Got Spyware? Maybe This Will Help

by | Jul 1, 2014 | jahlberg

Spyware infections are common. They happen to even the most careful of users so there will be a time where you need to clean up your machine. In general to avoid being infected, never click on any attachments or links in any email you receive that look suspicious. Also when doing web searches, look at the results before clicking to a website since you can get an infection just by going to a website if it is a spyware site.

Below are some of our basic steps for cleaning up an infected machine.

Generic Spyware Clean-up

  1. First, if you are having trouble with any of the below steps in Normal Windows bootup, try running them from Safe Mode instead. To access Safe Mode just press the F8 key when booting up when you see the starting Windows message. This will give you a list of boot options including Safe Mode.
  2. Run Rkill which can be downloaded from Bleepingcomputer.com
    • Rkill will place a log file on the C drive.  If no log file is present then it hasn’t completed so try running it again.
  3. After running Rkill, download, install and update Malwarebytes, then run a full scan.
    • After a successful Malwarebytes scan, remove infected files and reboot.
  4. Test system for virus symptoms, if all seems well run another Full Malwarebytes scan which should come back clean.
    • If second Malwarebytes scan is clean, you should be done.
    • If second Malwarebytes scan found any sort of real infection, proceed to step 5.
  5. Download and run Combofix from Bleepingcomputer.com
    • Make sure you disable the running Antivirus protection before running Combofix.
  6. When Combofix is completed, it will display a log file on the screen which should be saved at C:\Combofix.log – no log means it hasn’t completed.
  7. After Combofix log is displayed, test the computer for virus symptoms.  If all seems well, run one last Malwarebytes scan.
    • If that Malwarebytes scan comes back clean, you’re all set.
  8. Assuming the virus infection has been repaired, often there will be lingering issues.  Use the Tweaking.com All In One repair tool.  Follow the steps in the tool, which should include virus scans (can be skipped if the above steps were followed), hard drive scans, SFC scans, as well as a built in tool for backing up the machine before running the extensive repairs that are included in the app.
    • After running these repairs, if the computer is still exhibiting lingering issues from the virus infection, we’re left with little options beyond re-imaging the machine with a fresh copy of Windows.

John Ahlberg, CEO, Waident Technology Solutions

John Ahlberg
CEO, Waident

CIO in the corporate world and now for Waident clients. John injects order and technology into business process to keep employees productive, enterprises running, and data safe.

Subscribe

Related posts

Why Backups And MFA Are So Important For Ransomware

Why Backups And MFA Are So Important For Ransomware

Two of the simplest and cheapest ways to protect your company from a ransomware attack are Multifactor Authentication and a fresh backup. Here's why.   Back up everything! You are not invulnerable. Catastrophicdata loss can happen to you - one worm or Trojanis...

3 Security Vulnerabilities You Don’t Realize You Have

3 Security Vulnerabilities You Don’t Realize You Have

These days security is not something you "should be doing someday". Security is something that is critical to your company and needs to be managed every day and updated regularly. If you need a place to start (it is never too late) you can focus on the Top 5 Security...

Documentation – Your IT “Canary in a Coal Mine”

Documentation – Your IT “Canary in a Coal Mine”

I consistently hear the same technology concerns from business owners and executives: they don’t know what they don’t know. Do they have the right IT team in place (internal or outsourced)? Do they have the optimal technology solutions for their business? How, they...

Share This