MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal > Malware Removal FAQ
Register FAQ Members List Calendar Mark Forums Read

Malware Removal FAQ testing

Closed Thread
Thread Tools Rate Thread Display Modes
Old 10-03-07, 22:09
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 81,620
Thanks: 64
Thanked 8,150 Times in 4,503 Posts
Default Vista & Windows 7 Malware Removal/Cleaning Procedure

Vista, Win 7, Win 8 and Win 10 Malware Removal/Cleaning Procedure

  • Some programs (like MGtools mentioned later and maybe other tools too) may not run on restricted user accounts so you may need to temporarily change the user account to an admin type account and then complete the scans.
  • If you are a Spybot Search and Destroy user, make sure that you do not have Teatimer enabled. If you already have Teatimer enabled, see this to disable it: How to disable Spybot's TeaTimer
Step 1: Downloading Tools

In this step we are going to download tools we will use. We will install and configure the programs and then run scans in later steps so please only download right now during step 1.

Make sure you download the tools to the exact locations specified below in the procedures to avoid problems later. It is not a good idea to download them to any folder within C:\Documents and Settings.) It is also a bad idea to download and save anything you need into any kind of Temp folder. Malware hides in Temp folders and standard cleaning practices will delete everything from Temp folders.

If you have difficulty knowing how to download and save files to locations on your PC, check out the below Video Tutorial by TimW

Now download the below tools ( PLEASE only download at this point ). If your protection software blocks downloading because it calls these malware then shutdown your protection software because it is mistaken and is just getting in the way.
  • RogueKiller - Save to your Desktop. See the download links under this icon
  • Malwarebytes Anti-Malware - See the download links under this icon
    • Important: Rename the downloaded mbam-setup.exe file to mb.exe to help work around certain malware that will block it from being run.
  • TDSSKiller- Save to your desktop. See the download links under this icon
  • HitmanPro - Save to your desktop. See the download links under this icon
  • MGtools - Recent bugs in many antivirus programs are detecting this as malware. Disable your AV while you download and run MGtools if you have this problem. Rest assured that it is clean. Your AV is incorrect. We prefer that you download this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading). If you use FireFox and still have it set to defaults, it will not let you choose where to download files to. To change FireFox, run FireFox and Click Tools, Options, and on the Main tab select Always ask me where to save files. If for some reason you still have a problem trying to save MGtools.exe properly which can happen with Vista, Win7, 8 and 10, you can download and run it from your Desktop as long as your Desktop folder is located on the same drive that you boot Windows from. Note if you have problems just trying to complete the download of MGtools, it may be due to your browser especially if you are using Chrome or Firefox. See the Using MGtools link for help with these browser issues.
Now that you have download all the tools and saved them as requested, you are ready to start the next steps below.

Step 2: Disabling User Account Control

For Vista users - to turn off UAC ( UAC = User Account Control )
  1. Click Start, and then click Control Panel.
  2. In Control Panel, click User Accounts.
  3. In the User Accounts window, click User Accounts.
  4. In the User Accounts tasks window, click Turn User Account Control on or off.
  5. If UAC is currently configured in Admin Approval Mode, the User Account Control message appears. Click Continue.
  6. Clear the Use User Account Control (UAC) to help protect your computer check box, and then click OK. If it is already uncheck, then you should also notice a red shield with an X in it located in your system tray. Ignore any mesages about UAC being disabled.
  7. Click Restart Now to apply the change right away. (Restart even if you did not make the above change, we need to be sure that a reboot has occurred since the first time that UAC was disabled.)
  8. Keep UAC disabled until malware cleanup is complete and you have been given the okay to enable it.
NOTE: DO NOT CONTINUE UNTIL UAC has been disabled and you have rebooted.

For Windows 7 and Win 8 users - to turn off UAC ( UAC = User Account Control )
  1. Click Start, and then click Control Panel.
  2. In Control Panel, look under System and Security and select Review your computer's status.
  3. In the Action Center window, select Change User Account Control settings in the left column
  4. Then move the Slider all the way to the bottom to Never Notify
  5. Click OK and then Yes to the popup warning that you are turning off UAC
  6. If it is already unchecked, then you should also notice a red shield with an X in it located in your system tray. Ignore any mesages about UAC being disabled.
  7. Click Restart Now to apply the change right away. (Restart even if you did not make the above change, we need to be sure that a reboot has occurred since the first time that UAC was disabled.)
  8. Keep UAC disabled until malware cleanup is complete and you have been given the okay to enable it.
For Windows 10 users - don't worry about UAC. Just remember to use Right Click select Run As Administrator for all the tools.

NOTE: DO NOT CONTINUE UNTIL UAC has been disabled and you have rebooted.

