The First Thing To Try - To Get Rid Of Infections (with thanks to member dac10012 for reminding me)
System Restore, with the correct use of the program, it will solve your problems even if your computer is totally frozen by the malware or virus, even after rebooting.
First, you will have to reboot in Safe Mode, so that the malware or virus can't block your access to System Restore. The viruses we are talking about here may not let you access System Restore in Normal mode. This requires you to reboot and tap the F8 key while booting in order to be able to select Safe Mode.
Once you have rebooted into Safe Mode (this will take awhile longer than a regular boot into Windows), you can use System Restore. There are a variety of ways to access System Restore:
1. Click on Start, Programs, System Tools, System Restore.
2. Click on Start, Settings, Control Panel, Help and Support, Undo changes to your computer with System Restore.
3. Click on Start, Run and then type restore or rstrui in the dialogue box and click on Run when you see System Restore as an option or click on restrui.exe if you see this file.
There are other ways to access System Restore which you can find on the Internet.
Follow the on-screen directions for restoring your system to an earlier point in time. Windows creates system restore checkpoints at regular intervals and you should be able to select one. You may also create your own. You must go back to a date and time that was before the infection. This is a critical point in removing the malware or virus. It may be necessary to check "Choose a different restore point" in order to be able to choose an earlier date. Note that any programs you may have installed after that date will be uninstalled. However, you can always re-install them.
Another important point to remember when using System Restore is to not interrupt the process or attempt to do anything else on your computer while it is working. System Restore can take a long time, especially when operating in Safe Mode. Not allowing System Restore to complete properly will likely corrupt your system registry and you will probably have to reinstall Windows as a new install, which will also require reformatting and losing all your data.
This is, by far, the easiest way to remove malware and viruses from your computer.
McAfee have several new tools to help fight malware & fake anti-malware pests which usually get past most antivirus applications. GetSusp to gather and submit samples, and Stinger to combat stuff that regular antiviruses have problems with.
A tool to ferret out suspicious files and submit them to McAfee for testing. You have to go to the GetSusp Group to get the latest version. Membership is not required. You can also find support for it in that group and provide feedback. The actual download is available HERE.
Please read this McAfee article: Required Reading - Home User Assistance, Malware Troubleshooting
If you can isolate the malware that isn't being detected you can try submitting it to McAfee Laboratories.
If possible locate removal tools on the web for whatever the infection name that is bugging you - Google can be your friend. Be careful what you pick though! Avoid cures that simply say 'Click Here'.
Here are some FREE programs that you can download to get adware/spyware removed from the machine (keep them AND your computer updated!):
McAfee RootkitRemover is a stand-alone utility used to detect and remove complex rootkits and associated malware. Currently it can detect and remove ZeroAccess and TDSS family of rootkits. McAfee Labs plans to add coverage for more rootkit families in future versions of the tool.
So like Stinger below, it needs to be downloaded afresh each time you intend to use it.
How to use RootkitRemover: http://www.mcafee.com/us/downloads/free-tools/how-to-use-rootkitremover.aspx
A tool to detect and cleanse malware that isn't normally detected by VirusScan and oither regular antivirus software. N.B. It cannot be updated therefore needs to be freshly downloaded each time you use it as it is updated on the website every weekday. It can be uninstalled in the normal manner.
Stinger is a standalone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next-generation scan engine technology, including process scanning, digitally signed .DAT files, and scan performance optimizations. It detects and removes threats identified under the "List Viruses" icon in the Stinger application.
How to Use Stinger: http://www.mcafee.com/us/downloads/free-tools/how-to-use-stinger.aspx
McAfee has consolidated the FakeAV Stinger codebase into the daily Stinger. Please use http://stinger.mcafee.com as the primary landing page to download Stinger.
FREE 3rd Party Tools
Some infections are difficult for antivirus software to remove because of the way they work or because they are constantly mutating and that is where certain anti-malware tools come in handy. By the same token, these tools aren't that good at protecting you from the millions of infections that your antivirus application already keeps out. It is by no means a bad reflection on any antivirus application that one finds oneself resorting to using these tools. They are meant to supplement your protection. But keep them updated!
WARNING: We are not responsible for any problems caused by these programs. They have their own support. Also note that anti-spyware software will often remove all your good cookies (along with any bad ones of course) - so you have to be careful what you delete when the scan finishes.
Users will have to check each website for operating system compatibility. Remember to keep them updated!! Also note that when installing McAfee software - Windows Defender will be disabled, simply enable it afterwards, and the installer will object to MalwareBytes if already installed and give you the option to skip it or uninstall it. Uninstall it otherwise McAfee's installer will eventually fail after the next reboot.
Malwarebytes Anti-Malware (Free) This tool can downloaded, installed, updated and run all in 'Safe Mode with Networking' if an infection blocks it in regular mode.
