How to clean a malware-infested PC

cryptolocker_16x9

So the worst has happened and you’ve become infected with a virus — or maybe just a bunch of stuff you don’t want.

The PC slows right down, web pages are loading when you don’t want them to, there are constant popups and other stuff happening that you never asked for.

Now the final solution to such a problem is to perform a refresh/reset on the PC — but before you nuke your PC from orbit, so to speak, there are some things you can try without deleting all your programs in the process.

Booting into safe mode

SafeMode Win10It can be tricky to remove malware. Once it infects a PC, most malware will actively try to prevent you from removing it.

Control panels won’t open, you can’t access Task Manager to close processes and other common techniques for shutting down and removing processes may be thwarted.

That’s why you have to boot into safe mode. Safe mode prevents anything other than core Windows components from loading, so the malware won’t be loaded into memory and you can actually remove it from the hard drive.

Booting into safe mode is easy — although Windows 8 and 10 actually made it a little harder.

For Windows 8 and 10, remove any USB drives and DVDs/CDs from the drive. Then click on the Start button, then on the power button, then while holding down the shift key, click on Restart. This will restart with Advanced Options open.

Alternatively, press the Windows key and ‘R’ to bring up the Run menu. Type msconfig into the Run box. Click on the Boot tab and check the Safe Boot option. Then reboot the computer.

If you’re running Windows 7 or earlier, you can use the good old F8 key. Just reboot, and while the computer is booting, jam the F8 key. Just keep pressing it over and over.

safebootInstead of booting into Windows normally, the advanced boot options page will open. (As an aside, it is possible to re-enable F8 in Windows 8 and 10; you have to open the command prompt from ‘cmd.exe’ and type the command bcdedit /set {default} bootmenupolicy legacy. This will slow down your bootup slightly, but F8 will work again.)

Once that’s done, you’ll either get the old text-based page (for Windows 7) or the fancy new Advanced Options page (Windows 8 and 10).

In the old page, just arrow down to choose Safe Mode with Networking.

In the new one, you have to select Troubleshoot > Advanced Options > Startup Settings. Then you have to do a restart and then you finally get to choose ‘Enable Safe Mode with Networking’.

Back up your important stuff

Once you’ve booted into safe mode, back your important stuff up to an external hard drive or flash drive.

Run Malwarebytes

malwarebytesThere are a number of on-demand malware scanners, but Malwarebytes is a great choice.

It checks for and removes virus infections, as well as other potentially unwanted programs (PUPs) like browser toolbars and popups that many applications don’t register as viruses and leave intact.

You can install and run it in safe mode. Once downloaded, install and run it.

For most infections, the defaults are good (it will remove PUPs by default). Just click on the Scan button and, with Threat Scan selected, click on Start Scan.

It will roll through the process and (hopefully) find what is messing with your system and give you the option to remove it.

If Malwarebytes doesn’t pick up your problem, there are other good solutions you can try. HitmanPro 3, Comodo Cleaning Essentials, Emsisoft Anti-Malware and Avast Free AntiVirus all also include anti-malware as well as anti-virus.

Reboot your computer

Windows DefenderOnce the scan is complete and the virus/malware is removed, you can return to your normal business.

Reboot the computer and, if the malware was removed, everything should be good again.

It’s a good idea to run another virus scanner, just to be sure, such as BitDefender, Kaspersky, AVG and other offer free solutions.

You can also finally take the time to set up a proper backup system and create a recovery drive (just type recovery drive in the Windows 10 search bar to get going).

Change your passwords

Finally, it’s time to go through and change your passwords for all the important things.

While you were infected, you may well have had your passwords harvested, and you’ll now have to go through and update your passwords to new ones.

It sucks, we know, but it’s a necessary precaution.