One question that shows up almost every day in the Ask Leo! inbox is how to remove malware.
The scenarios differ, but the problem is the same: a machine has been infected with spyware, a virus, or some other form of malware, and that machine’s owner is having a tough time getting rid of it.
And often there is anti-malware software installed that “should” have taken care of it before it got to this stage.
Hopefully, that’ll never be you. If it is, let’s review the steps I recommend for removing malware and reducing the chances it’ll happen again.
A word about prevention
If there’s only one thing I would have you take away from this article, it would be this:
Prevention is much less painful than the cure.
As we’ll see in a moment, the steps to remove malware can be painful and time consuming. While it might seem like work, knowing how to stay safe on the internet is much, much easier in comparison.
So, let’s look at what to do when prevention has failed.
My strong recommendation is that you start by taking a complete image backup of your system.
Why would you want to back up a system you know is infected with malware?
A backup taken now is an “it-can’t-get-any-worse-than-this” fallback. Some of the techniques we use to remove malware run the risk of breaking things and making the situation worse. With this backup at the ready, you can always restore and start over with nothing lost.
Restore a prior backup
If you’ve been taking regular backups, this is often the most expedient step, and can save a lot of time and energy.
Simply restore your machine completely from the most recent full system backup, plus any incremental backups (often handled transparently by your backup software) taken before the infection occurred.
And, except for learning from the experience, you’re done.
Unfortunately, most people don’t have this option available to them. Most people don’t begin backing up until after they’ve experienced data loss or a severe malware infection. One of the lessons they learn is that a recent backup can save them from almost any problem — including malware.
Update your anti-malware database
If you have anti-malware software installed, make sure it’s up-to-date. This includes more than just the software itself: the database of malware definitions must also be current.
Almost all anti-malware tools use databases of malware definitions, which change daily, if not more often. As a result, they must be updated regularly.
Many programs do this automatically, but if for some reason they do not, then the program will not “know” about the most recent forms of malware. Make sure the database is up-to-date so yours does.
Perform a full scan
Quite often, anti-malware tools regularly perform a “quick” or fast scan. That’s typically quite sufficient for day-to-day operations.
But not today.
Fire up your anti-malware tools and run a full/advanced/complete scan of your entire system drive (typically the C: drive). If you have a single tool, that might be one run; if you use multiple tools, such as separate anti-virus and anti-spyware tools, then run a full scan with each. This may take some time, but let the tools do their job.
This also applies if your anti-malware automated scans have stopped working for some reason (that reason often being malware). If this full scan discovers something, it might be worth checking to make sure the security software is properly configured to scan automatically as well.
Try another anti-malware tool
No anti-malware tool catches all malware.
I’ll say it again: there is no single tool that will catch every single piece of malware out there. None. Some catch more than others, but none of them catch everything.
So trying additional reputable tools is a reasonable approach.
I recommend the free version of Malwarebytes’ Anti-Malware as the first tool to use. It has a reputation for removing some nasties other tools apparently miss. Once again, run a full scan.
Regardless of which tool you select, I have to stress: stick with reputable tools. When a machine is infected, most people tend to panic and download just about anything and everything that claims to be an anti-malware tool. Don’t do that. There are many less-than-reputable individuals out there ready to take advantage of your panic.
Do some research before downloading anything, or you may just make the problem worse instead of better.
Research specific removal instructions
If your anti-malware software tells you the name of the specific malware you’re dealing with, that’s good information, even if it can’t remove it.
Search for that malware, and you’re likely to find specific removal instructions at one or more of the major anti-malware vendor sites. These instructions can be somewhat technical and intimidating, so take your time to follow them precisely, or get a techie friend to help.
The instructions often come with recommendations that the vendor’s software will remove the malware — for a price. As long as it’s an option (in other words, the manual removal instructions are provided), then it may be a viable alternative, if the company is one you trust. On the other hand, if all you’re presented with is a promise and a price, I’d move on.
Some sites offer free tools you can download to remove specific malware. Once again, use caution. When the tools are from reputable sources, they’re a quick way to avoid some hassle. When the tools are really just more malware in disguise, they’ll only make your problems worse.
If you download anything to help address the problem, make sure that wherever it is comes from, it’s an organization you know and trust.
This is the only sure-fire way to remove any virus. 100%. Guaranteed.
In fact, it’s the only way to know you’ve removed a virus. Once infected, none of the steps above, aside from restoring from a backup taken before the infection, are guaranteed to remove the malware, even if they report your machine is clean. Once infected, all bets are off. An infection can fool anti-malware software into thinking that everything is fine even when it’s not.
There’s just no way to know.
The only way to be absolutely positive you’ve removed any and all viruses is:
- Back up. If you haven’t already, back up the entire system. You’ll use this to restore your data after we’re done.
- Reformat. Reformatting erases the entire hard disk of everything: the operating system, your programs, your data, and most important of all, any and all viruses and malware. This may be part of the next step, as most Windows set-up programs offer to reformat the target hard drive before installing Windows.
- Reinstall. Yes, reinstall everything from scratch. Reinstall the operating system from your original installation media. (Or restore the system to an image backup you took when you got the machine, which preserved the “factory original” state.) Reinstall applications from their original media or saved downloads.
- Update. Update everything. In particular, make sure to bring Windows as completely up-to-date as possible for the most current protections against all known and patched vulnerabilities. Applications, particularly your anti-malware tools, should be updated as well.
- Restore. Restore your data by carefully copying it from the backups you created when we started. By “carefully,” I mean take care to only copy the data you need, so as not to copy back the malware — don’t copy programs, downloads, or other potential sources of infection.
- Learn. Take stock of how this happened, what you might have done to get infected in the first place, and what might have helped you recover more efficiently. Institute a frequent system backup.
It’s not your fault, but it is your responsibility
By now, I hope you can see why prevention is so much less painful than the cure.
Taking a few extra steps to keep things up to date, avoiding those cute virus-laden downloads and attachments, and just generally learning how to stay safe is much easier than the recovery process I just outlined.
And having backups can make the recovery process as close to painless as possible if you do get infected.
Yes, it’s not your fault. But it is your responsibility to learn the basics about staying safe when you use your computer.
In an ideal world, we’d never have to worry about malware or “bad guys” trying to fool us into doing things we really shouldn’t. But you already know this isn’t an ideal world; software isn’t perfect and never will be. There will always be someone out to scam the vulnerable.
Even though it’s not your fault, you still need to be the one to get educated and take the steps needed to stay safe.
Right or wrong, it’s just a practical reality.
This is an update to an article originally posted July 16, 2009
Leo Notenboom has been programming computers since 1976, and answering questions about them online since 2003. For more, see askleo.com.