Step 3: Installing Tools and Running Scans - please only run one scan at a time and only run each scan one time. Also try to complete all scans before attaching any logs!
  • RogueKiller Instructions
    • Double click RogueKiller.exe or RogueKillerX64.exe to run (Note: If running Vista or Win 7 use right-click and select Run as Administrator)
    • When it first opens it is going thru an initialization period. It is not very obvious but if you look in the Status box you will see it says Initialization. It can take sometimes ( on certain PCs ) take quite awhile for this to complete initialization. Please be patient ! When you see the ROGUEKILLER SOFTWARE LICENSE TERMS form popup, make sure that you click on the Accept button. You can close any new browser windows that open that are just a Thank You for using RogueKiller.
    • Now a prescan will run. Just wait for it to finish. You will see the Status box message change to say Prescan finished. Please hit the scan button.
    • You can then click the Scan button now. Only run a scan! Do not fix anything at this time! The scan can also take awhile to run so again please be patient.
    • When it is finished, you will see a form like below. Observe the Export TXT button which you must click to save/export a log easy to read text format.
    • Save the log somewhere that you can easily locate it like your Desktop.
    • Attach the RogueKiller logto your next message ( that is after you complete all scans or get as far as you can go). (See: HOW TO: Attach Items To Your Post )
  • Malwarebytes Anti-Malware Instructions
  • TDSSKiller Instructions
  • HitmanPro Instructions
  • MGtools Instructions
    • Now follow the directions in the below link for running MGtools. It also explains possible reasons for not being able to run MGtools
Step 4: Do You Still Have Problems
  • Yes, I’m still having problems
    • DO NOT run the READ ME again!!!! And DO NOT move on to Step 5 below!!! Please just attach your logs as given below and tell us what problems you are still having.
    • PLEASE ATTACH ALL REQUESTED LOGS whether the find anything or not!!!!! We must check that proper updated versions were run.
    • If you do not already have a thread started, start a new thread otherwise post the following in your original thread. Clearly describe in detail the problems you are having and how long ago they started. Think about what you were doing at the time.
      • Now you need to attach (See: HOW TO: Attach Items To Your Post ) ( Or View: How to Attach Items to Your Posts) the below logs created while running the above scans.
        • RKreport[1].txt from RogueKiller
        • Malwarebytes' Anti-Malware log
        • TDSSKiller log
        • HitmanPro log
        • - normally it is C:\ - only attach this log from MGtools.exe DO NOT attach any logs seen in the MGtools folder.
    • Be patient after posting your logs and wait for one of the helpers to get to you. It can take a while to read thru all of the logs and to create individual fixes for you.
    • Also DO NOT BUMP your thread to try and get a faster answer. This will actually significantly delay getting an answer. See this: Don't Bump! It Only Hurts You!!!
  • No, I’m not having any problems
    • If you are sure everything is okay ( give it a couple days to be sure ) and that you do not need to request any help, then jump to the next step below.
Step 5: Enable User Account Control (UAC)
  • While running the MGtools procedure, we had you disable UAC. Now we need to enable it again to help keep you safe.
  • You can either respond to the security notice in the System Tray alerting you to enable UAC or you can do the below.
    • navigate into the \MGTools folder just created in the root of your Windows boot drive.
    • locate the EnableUAC.reg file and double click on it and allow it to be added to the registry.
    • This registry patch is used to enable the User Account Control feature
    • You should reboot after applying the registry patch so that it works properly. You can wait to do this reboot in step 6 below if you are going to immediately perform step 6.
  • Now continue on to step 6
Step 6: Toggle System Restore
  • Before you toggle System Restore, make sure that you are no longer having any malware or other problems as specified above in step 3. If necessary, run your PC for a few days to make sure that everything is working well.
  • You only need to Toggle system restore if malware had been found during the cleaning procedures. If no malware was found, there are no infected restore points to worry about, thus you can skip to the next step.
  • Once you are sure all malware problems have been removed follow the below steps:
Why we toggle System Restore!
If you have been infected with any trojans, spyware, etc, they could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files that may contain viruses. Even though your tools may say they are deleting them, they are not! The reason for doing this after your system has been completely cleaned of problems, is so we can remove possible infected restore points. When you disable system restore, it removes restore points!
We only toggle System Restore after you are clean because keeping even infected restore points around while we are fixing things may prove useful if something goes wrong during the process. An infected restore point could be better than none at all!
  • Now continue on to the next step below!
Step 7: Keeping your computer safe and secureStep 8: Alternative Scans - If still having problems, see: Alternative Scans

Now surf safely!
"There are 10 types of people in this world. Those who understand binary and those who don't."

