Virus AND malware REMOVAL

1. Virus AND malware REMOVAL Presented by Jamie Leben IT-Works Computer Services http://www.i-t-w.com

2. Some terminology (from wikipedia.org) • Malware: ”A portmanteau from the words malicious and software, is software designed to infiltrate or damage a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, including true viruses.”

3. Some terminology (from wikipedia.org) • Virus: “A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the user.”

4. Some terminology (from wikipedia.org) • Worm: “A computer worm is a self-replicating computer program.”

5. Some terminology (from wikipedia.org) • Trojan: “The Trojan horse, also known as trojan, in the context of computing and software, describes a class of computer threats that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine.”

6. Do you have malware? • Some clues: • Slow PC • No Internet access • ISP says you’re infected • Unwanted programs starting automatically • Pop-ups • Browser re-directs

7. Disclaimer • The following suggestions for removing malware may result in data loss and loss of function of the computer being cleaned. • Do no attempt without a verified backup of your data!

8. System Restore • If you know when the malware arrived, a system restore may remove it. • Have a verified good Back Up first. • "Start" • "Help and Support" • Search for "system restore" • "run the system restore wizard" • "restore my computer to an earlier time" • "Next" • Choose a bold print date on the calendar that corresponds to a known good state. • Choose a restore point for that date on the right. • "Next" twice, wait for the wizard to reboot the PC • Run malware cleaners and an online scan to see if the malware is gone

9. Malware cleaners • Download and run these malware removers: • Malwarebytes: http://www.malwarebytes.org/ • Superantispywarehttp://www.superantispyware.com/ • Combofix: http://www.combofix.org/ • Adaware: http://www.lavasoft.com/ • Spybot Search and Destroy http://www.safer-networking.org/index2.html

10. Online Virus Scans • Google search for: online virus scan • Run a scan from either: • Trend Micro • Bit Defender • If one scanner finds and removes malware, run the other scanner. Repeat until no results appear. • If no malware is found by either, the PC is likely clean. • If malware continues to appear after 3-4 scans, start in Safe Mode

11. Start in Safe Mode • Shut off the computer • Place your finger on the “F8” key • Start the computer • After the first boot screen disappears, press “F8” rapidly • If successful, you will get a black screen with • Safe mode • Safe mode with networking • Use arrow keys to select “Safe mode with networking”, press “enter”, ok through the messages • Sign in on the “Administrator” account • If the Windows boot screen starts, wait until you can shut down, then try again.

12. Scan in safe mode • Run online virus scans in safe mode • Run Malware removers in safe mode • If scans continue to indicate infections, or if you can’t run online scans or malware removers in safe mode, the machine probably should be backed up and reloaded