Download the free version here (Free version is preferred as Pro may clash with VirusScan):
Support Forum: http://www.malwarebytes.org/forums/
A quote from one of the lead developers of MalwareBytes (Bruce Harrison):
As far as why MBAM is very good at dealing with this infection, that is simple. MBAM is designed to be very good at dealing with malware that the AV's seem to be having problems with. I do not spend my time making MBAM detect millions of infections that any decent AV already detects as MBAM is DESIGNED to work alongside antivirus software, not replace it. A huge chunk of the research that goes into MBAM revolves around what we see making it into HiJackThis threads as the vast majority of these threads involve antivirus software that was in some way bypassed.
Lets settle this now and avoid any further misinformation. MBAM is now a very good backup to any antivirus software and will only get better in the future. MBAM will NEVER add antivirus abilities to its core app and is always advised to be used WITH antivirus software. We actually get this question a lot in the forums and I assure you that we always say : "No, MBAM can't replace your existing antivirus software and is not designed to."
NOTE: If you have to reinstall McAfee please uninstall Malwarebytes first as it can cause problems with the installer. Once McAfee is installed and activated then feel free to reinstall Malwarebytes.
Microsoft Windows Defender (Free)
(Included with Vista and Windows 7 systems but available for Windows XP SP2 & up as a free download).
NOTE: If you have to reinstall McAfee the McAfee installer disables Windows Defender if installed in XP, (already installed in Vista and Windows 7), so that should be turned back on afterwards. N.B. In Windows 8 Windows Defender includes antivirus so when McAfee's installer disables it, it's for a good reason, running 2 antivirus applications together can actually leave you open to infection becuase they will clash. So in that case leave it disabled.
This tool, once protection is enabled, simply sits there guarding your installation with no further action required.
Support Forum: http://www.wilderssecurity.com/index.php
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software. Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox. Restrict the actions of potentially unwanted sites in Internet Explorer.
(Free, unless you want the auto-update feature which works well and is recommended).
Also if you want to use an 'on the go' scanner using a USB stick there is SuperAntispyware Portable: http://www.superantispyware.com/portablescanner.html?tag=SAS_HOMEPAGE
Support Forum: http://forums.superantispyware.com/
Ad-Aware Free has been removed as it now contains virus protection and having 2 such entities on your machine can compromise security.
Spybot Search and Destroy has been removed due to issues with McAfee and is no longer recommended. If you have it please at least disable it's Teatimer component if installed, but other issues have been reported in these forums.
Don't forget to keep all these updated
The following are scanners that provide logs to online anti-malware groups who specialize in removing malware, fake anti-malware etc.
This is an older tool but still useful where you need something to gather information to obtain help elsewhere. Run "Hijackthis" and post its log on one of the specialist forums below to see what action is recommended. They will check it and help you get rid of whatever ails your machine. Don't try to fix it yourself.
It has been updated to be compatible with Windows 7 and still serves a useful purpose in getting the ball rolling with help in the forums mentioned below. Any other tools will be recommended by them in due course of the investigation.
Note: Hijackthis is not intended as a removal tool per se, and should only be used under the guidance of the specialist forums.
Do not post Hijackthis logs here, we can't help you with those !
Post the logs at one of these specialist Forums:
Be sure to read all the sticky announcements/instructions at the top of each malware forum!
DDS - Specialised Scanner to Provide Logs to a Specific AntiMalware Forum
Download DDS: http://www.bleepingcomputer.com/download/anti-virus/dds
Post the log here: http://www.bleepingcomputer.com/forums/forum22.html
Good links and general Security advice:
Let Google be your friend. It helps to look up the name of the infection because often it has a cure readily available.
The forum search mechanism at the top right of this and every page can also be of great help.
Lastly, I can't stress how important it is that you keep Windows totally up to date at all times. On the second Tuesday of every month Microsoft releases important security updates which you avoid at your peril. Of course updates occur at other times too and you shouldn't ignore any critical or non-critical updates using the optional Microsoft Updates (see Windows Update settings), with few exceptions. Those would for example be language packs.. perhaps, or driver updates for hardware such as your graphics card that you prefer to update yourself, in which case you can opt to hide the update so it wont be presented again.
Never hide critical updates, that's asking for trouble and always install updates for Internet Explorer whether you use it or not as many processes, including McAfee for one, do use it, so keep it and it's add-ons up to date. In 64-bit (x64) systems only use the 32-bit I.E. as most add-ons and browser protection software are designed for use with 32-bit (x86) browsers (you will see both I.E.'s listed in your Start/All Programs Menu). That will change with time of course. Questions regarding that should be directed to the appropriate browser support forums.
Also avoid using registry cleaners and optimizers, most of their benefits are imaginary and many of their disadvantages are real, like the deletion of important registry keys belonging to other applications, McAfee included.
This is not just my advice but things I have learned over the years from Microsoft MVP's and the major anti-malware forums. Remember NO antivirus software, no matter what brand, is guaranteed to stop 100% of what is out there, but acting responsibly and taking the necessary precautions and with a little help from supplementary software, you should be fine.
The Internet is becoming an increasingly dangerous place but together we can survive it.....!! ;-)
Toronto • Ontario • Canada
Volunteer Moderator • Consumer Products