How can I remove malware?
Your computer is infected with a virus, Trojan or other malware …
… this guide is intended to give a beginner’s introduction to malware removal.
Let’s start!
What is Malware?
Malware is software with a deliberately unwanted function. Unwanted functions can be:
- Delete documents
- Encrypt documents and demand a ransom (ransomware)
- Slow down the computer
The difference to an error (bug) in a software, which can also have fatal consequences, is that a bug arises unintentionally.
The developer did not want the software to cause unwanted functions such as a document change.
Steffen Lippke
How does malware get onto my computer?
Malware can be add to your computer by ..
- Software download: You find a software on the Internet that sounds great. The software is free and virus-checked!? … Can’t everyone say that?
- E-mail: You receive an e-mail. If you allow the pictures in the email to load, you may have infected your computer with a virus.
- Misconfigurations: Secure systems are not secure if they are misconfigured. The most common mistake is that admins do not change the default password of the software. Hackers have long lists with almost any default password from any popular software.
- USB sticks or hard drives: You plug in a USB stick with your company logo and the virus installs itself. Is it Plug and Play or Plug and Pray ?
- Security holes: The user is not always to blame for a hack. Software developers can overlook loopholes that hackers can get through. Make a backup every (two) weeks.
… on your computer
How do I recognize malware?
Some malware appears on your screen unexpectedly.
… the rare case
If the text asks you to do something, don’t do it (e.g. transfer Bitcoins). In most cases, you will not notice the malware immediately. You can recognize the infection by the following signs.
- (Important) documents and multimedia files have disappeared (deletion)
- Unknown changes of (important) documents and multimedia files
- The malware makes it difficult to access a server (DDoS)
- You can no longer open (important) documents and multimedia files (ransomware)
- The malware increases boot time
- The malware uses part of your system performance to profit from your computing power
The malware can remain on the computer for several weeks after infection without you noticing anything.
Steffen Lippke
After some time, the malicious function activates. You have no idea where it could come from.
Tutorial Removing Malware
When you try to remove malware, you have the following four options:
- Automatic: Install an antivirus programme and let the programme do the work.
- Automatic + persistent: If the antivirus software cannot clean the software, the antivirus will quarantine the infected files. You cannot access or execute the file.
- Manual: If the antivirus does not find the malware, this malware is a “fresh” reinvention from a criminal that you have to clean up manually.
- Last chance: If you cannot get the malware under control, you must reboot your computer and restore the data from a backup that took place before the infection.
Automatic cleaning with an antivirus
Download a trial version of an antivirus software or buy a licence right away to remove the malware.
When you install the antivirus, you must restart the computer. The antivirus is deeply embedded in the operating system, so malware cannot quickly disable the antivirus.
- Search for the menu item “Scan”
- In the second step, run the standard or quick scan. If it finds the malware, the software will clean it up or ask you what to do with the suspicious files.
- Run the full scan. This can take several hours because it scans your entire hard drive. Malware rarely comes alone.
- If the scanner does not find anything, you must either try to delete the malware manually (see below) or do not use the computer for a day.
Waiting can help!
Every day, the antivirus receives the latest “hints” for malware (signatures).
The next day, the software might find the malware and clean it up. This update could also take several days or weeks. Until a successful clean-up has taken place, you should not use this computer, disconnect it from the Internet and switch it off. Your computer could try to infect others via the Internet.
Manual cleaning
Follow these 4 steps if an antivirus clean-up did not help.
- Start your computer in safe mode: Log off, hold Shift and click restart
- Try to uninstall the programme via the standard way. Normally, malware producers do not provide an uninstaller – but you know
- Delete the files that brought the malware from the hard disk. Always use Shift + DEL to delete the file permanently.
- Search for the installation location of the malware. Use the software Autoruns for this. The software shows which programmes are running in the background.
- Delete caches or all temp files
- Check the autostart
- Check all your downloads and email attachments to see if they have been identified as malware in the past. If you know the name of the malware, use Google to search for instructions.
- Check the Autostart folder and Windows Services to see if there is an unknown programme there. Malware likes to nest in different places at the same time, so you should check everything:
- System32
- Programs (with and without x86)
- User folder
- Hidden folder
- App Data
- Sort and search by creation date. Go through the most recent file and search for unknown names. Search the application folder for unknown folders or files, delete them. An old trick of malware developers is to name malware folders and files creatively:
- Recycle Bin or Paperbin
- Documents
- Personal
- Secret
- Private
- My Computer (Win XP)
Can I remove any malware?
Theoretically yes – practically no.
Some malware is not worth the effort because it is built in such a way that it is very difficult to remove.
Re-installing is the most economical option.
Steffen Lippke
Some malware destroys your hardware or encrypts your cryptographically so securely that you have no chance of getting at the files.
Even IT specialists secure their data several times! They are just as unprotected against security gaps as any normal user.