Malware Removal Phase

Prior to conducting malware removal, you should have performed the previous two phases of Identification and Information Gathering to determine what malware you have and decide the best way to remove it. In addition you whould back up your complete system and create an emergency boot disk before attempting any malware removal. Be sure to back up any data files that are important to you and your email files. See the pages called Creating a Windows Emergency Boot Disk and How to Backup your Data and System.

There are two ways to remove malware from your computer.

  • Automatic – This involves using an anti-virus, anti-spyware, or anti-malware tool of some kind.
  • Manual – This involves stopping processes, deleting or renaming files, and editing the system registry.

Automatic Malware Removal

There are several possible ways to do an automatic removal of adware or malware. In all cases, it is best to boot the system to “Safe Mode” before attempting the removal. In Windows 2000, this can be done by pressing the F8 key while the system is booting, then select “Safe Mode” from the menu. You will need to login as a local administrator after booting.

If your operating system is Windows XP or Windows Me, turn off Windows System Restore before running the scan because it may restore deleted files which support the removed adware. Windows Me and XP have a system restore feature that may prevent removal of malware files. The link at http://download.nai.com/products/mcafee-avert/SystemHelpDocs/DisableSysRestore.htm will explain how to turn off the system restore feature and then turn it back on.

Automatic removal may be possible using one of the methods listed below:

  • Use the “Add/Remove Programs” applet in the Control Panel.
  • Use a removal tool provided by the creator of the adware or spyware.
  • Use an anti-virus or anti-malware removal tool which is specifically made to remove one specific infection.
  • Use an anti-spyware or anti-adware removal program tool which is not geared for a particular infection.

Removal with add/remove programs or Adware Company removal tool

The first two ways assume the adware creator is legitimate. Some adware is created by companies that are legitimate and have some integrity but you must be sure of this before removing adware . Their adware software may be listed in the “Add Remove Programs” section of your computer Control Panel. You should first have researched information about their processes and software to determine whether removal using “Add Remove Programs” will work properly. They may also provide a removal tool which may be downloaded. If this is the case, you must try to get some idea whether their tool will ruin your system if you run it.

Use of a Removal Tool for a Specific Infection

If you have found a removal tool specifically created to remove the malware, (whether it is a virus, adware, or spyware) this is the best option. These kind of removal tools are made to correct the damage done to your system by the malware that your system is infected with.

Use of a Non-Specific Malware Removal Tool

These types of tools include anti-virus tools such as Norton Anti-virus, anti-adware tools such as Ad-aware, and anti-spyware tools such as Spybot Search and Destroy. They will remove or quaranteen files, cookies and other information on your computer. Some tools may make changes to your system registry to undo damage done by the malware being removed. However these types of tools do not typically undo enough damage to keep your system working correctly if the malware has modified it to require the malware file to be present to run some system programs. Therefore, after researching to be sure the malware you have did not modify your system in such a way to cripple it when you remove the adware, or you have repaired the damage done to your system by the malware, it should be save to remove your malware using one of these automatic removal tools.