Every now and then I’m asked to help someone get their computer back in running form. Usually I’ll find all sorts of “malware” installed on the computer. Malware includes things that hijack the browser, automatic dialers, unwanted programs and viruses. In the past I’ve sometimes resorted to backing up all necessary data, wiping out the computer and doing a fresh installation of Windows. This can be an all-day proposition. It’s more often preferable to fix the problems with the computer instead.

When removing malware, I usually stick to a couple of tools such as Adaware and Spybot-Search & Destroy. However, I found a more general purpose set of instructions on how to fix a computer that has been overrun by malware on the Anandtech Forums. I’ve included those instructions below, as well as included some additional tips on preventing malware from coming back.

Getting the tools:

The Cleansing:

  • Reboot into Safe Mode
  • Disable System Restore
  • Run a full scan and fix what they find with the following applications:
    • Your updated antivirus
    • CWShredder
    • Spybot
    • Adaware
    • Microsoft Antispyware
  • Reboot into normal windows, if you are still having trouble, run a Hijackthis scan, save your log, and post that log on the forums at Spywareinfo.

Once the malware is gone, the best thing to do to prevent additional malware from coming back in the future is to set up and consistently use a user account that does not have administrative privileges. Just create a normal user account and log in with that. When you need to install new software or do things that require more permissions, you can either log in with the administrator account temporarily, or a better option is to right-click on the program or shortcut and choose “Run as…” and put in the credentials for the administrator account for just that one program.

Many people find using a normal user account too restrictive. For those people, here are a few more suggestions:

  • Use Mozilla Firefox as your default browser. I like this browser a lot. It renders web pages very quickly, it has tabbed browsing, it has a built-in popup blocker, it has an integrated Google search control, and using it prevents the vast majority of malware problems that I commonly see. The most common malware problems seem to exploit problems in Internet Explorer and if you use Mozilla Firefox as your default browser, you avoid most of these problems.
  • Use a popup blocker. Most popup ads and prompts for installing malware can be prevented by using a good popup blocker. Mozilla Firefox has one built in, but if you insist on continuing to use Internet Explorer, the Google Toolbar does a decent job.
  • Set up Windows Update to automatically install high priority updates. The high priority updates are exclusively updates for security problems. Go to Control Panel, open Security Center, and choose Automatic Updates. It’s good to configure them to automatically download and install updates. You can pick whatever time you would like. If the computer isn’t turned on at the time that the Automatic Update is scheduled, it will run at another time.
  • Keep your antivirus software up to date. The instructions that I copied from the Anandtech Forums post suggests using AntiVir. I more often use AVG Antivirus Free Edition.
  • Don’t click on popup windows. Unless the malware is exploiting a security hole, it is usually installed with permission by the user. The installation prompt may not clearly say that it is installing software, so you’re better off just closing extraneous popup windows.
  • Use a firewall or make sure your computer is hidden behind a router. Many attacks from the Internet can be easily prevented simply by not allowing the network traffic to reach your computer. Firewalls should generally be configured to allow only outbound traffic. The default firewall that comes with Windows XP Service Pack 2 should be fine. Any inbound traffic should be things you know you really need. Routers give similar protection because you generally need to explicitly configure them to allow inbound traffic to reach your computer.
  • Check to see if a program contains malware before installing it. Sites like Logiguard.com will allow you to put in the name of a program and it will list malware either found in the program or security problems with the software that would allow malware entry into your computer.

I hope these suggestions help. If you have additional suggestions for preventing or cleaning malware, please leave a comment.