Malware Removal Phase

Several phases are required during the malware removal process in order to safely remove malware. This is because of the possible system changes that malware may make. Malware removal phases are:

  1. Identification Phase
  2. Information Gathering Phase
  3. Removal Phase

Identification Phase

During this phase any malware processes that are running on your computer must be identified. There are several methods that can be used to do this.

  • Use your task manager to look up running processes.
  • Install a personal firewall and use it to catch the malware processes when it tries to do any of the following:
    • Send private information to its creators.
    • Contact an ad server website to serve ads to you.
    • Download and install another piece of malware.

    A personal firewall works well for this task because it requires every application to have permission to access the internet. When a program that the firewall is not familiar with tries to access the internet, the firewall will ask you if this is acceptable. The firewall also keeps a list of programs that have permission to access the internet. You can check programs on this list see if any of them are malware.

  • Configure your anti-virus, anti-adware, or anti-spyware scanner to identify malware processes. Be sure to set the scanner so it does not delete or quaranteen any malware files that it finds. If it deletes or quarantines these files and your system has been misconfigured to require these files to run executable programs, your system could be crippled and you could be forced to re-install your operating system.

Using Task Manager

If your operating system is Windows Windows XP, Windows7 or later, you can use your task manager to help identify processes. Open the task manager by performing one of the two steps below.

  • Press the combination of keys, CTRL-ALT-DEL, at the same time, then select the “Task Manager” button.
  • Right click on an open area of your task bar at the bottom of your screen, then select “Task Manager”.

After the task manager is open, select the Processes tab. This provides a list of processes running on your computer like the one below.

Write down any processes that you suspect may be malware processes. In your list of processes, the ones called “System” or “System Idle Process” are of no concern since they are a normal part of the system.

Identifying Processes

Once you have a list of unknown processes running on your computer, they must be identified as good or bad. You will find that the processes are associated with one or more of:

  • Your computer system such as a Microsoft operating system process.
  • An application you installed such as your anti-virus software, your file editor, printer software, and other programs.
  • An application that was installed without your knowledge (this is where trouble usually comes from).

Once you have a list of suspected processes, you must identify them. There are several methods to identify uncognized processes on your list.

  • The following websites have lists of processes.
  • Search Google or your favorite search engine to get some clues about what the process is. You can do a web search or a groups search on Google and sometimes find discussions that may answer the question about the origin of the process.
  • Use the search function on your computer to search for the process name on your hard drive. This may identify the folder the process executable file is in which may give you additional clues. The figure below shows the search function.

    Once found, navigate to the folder the file is in.

    Right click on the file you are checking to open the properties window for the file. Click on the “Version” tab.

    Hide My IP

    This should tell you the name of the company that created the process. If there is no company name, you should be suspicious of the process, but the lack of a company name is no guarantee that the process is associated with malware, it is only a clue.