Support Majorgeeks on Facebook:

Majorgeeks Newsletter

Last edited by chaslang; 08-07-15 at 23:52.. Reason: Update RogueKiller instructions and Win 10
The Following 150 Users Say Thank You to chaslang For This Useful Post:
darkki&# (10-29-13), adscottie (11-19-10), ajones7874 (07-13-12), amolari (09-17-10), ANiMEL0VER (06-19-11), apronk (02-02-09), AureolusV (12-16-12), Awesomebob (03-24-11), babbaroni (06-06-11), bagrattle (06-27-14), benchcreek (10-03-13), Bikerdoug (02-13-09), Bindu (08-28-09), blue70 (06-15-13), Blue_Image (04-17-09), BOUT2GIVUP (03-17-09), brittanybri (07-29-13), cegusa (11-14-12), chezzer (02-02-15), ChinoHills (08-09-09), Clyde Mc (11-12-11), compnewbie (01-21-11), ConfusedRock (02-08-12), cris.pinoy (06-06-14), cvsnow (02-19-12), DarkWolfXV (06-01-13), dblhndr (01-29-13), DDad101 (10-28-14), default_01 (04-19-11), dekita (04-18-11), denba (04-03-13), drnrd (05-16-15), DruT4 (07-24-12), dsHarry (11-30-14), falloutf8s (12-29-08), Fenrise (09-01-08), FireGoddess370 (03-12-10), Frank O (04-10-12), fred2525 (09-14-08), furrelkt (04-17-11), gabby3457 (03-26-09), giobiondani (04-12-09), GrannyWannaBe (08-01-09), gregdil (05-23-15), Groinsh0t (10-26-08), Gwho (07-02-11), hannover (07-21-12), huso1 (04-17-15), I Am Yawl (05-17-11), idkj (01-29-09), iivanita (04-03-12), iwrangleyou (06-06-09), jayblue141 (08-17-14), jesushairdo109 (05-09-09), Joe Ciaravino (06-20-15), JTForealz (06-29-13), Juisterr (02-13-09), Karbuster (02-22-12), kbo (04-05-13), Kenkita (08-22-13), Kintelligence (08-01-13), kitaubila (01-24-09), Kjodiz (11-07-12), Knives4Less (07-08-10), kris87 (01-11-09), leroi48 (06-10-12), lindamartin123 (08-03-13), lingim (02-15-14), lodza (03-26-09), LoLyfe (10-03-10), Loudwing (11-26-10), louieb2 (10-02-08), MacBooom (10-30-14), madamson (01-19-12), madengineer (12-14-08), maggieboby (12-05-08), mamabear0604 (10-14-13), MamaGeek (03-12-09), mands1833 (05-04-13), maximus95 (09-25-12), mcsmc (07-16-10), MCxGT (04-04-13), Meilee (04-23-14), melen001 (06-14-14), Mimsy (07-30-13), MisterWiggins (12-16-10), mollymil (02-25-12), Motada (07-17-13), mountainmama (02-11-11), Mr Tripps (06-08-13), mrdoeboix12 (02-26-14), Mrphoenix (06-08-11), mynameisluca (02-08-11), NJD80 (01-01-09), NuMs1 (09-24-10), OldAnton (06-08-09), omaroo (10-02-10), orhalimi (06-26-13), painterml (02-16-09), phoenixshade (02-07-11), Phydron (03-25-13), Pilsudski (08-21-08), Puffbunny (10-24-12), radiot (09-09-09), RayDunne (03-05-11), rdsw1965 (06-23-09), retro-man (09-04-10), rexer (11-18-10), RideOn88 (03-30-13), rison146 (07-18-12), rmgrams (05-29-09), ronster11 (11-08-12), ryj75 (01-28-09), SamWithPCnMac (01-01-15), seekingelf (05-29-09), sharlypop (08-17-12), Sherbet (02-27-11), sight7 (12-19-08), silvergunsuperman (05-22-13), silvertree (10-03-10), SingingSam (10-11-12), skilbo (09-14-10), Spock96 (03-14-14), SScytrome (03-08-11), Steven Tollhouse (03-27-11), StiinaQT (11-29-10), supyo (12-04-08), tanyanorthey (03-08-09), tatsall (08-09-08), telomere (02-17-12), tfrentz (06-13-14), tft2595 (10-26-12), TouchstoneUK (12-07-11), trevorlaneray (12-14-11), Tucquan (02-16-09), urbanphoenix (08-14-09), vacat (09-05-13), Virtumondehatesme (04-04-10), waterboy2 (01-23-12), wh1te13 (04-17-13), Will DOS (04-13-13), wittuh (10-19-11), WonderWeasel82 (04-19-12), woodycaw (10-19-14), yazzie0 (05-19-13), yeou (12-12-14), younus420 (11-07-10), zDeadly (03-20-10), zeriab (04-08-14), zugzug (06-06-14)
Sponsored links
Closed Thread

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
trojan dns changer Vista Cleaning Procedure, Malwarebytes Anti-Malware arnie4 Software 15 06-04-09 11:35
windows vista cleaning procedure quebgal Malware Removal 7 09-18-08 00:21

All times are GMT -5. The time now is 11:34.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds

All content Copyright source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger