider run­ning virus scans on the back­ups to con­firm that they didn’t in­ad­ver­tently save in­fec­tions. If virus scans aren’t fea­si­ble, as is the case with on­line sys­tems since they usu­ally will only scan a drive at­tached to your PC or just the C:\ drive, con­sider delet­ing your old back­ups and re­set­ting the soft­ware to be­gin sav­ing new back­ups that are hope­fully free from in­fec­tions.

Keep Win­dows, other Mi­crosoft soft­ware, and Adobe prod­ucts up-to-date. Make sure that you have Win­dows Up­date turned on and en­abled to down­load and in­stall up­dates au­to­mat­i­cally. If you’re not com­fort­able with this, set Win­dows to down­load the up­dates but let you choose when to in­stall them.

You can use Win­dows 10’s built-in disk cleanup util­ity to rid your sys­tem of un­nec­es­sary temp files

Choose Threat Scan to per­form a ba­sic anal­y­sis of your com­puter’s most com­monly in­fected files

Mal­ware­bytes presents the re­sults of its scan and lets you re­move the of­fend­ing bits with one click

Make sure that your home page set­tings are cor­rect be­fore launch­ing In­ter­net Ex­plorer

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.