Even after malware has been removed from a computer many of the problems caused by it may still remain. That said, one of the first things you should do in order to fix any of these problems is to make sure that all infections have actually been removed. If you know that you still have infections on your computer then, instead of trying to fix problems while the malware is still present, you should first remove all infections. To do this please see my article about How to Clean An Infected Computer. Then, after you believe that all malware has been removed you should also check to make sure the computer is now clean by following the advice I give in How to Know If Your Computer Is Infected. Trying to fix problems on a computer that is still infected is largely a waste of time.
Once you have confirmed that your computer is entirely free of malware you should then back up all of your important files. This way if anything goes wrong while fixing the computer, which is a very real possibility, your important documents will still be intact. Please note that if your computer cannot boot you should follow the advice on this page in order to back up all important files.
In order to fix your computer you only need to follow this article as far as is required to fix the problems you are experiencing. However, advice on how to fix nearly any type of problem is included in the article. Thus, the length of the article is actually much longer than just about anyone would have to read. Just consult the sections that are relevant to the problems you are experiencing. Note that for situations in which your computer will not even boot into Windows you should skip to the section about What To Do If Your Computer Cannot Start.
Changelog:
5/23/2014-Added link to Best Free Antivirus Software article.
9/14/2014-Replaced http links with https links wherever possible and updated link for CCE.
Index
1. How To Recover Important Files Deleted During Infection
2. Always Follow These Steps After Cleaning Infection
3. Use Windows Repair Kit To Fix Most Problems
A) Fix Problems With Hidden Files Or Folders, Missing Shortcuts, Or Missing Start Menu links
B) Fix Common Internet Problems
4. How To Fix Many Remaining Problems
A) How To Fix Remaining Internet Problems
B) Fix Problems With Specific Programs
C) Use Microsoft Fix It Solutions To Fix Common Windows Problems
E) What To Do If Problems Remain
5. What To Do If Your Computer Cannot Start
A) Try Repairing Windows Without A Disk
B) Repair Windows Using Windows Disk Or Alternative
C) Repair Master Boot Record As That Could Be Root Of Problems
D) What To Do If Problems Still Remain
6. What To Do If These Steps Fail
7. What To Do After Everything Is Fixed
1. How To Recover Important Files Deleted During Infection
Note that you can skip this section unless important files of yours have been deleted.
If any of your files have been deleted by malware you may still have a chance of recovering them. However, make sure that you use your computer as little as possible before running the tool below. The reason I say this is that the more you use your computer the lower your chances become of successfully recovering the files. For trying to recover these files I recommend you download Recuva Free from this page. Download the free version from the Piriform.com source, install it, run it, and then answer the questions in its wizard. When it gives you the option first try it without the Deep Scan, as that would take much longer.
Once it is done scanning select any of the files you are trying to recover and select the option to recover them. This will automatically put any recovered files right back where they originally were. However, if the files you were looking for are not in the list then you should select the option to "Switch to advanced mode". Then go to options and open the Actions tab. Check the box for "Deep Scan" and select OK. Then select the option to Scan. Hopefully this will be able to recover the files you have lost. That said, it may not be able to. In those cases I believe the files have been lost forever and cannot be recovered.
2. Always Follow These Steps After Cleaning Infection
_Large.jpg)
After cleaning an infection, and making sure it has been entirely removed, the first thing you should always do is to reset all of your passwords. The reason for this is that it's entirely possible that the malware was able to capture your passwords and send them to criminals. Thus it's very important that you reset all of your passwords immediately. After doing this I would recommend that you make sure that Windows is fully updated. Note that if you can't update Windows the following sections should be able to help you fix that problem. Also, I would advise that you remove all of your old system restore points. It's likely that these are still infected, thus rendering them worthless. The easiest way to do this is to turn off system restore and then turn it back on. Instructions for how to do this can be found on this page.
You should also take the time to uninstall, and then reinstall, any security programs which were on your computer while it was infected. Also, do make sure that you only have one antivirus installed as having more can actually lead to conflicts, which can cause further problems. For best results you should also run clean-up tools after uninstalling each security program. This page has a list of specialized uninstallers for many common security programs. Please read the instructions carefully.
Other then that I would also suggest that you download and then run Comodo Cleaning Essentials (CCE). This program has the ability to check for, and attempt to fix, many common problems caused by infections. After opening up CCE you should open up KillSwitch from the tools menu of CCE. Then go to the tools menu in KillSwitch and select the option for "Quick Repair". Allow it to repair any problems it finds and then restart your computer to see if any problems you may have been experiencing are now gone. If your computer now appears to have no problems then you can skip to the section about What To Do After Everything Is Fixed. If all problems are not fixed, or the repair failed, please continue to the next section.
3. Use Windows Repair Kit To Fix Most Problems
One of the fastest, and easiest, ways to fix most problems caused by malware is to run a specialized tool called the Windows Repair Kit. It can be downloaded from this page. This program is able to fix nearly any problem caused by malware. Thus, hopefully whatever problems you are experiencing can be fixed by this program. After downloading this program you should install it and then start the program.
Under the tab for Step 2 I would strongly advise that you take the time to check the drive for file system errors. Once this is done you should restart your computer and then start the program again. This time go to the tab for Step 3 and perform a system file check. Note that Windows XP users, or Windows 2003 users, will need to insert their Windows disk in order to do this. I would strongly advise that if possible you should perform this check. After this is done again restart your computer and then start the program. This time go to the tab for Step 4 and create both a system restore point and a registry backup. These are very important in case this program accidently causes additional harm to your computer. This way if something bad does happen you can just restore these and get rid of the new problems. After these backups are complete go to the tab for "Start Repairs" and choose the option to Start.
