First rule is, never have more than 1 antivirus application installed at once. Two or more can interact with each other and allow infection in. A good software firewall is also advised as Windows Firewall, whilst good, is protecting one-way only, incoming, by default, whereas a software one protects incoming and outgoing. (Windows Firewall can be configured two-way with rules and exceptions etc. but usually one needs the help of 3rd-party software anyway for that, and how to do that is for another website to tell you, Google it, with McAfee Security you don't need it anyway).
This document discusses a few anti-malware applications and gives some advice on what to do in the event your machine becomes infected.
(Windows 8/8.1/10 users please note: Windows Defender in those OS's contains an antivirus and installing a 3rd party one such as McAfee will disable it - that is correct behaviour.)
Also, never disable your Firewall for any reason. There is no reason to do so. If something tells you it needs that, then forget about it.
Note: Despite not being a virus removal forum per se we are often asked for help removing perfectly legitimate software that consumers swear has invaded their machines, as well as malware of course. Please make sure it is malware before accusing McAfee of letting you down. While no antivirus is perfect by any means, it does a pretty good job. Examples of these are things like Ask or Babylon Toolbars or McAfee Security Scan Plus or Norton's equivalent - often people will ask if that is malware masquerading as an antivirus. These things are removable - usually in the normal manner - and often come as optional extras when you download or update such things as µTorrent and other BitTorrent or PTP file-sharing software, Oracle Java, Adobe Flash, Shockwave or Reader, to name but a few who use this same promotional gimmick to allow products to remain free or low cost. Always keep an eye open for these options which should be unchecked, unless of course you want them.
SPAM: A common way of getting infected is by allowing spam in AND READING IT. Don't do that and never, ever, open any attachments to emails from unknown sources.
File Sharing/BitTorrents: Be extra careful with those as they are common sources of infection.
THE FIRST THING TO TRY
System Restore - with the correct use of this tool, it should solve your problems even if your computer is totally frozen by the malware or virus, even after rebooting.
If you've just been hit by Ransomware that demands money to unlock your files ("FBI" and ilk), DO NOT TOUCH ANY KEYBOARD KEYS OR CLICK YOUR MOUSE/MOUSEPAD - POWER OFF the machine via the switch and then read on (assuming you are using a clean machine to access this website). If it's Cryptolocker (not Cryptowall) the actual infection can be removed by Stinger, and if you need to decrypt your files and folders check online for the solution. Otherwise your files are toast. There is no guarantee that the crooks at the other end will decrypt your files after paying the "fee", so don't even try.
First, you will have to reboot to Safe Mode, so that the malware or virus can't block your access to System Restore. The infection we are talking about here may not let you access System Restore in Normal mode. This requires you to reboot and tap the F8 key while booting in order to be able to select Safe Mode.
Once you have rebooted into Safe Mode (this will take a while longer than a regular boot into Windows), you can use System Restore. There are a variety of ways to access System Restore:
1. Click on Start, Programs, System Tools, System Restore. (in some OS's Accessories/System Tools)
2. Click on Start, Settings, Control Panel, Help and Support, Undo changes to your computer with System Restore.
3. Click on Start, Run (or click the Windows key + R) and then type restore or rstrui in the dialogue box and click on Run when you see System Restore as an option above or click on restrui.exe if you see this file.
There are other ways to access System Restore which you can find on the Internet.
Follow the on-screen directions for restoring your system to an earlier point in time. Windows creates Restore checkpoints at regular intervals and you should be able to select one. (You may also create your own but do this only when your system is operating normally, i.e. clean.) You must go back to a date and time that was before the infection. This is a critical point in removing the malware or virus. It may be necessary to check "Choose a different restore point" in order to be able to choose an earlier date. Note that any programs you may have installed after that date may be uninstalled. However, you can always re-install them.
Another important point to remember when using System Restore is to not interrupt the process or attempt to do anything else on your computer while it is working. System Restore can take a long time, especially when operating in Safe Mode. Not allowing System Restore to complete properly will likely corrupt your system registry and you will probably have to reinstall Windows as a new install, which will also require reformatting and losing all your data.
This is, by far, the easiest way to remove malware and viruses from your computer.
McAfee has several tools to help fight malware & fake anti-malware pests which usually get past most antivirus applications.
Try them first.
GetSusp to gather and submit samples automatically, Stinger for PC & RootkitRemover to combat stuff that regular antiviruses have problems with.
A tool to ferret out suspicious files and submit them to McAfee for testing. You have to go to the GetSusp Group to get the latest version. Membership is not required. You can also find support for it in that group and provide feedback. The actual download is available HERE.
Don't forget to include your email address in Preferences if you want to receive feedback or a possible patch. Note: the log it produces is analyzed by the labs and is not meant as information for the user as it's pretty incomprehensible anyway, so if you entered your email address in Preferences before running then they will let you know the result.
Please read this McAfee article: Required Reading - Home User Assistance, Malware Troubleshooting
If you can isolate the malware that isn't being detected you can try submitting it to McAfee Laboratories.
If possible locate removal tools on the web for whatever the infection name that is bugging you - Google can be your friend. Be careful what you pick though! Avoid cures that simply say 'Click Here'.
Here are some FREE programs that you can download to get malware removed from the machine - keep them AND your computer updated, or in the case where they don't have a built-in updater, always download a fresh copy and then uninstall after completion of the operation:
McAfee RootkitRemover is a stand-alone utility used to detect and remove complex rootkits and associated malware. Currently it can detect and remove ZeroAccess and TDSS family of rootkits. McAfee Labs plans to add coverage for more rootkit families in future versions of the tool.
So like Stinger below, it needs to be downloaded afresh each time you intend to use it.
How to use RootkitRemover: http://www.mcafee.com/us/downloads/free-tools/how-to-use-rootkitremover.aspx
A tool to detect and cleanse malware that isn't normally detected by VirusScan and oither regular antivirus software. N.B. It cannot be updated therefore needs to be freshly downloaded each time you use it as it is updated on the website every weekday. It can be uninstalled in the normal manner.
Stinger is a standalone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next-generation scan engine technology, including process scanning, digitally signed .DAT files, and scan performance optimizations. It detects and removes threats identified under the "List Viruses" icon in the Stinger application.
How to Use Stinger: http://www.mcafee.com/us/downloads/free-tools/how-to-use-stinger.aspx
NOTE: Stinger 12.x upwards will not work if you have any version of Internet Explorer less than IE8 installed. XP SP3 should have IE8, Vista SP2: IE9, Windows 7 SP1 and Windows 8/8.1: IE11. This applies even if IE is NOT your default browser. Note that Stinger now removes Zeus and Cryptolocker infections, see the reference above for a tool to decrypt files.
McAfee has consolidated the FakeAV Stinger codebase into the daily Stinger. Please use http://stinger.mcafee.com as the primary landing page to download it.
No longer available
The above are listed along with other tools on the McAfee Free Tools page. But note that many tools there are for the Enterprise/Business environment and may have limited or even no application in a home environment and should really be used only with professional assistance from an independent anti-malware forum, or the paid McAfee Virus Removal Service if you choose to go that route.
FREE THIRD PARTY TOOLS
Some infections are difficult for antivirus software to remove because of the way they work or because they are constantly mutating and that is where certain anti-malware tools come in handy. By the same token, these tools aren't that good at protecting you from the millions of infections that your antivirus application already keeps out. It is by no means a bad reflection on any antivirus application that one finds oneself resorting to using these tools. They are meant to supplement your protection. But keep them updated!
WARNING: We are not responsible for any problems caused by these programs. They have their own support. Also note that anti-spyware software will often remove all your good cookies (along with any bad ones of course) - so you have to be careful what you delete when the scan finishes.
Users will have to check each website for operating system compatibility. Remember to keep them updated!! Also note that when installing McAfee software - Windows Defender will be disabled, simply enable it afterwards (except in Windows 8 and above, see notes in red below), and the installer will object to MalwareBytes if already installed and give you the option to skip it or uninstall. It's now OK to skip it.
Malwarebytes Anti-Malware (Free)
This tool can downloaded, installed, updated and run all in 'Safe Mode with Networking' if an infection blocks it in regular mode. Or see **Chameleon below.
BEWARE OF "SOUNDS LIKE" IMITATORS SUCH AS MALWAREBITER - DO NOT EVEN CONSIDER DOWNLOADING THEM !!
