Malware Guide

Table of Contents

This guide is designed to inform you of the best ways to remove malware from your computer, and how to best protect yourself from malware in the future. Not all malware is created equal, and even the best protection and most knowledgeable users will get malware eventually. There is no single way to avoid getting malware.

I downloaded but did not run the malware, am I OK?

In most cases yes, malware is only dangerous once it has been executed. If you want to be sure you can follow the rest of this guide.

How do I know if I have malware?

There is no way to 100% know if you have malware. No AV/AM is perfect, and clever malware can completely hide itself.

Malware is rarely the answer to an unexpected event on your computer. Malware serves a purpose on your computer, rarely is it there just to be there.

What are some signs of malware?

  • Windows Defender (or other AV/AM software) detected malware on your computer, and you are sure it’s not a false positive.
  • Popups appearing on your desktop all the time. These could be ads, ransom demands, scare tactics, or anything else
  • Your files are encrypted or deleted from your system.
  • Constant redirections on your browser
  • Your computer is using 100% CPU/GPU all the time

None of these signs are 100% certainties that you have malware. Malware can present itself in so many different ways, and it would be impossible to list them all. Some malware can stay completely hidden from everything.

How do I find malware on my system?

  • Your AV/AM tool should have real time protection on at all times. That will be the best way to get an alert about possible malware.
  • You can always run a full scan of the system, but that takes a while and isn’t really more effective then real time protection
  • Look for installed programs you don’t recognize.

What shouldn’t I do when looking for malware?

  • Don’t look through task manager, system32, or anywhere else to try and find malware. There is almost no chance you will actually find something, and you will just become paranoid.
  • Don’t download every AV/AM ever made just to scan. That is a huge waste of time, and the signatures aren’t that different across all AV/AMs. Windows defender is enough.
  • Don’t start ending random process or deleting random files, just because you don’t know what they are.
  • Don’t upload every file on your computer to sites like VirusTotal. These sites are made for professionals, and if you don’t know how to actually use them, they won’t do you any good.

Malware remediation steps

If your files are encrypted, do not follow any steps in this guide until you read this article on ransomware.

The only way to guarantee all malware is removed from your system is to do a clean install. The anti-malware tools listed below can only take their best shot at removing malware from your system. There is no guarantee that any tools, listed in this guide or not, will remove all malware from your system. AV/AM tools can only think your system doesn’t have malware.

If you would like to attempt to remove malware from your system, you can run the three tools listed below.

  1. RKill
  2. Malwarebytes ADW cleaner
  3. Hitman pro

Chrome Malware

Chrome is often a vector for malware, if you are facing a stubborn infection do the following.

  1. Uninstall Chrome
  2. Rename the chrome directory in %LocalAppData%\Google\ to chrome.bak
  3. Install Chrome, do not sign in yet
  4. See if issue persists.

Once you sign in, the issue may come back. This points to a synced extension being the issue.

How to protect yourself in the future

  • Make sure you are using non-EOL software & OS. Operating systems like Windows XP, Vista, and 7 carry additional security risks as they are no longer being supported by Microsoft. Running pre-release, beta, insider, or preview builds can also carry additional risks.
  • Make sure you are updating your software & OS. Updates often include security patches, which malware can exploit if left unpatched.
  • Make sure you are running an anti-virus. Windows includes Windows Defender by default, and that is all most people need. See here for our stance on paid AVs. If you don’t like Windows Defender, running an AV is better than running none.
  • For protection against ransomware, make sure you keep good backups of your data. Backups are preemptive, not reactive. You cannot backup your data after it is lost.
  • Running an adblocker like UBlock Origin is a great way to protect yourself online. Malicious advertisements exist and are a fairly common way to get malware in the first place.

Taking precautions and not trusting everything online is the best way to protect yourself:

  • Don’t let strangers take remote control of your computer. Microsoft will never call you on the phone. Your browser will never tell you to call Microsoft because of malware.
  • Don’t open random email attachments. If you weren’t expecting it, be cautious.
  • Don’t give unknown programs and files administrator privileges on your computer. If you didn’t open the software or don’t trust it, don’t give it admin privileges.
  • Don’t put your credentials in an email. No company will ever ask for your plain text password for any reason. If you get an email claiming your account was locked, always go to a link you trust, don’t click the link in the email.

But how did I get infected in the first place?

It is difficult to track down the source of infection. Most infections are permitted to run unknowingly by the user. It is recommended to keep User Account Control turned on and never give access to something you do not trust or did not open. Many other infections come via exploits in your browser or browser plug-ins on websites you visit. Always be very careful what you install. Make sure you trust the source implicitly. When downloading programs, always use the publisher’s website directly, or a trusted package manager.