Virus AND malware REMOVAL

1. Virus AND malware REMOVAL Presented by Jamie Leben IT-Works Computer Services 970-405-4399 http://www.i-t-w.com

2. Some terminology (from wikipedia.org) • Malware: ”A portmanteau from the words malicious and software, is software designed to infiltrate or damage a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, including true viruses.”

3. Some terminology (from wikipedia.org) • Virus: “A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the user.”

4. Some terminology (from wikipedia.org) • Worm: “A computer worm is a self-replicating computer program.”

5. Some terminology (from wikipedia.org) • Trojan: “The Trojan horse, also known as trojan, in the context of computing and software, describes a class of computer threats that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine.”

6. Do you have malware? • Some clues: • Slow PC • No Internet access • ISP says you’re infected • Unwanted programs starting automatically • Pop-ups • Browser re-directs

7. Disclaimer • The following suggestions for removing malware may result in data loss and loss of function of the computer being cleaned. • Do no attempt without a verified backup of your data!

8. Start in safe mode • Safe mode ay be necessary for later steps • Run online virus scans in safe mode • Run Malware removers in safe mode • If scans continue to indicate infections, or if you can’t run online scans or malware removers in safe mode, the machine probably should be backed up and reloaded

9. Start in Safe Mode • Shut off the computer • Place your finger on the “F8” key • Start the computer • After the first boot screen disappears, press “F8” rapidly • If successful, you will get a black screen with • Safe mode • Safe mode with networking • Use arrow keys to select “Safe mode with networking”, press “enter”, ok through the messages • Sign in on the “Administrator” account • If the Windows boot screen starts, wait until you can shut down, then try again.

10. System Restore • If you know when the malware arrived, a system restore may remove it. • Have a verified good Back Up first. • "Start" • "Help and Support" • Search for "system restore" • "run the system restore wizard" • "restore my computer to an earlier time" • "Next" • Choose a bold print date on the calendar that corresponds to a known good state. • Choose a restore point for that date on the right. • "Next" twice, wait for the wizard to reboot the PC • Run malware cleaners and an online scan to see if the malware is gone

11. Malware cleaners • After System Restore completes, download and run these malware removers: (in this order) • TDSSKillerhttp://support.kaspersky.com/faq/?qid=208280684 If TDSSKiller detects items, reboot and rerun • Combofix: http://www.combofix.org/ reboot after it finishes and gives its report • Malwarebytes: http://www.malwarebytes.org/ re-run full scans repeatedly until noting is detected • Re-Run scans in regular mode to ensure removal

12. Online Virus Scans • Google search for: online virus scan • Run a scan from either: • Trend Micro • Bit Defender • If no malware is found by either, the PC is likely clean. • If malware continues to appear in scan results after 3 cycles of scans (TDSS, Combofix, Malwarebytes, online scans), the PC should probably be reloaded

13. Questions?