Download the free version here (Free version is preferred as Premium's real-time protection may clash with VirusScan (it shouldn't do that but this is just as a precaution)
- NOTE: to keep Malwarebytes actually free of charge, do NOT accept the free trial offer or activate (if asked). If you do you will end up with the wrong version.
http://www.malwarebytes.org/free/ or the direct download link at BleepingComputer: http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/?1
Support Forum: Malwarebytes Community
A quote from one of the lead developers of MalwareBytes (Bruce Harrison) in answer to a question why one should employ other tools as well as an antivirus and if MBAM is a replacement for an antivirus:
As far as why MBAM is very good at dealing with (this) infection, that is simple. MBAM is designed to be very good at dealing with malware that the AV's seem to be having problems with. I do not spend my time making MBAM detect millions of infections that any decent AV already detects as MBAM is DESIGNED to work alongside antivirus software, not replace it. A huge chunk of the research that goes into MBAM revolves around what we see making it into HiJackThis threads as the vast majority of these threads involve antivirus software that was in some way bypassed.
Lets settle this now and avoid any further misinformation. MBAM is now a very good backup to any antivirus software and will only get better in the future. MBAM will NEVER add antivirus abilities to its core app and is always advised to be used WITH antivirus software. We actually get this question a lot in the forums and I assure you that we always say : "No, MBAM can't replace your existing antivirus software and is not designed to."
**Chameleon (for MBAM): If you are having problems downloading and installing Malwarebytes because the infection is preventing it and you've tried Safe Mode with Networking and failed, then try using their Chameleon tool, webpage HERE.
MalwareBytes Anti-Exploit (For XP Upwards) Free provides basic protection against exploits and works as a supplement to any other protection you may have. It has shields for Chrome, Firefox, IE, Opera and Java but anything else you have to buy the paid version.
Malwarebytes now have their own rootkit removal sofftware to be used if the regular MBAM fails to remove the offending rootkit. But warning; it's Beta at the moment so make sure you read up before using it. Also remember that McAfee has its own Rootkit Remover mentioned earlier in this article.
Malwarebytes Anti-Rootkit Beta Read the write-up and instructions HERE. Warning: Always use beta software with caution and always uninstall it after you've finished. You might also want to try RootkitRemover by McAfee listed above.
Microsoft Windows Defender (Free)
(Included with Vista and Windows 7 and 8/8.1/10 systems but available for Windows XP SP2 & up as a free download). (See notes in red regarding the Windows 8/8.1/10 versions)
NOTE: If you have to reinstall McAfee the McAfee installer may disable Windows Defender, so that should be turned back on afterwards except In Windows 8/8.1/10+ as those versions of Windows Defender includes antivirus previously incorporated only in Microsoft Security Essentials so when McAfee's installer disables it, it's for a good reason, running 2 antivirus applications together can actually leave you open to infection because they will clash, so in that case leave it disabled.
This tool, once protection is enabled, simply sits there guarding your installation with no further action required, except check for updates periodically in the free version.
Support Forum: http://www.wilderssecurity.com/index.php
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software. Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox. Restrict the actions of potentially unwanted sites in Internet Explorer.
(Free, unless you want the auto-update feature which works well and is recommended).
Also if you want to use an 'on the go' scanner using a USB stick there is SuperAntispyware Portable: http://www.superantispyware.com/portablescanner.html?tag=SAS_HOMEPAGE
Support Forum: http://forums.superantispyware.com/
Make sure you do NOT click the Sponsored Advertisement at the top, but only the "Download from BleepingComputer" button.
AdwCleaner is a program that searches for and deletes Adware, Toolbars, Potentially Unwanted Programs (PUP), and browser Hijackers from your computer. By using AdwCleaner you can easily remove many of these types of programs for a better user experience on your computer and while browsing the web.
Make sure you do NOT click the Sponsored Advertisement at the top, but only the "Download Now @ Author's Site" button.
Junkware Removal Tool is a security utility that searches for and removes common adware, toolbars, and potentially unwanted programs (PUPs) from your computer. A common tactics among freeware publishers is to offer their products for free, but bundle them with PUPs in order to earn revenue. This tool will help you remove these types of programs. In Vista, 7 and 8/8.1 use by right-clicking the saved file and selecting "Run as Administrator".
Ad-Aware Free has been removed as it now contains virus protection and having 2 such entities on your machine can compromise security.
