Spyware infections are common. They happen to even the most careful of users so there will be a time where you need to clean up your machine. In general to avoid being infected, never click on any attachments or links in any email you receive that look suspicious. Also when doing web searches, look at the results before clicking to a website since you can get an infection just by going to a website if it is a spyware site.
Below are some of our basic steps for cleaning up an infected machine.
Generic Spyware Clean-up
- First, if you are having trouble with any of the below steps in Normal Windows bootup, try running them from Safe Mode instead. To access Safe Mode just press the F8 key when booting up when you see the starting Windows message. This will give you a list of boot options including Safe Mode.
- Run Rkill which can be downloaded from Bleepingcomputer.com
- Rkill will place a log file on the C drive. If no log file is present then it hasn’t completed so try running it again.
- After running Rkill, download, install and update Malwarebytes, then run a full scan.
- After a successful Malwarebytes scan, remove infected files and reboot.
- Test system for virus symptoms, if all seems well run another Full Malwarebytes scan which should come back clean.
- If second Malwarebytes scan is clean, you should be done.
- If second Malwarebytes scan found any sort of real infection, proceed to step 5.
- Download and run Combofix from Bleepingcomputer.com
- Make sure you disable the running Antivirus protection before running Combofix.
- When Combofix is completed, it will display a log file on the screen which should be saved at C:\Combofix.log – no log means it hasn’t completed.
- After Combofix log is displayed, test the computer for virus symptoms. If all seems well, run one last Malwarebytes scan.
- If that Malwarebytes scan comes back clean, you’re all set.
- Assuming the virus infection has been repaired, often there will be lingering issues. Use the Tweaking.com All In One repair tool. Follow the steps in the tool, which should include virus scans (can be skipped if the above steps were followed), hard drive scans, SFC scans, as well as a built in tool for backing up the machine before running the extensive repairs that are included in the app.
- After running these repairs, if the computer is still exhibiting lingering issues from the virus infection, we’re left with little options beyond re-imaging the machine with a fresh copy of Windows.