Spybot Search and Destroy has been removed due to issues with McAfee and is no longer recommended. If you have it please at least disable it's Teatimer component if installed, but other issues have been reported in these forums.
Don't forget to keep all these updated, some don't have updating abilities so always download a fresh version in that case.
The following are scanners that provide logs to online anti-malware groups who specialize in removing malware, fake anti-malware etc.
This is an older tool but still useful where you need something to gather information to obtain help elsewhere. Run "Hijackthis" and post its log on one of the specialist forums below to see what action is recommended. They will check it and help you get rid of whatever ails your machine. Don't try to fix it yourself.
It has been updated to be compatible with Windows 7 and still serves a useful purpose in getting the ball rolling with help in the forums mentioned below. Any other tools will be recommended by them in due course of the investigation.
Note: Hijackthis is not intended as a removal tool and doesn't actually detect malware per se, and should only be used under the guidance of the specialist forums.
Do not post Hijackthis logs here, we can't help you with those !
Post the logs at one of these specialist Forums and read any stickies at the top that may give guidelines for posting:
Be sure to read all the instructions at the top of each malware forum! Choose from the following:
Malware Removal Guides
(Courtesy of BleepingComputer Forums)
(Courtesy of MalwareTips.com)
Let Google be your friend. It helps to look up the name of the infection because often it has a cure readily available.
The forum search mechanism at the top right of this and every page can also be of great help.
Lastly, I can't stress how important it is that you keep Windows totally up to date at all times, all of it, including parts you may not use such as Internet Explorer if you normally use another browser for instance. On the second Tuesday of every month Microsoft releases important security updates which you avoid at your peril. Of course updates occur at other times too and you shouldn't ignore any critical or non-critical updates using the optional Microsoft Updates (see Windows Update settings), with few exceptions. Those would for example be language packs.. perhaps, or driver updates for hardware such as your graphics card that you prefer to update yourself, in which case you can opt to hide the update so it wont be presented again.
Never hide critical updates, that's asking for trouble and always install updates for Internet Explorer whether you use it or not as many processes, including McAfee for one, do use it, so keep it and it's add-ons up to date. In Windows 7 or lower 64-bit (x64) systems only use the 32-bit I.E. as most add-ons and browser protection software are designed for use with 32-bit (x86) browsers (you will see both I.E.'s listed in your Start/All Programs Menu). That will change with time of course. Questions regarding that should be directed to the appropriate browser support forums.
I would suggest checking if all Microsoft Updates are installed and working OK. It's possible that you may think you are up to date but something may have corrupted them. That could be caused by malware or use of registry cleaners, for instance. If you install Belarc Advisor, which is always a useful tool to have around anyway, and let it run you can check the integrity of all your installed updates and if any are missing. Scrolling down to the lowest part of it's results you'll see a list of all Windows Updates installed and there will be a red flag against any that are broken. At the very bottom you'll see this (click to magnify):
Any flagged in red should be located in Windows Update > Installed Updates by their KB number and immediately uninstalled. Reboot if asked to. Then poll Windows Update for updates and they should come back in.
It's a free download and available HERE. It works on all Windows systems.
Also avoid using registry cleaners and optimizers, most of their benefits are imaginary and many of their disadvantages are real, like the deletion of important registry keys belonging to other applications, McAfee included.
This is not just my advice but things I have learned over the years from Microsoft MVP's and the major anti-malware forums and personal experience. Remember NO antivirus software, no matter what brand, is guaranteed to stop 100% of what is out there, but acting responsibly and taking the necessary precautions and with a little help from supplementary software, you should be fine.
The Internet is becoming an increasingly dangerous place but treated wisely one can survive intact.
If you spot any broken links please post a new discussion in Community Help for my attention and I will amend this.
To fix file associations broken by a malware attack check here: https://community.mcafee.com/docs/DOC-1264
If your phone rings with someone saying your computer has a virus and needs to be fixed - hang up and if possible block them from calling you again. It's a scam !!
Microsoft, McAfee etc. etc. never call people without prior arrangements being made.
Toronto • Canada
Volunteer Moderator • Consumer Products
Use Advanced Forum Search To Find Answers
AVOID Registry Cleaners & Optimizers, a cause of many failures!!