You should now see a screen that shows a list of all the fixes which can be done. Information about what each of these does can be found by left-clicking on a fix and looking under the "Repair Info" tab. You can either select only the fixes you think would fix the problems you're experiencing, follow the advice in the following parts of this section, or just select all of them. If you are uncertain what types of problems you have I would strongly suggest that you select all options and repair them all. That said, below I have listed which options you should choose in order to fix relatively common problems caused by infections.
A) Fix Problems With Hidden Files Or Folders, Missing Shortcuts, Or Missing Start Menu links
If you are experiencing these problems, which may also include problems with your internet connection, then select the options to "Reset Registry Permissions", "Reset File Permissions", "Unhide Non System Files", "Repair Missing Start Menu Icons Removed By Infections", and "Repair Proxy Settings". Then run these fixes and restart the computer when they are done. If problems with your internet connection still persist after running these fixes then follow the advice in the part about how to Fix Common Internet Problems. If problems other than that still remain then I suggest you run all fixes to see if that can fix your problems.
B) Fix Common Internet Problems
If the only problem that you are experiencing is that your internet connection is not working you should select the options to "Register System Files", "Repair WMI", "Repair Internet Explorer", "Repair Hosts File", "Remove Policies Set By Infections", "Repair Winsock & DNS Cache", "Repair Proxy Settings", and "Set Windows Services to Default". Then run the fixes and restart the computer when they are done. Hopefully this will fix all problems with your internet connection, although I have noticed that sometimes you will have to run the Windows Network Diagnostics, even after running these fixes, in order to get the internet working. Advice on how to troubleshoot any remaining internet problems, including running Windows Network Diagnostics, can be found in the section about How To Fix Remaining Internet Problems. If, after following the advice in the other section, problems still remain then I suggest you run all fixes to see if that can fix your problems.
C) What To Do If Problems Remain
I have found that under some circumstances Windows Repair Kit does repair many problems, but other problems still remain. For these cases it may be helpful to go to the section about How To Fix Many Remaining Problems. Windows Repair Kit may have been able to repair enough that you can now fix the rest yourself.
4. How To Fix Many Remaining Problems
A) How To Fix Remaining Internet Problems
For situations in which you are still experiencing a problem with your internet connection it's best to first run the Windows Network Diagnostics to see if they can fix your problems. To do this for Windows XP you will need to download and then run a program. Of course you will have to transfer this from another computer. For instructions on how to use this program please see this page. For Windows Vista and Windows 7 the network diagnostics are built into the operating system. A tutorial for how to access these for Windows Vista can be found on this page, and a tutorial for Windows 7 can be found on this page.
Beyond this there are also many other common issues which could cause problems with your internet connection. If you're using a wired connection one of the simplest of these is checking to make sure the cables are connected properly. Also, if you are using a router, regardless of whether you use a wired or a wireless connection, you should check to make sure there are no problems with the router. For instructions on how to reset your router, to make sure it isn't the problem, please see this page. Also, you should check to make sure that your area is not currently experiencing a network outage by contacting your Internet Service Provider.
If you are using a wireless connection then please read the issues described in this article to see if any of them matches your problem. Please note that I have linked to page one of eight. If these cannot fix the problems you are experiencing then it may be helpful to jump to the section about how to Use Microsoft Fix It Solutions To Fix Common Windows Problems. Some of the fixes on that site may be able to help you restore your internet connection.
If, even after running any relevant fixes from that page, problems still remain then it's possible that the remaining problems may be due to damaged or missing system driver files or services. In order to make sure this is not the problem download a program called the Farbar Service Scanner from this page. To use this program to diagnose, and repair, problems with your internet connection, make sure the option to scan for "Internet Services" is checked. Then select the option to Scan. When it shows you the scan log look at the section for file check. Specifically, look for any files with the message "FILE IS MISSING AND MUST BE RESTORED". If a file is missing you will need to find a replacement.
To do that, run Farbar Service Scanner on a different computer, but with the same Operating System. However, make sure this computer is working correctly. Then type in the name of the missing file in the search box in the Farbar Service Scanner and select the option to "Search Files". For example the missing file could be afd.sys. Then navigate to one of the locations noted in the new log, which will automatically pop up when the search is completed, and copy the file. You may want to transfer the replacement file to the damaged computer via USB. Then navigate to the C:\Windows\system32/Drivers folder, on the damaged computer, and paste the file in there. Now restart the computer and hopefully the problems with your internet connection should be solved. If not then again try running the fixes in the section about how to Fix Common Internet Problems to see if that can solve your problems. After going through these steps that program may now be able to fix the internet connection.
B) Fix Problems With Specific Programs
If the problem you're experiencing is only with a specific program then the easiest way to fix it is to just uninstall the program and then reinstall it. One of the best ways to uninstall a program is to use a program called Revo Uninstaller Free. You can download the free version from this page. This program will make sure that all remnants of the program are removed. After starting Revo Uninstaller you should double click on the program you want to remove and, when prompted, select the "Moderate Search" option. Also, if the program you are uninstalling asks to restart the computer select no and let Revo clean whatever it finds. After Revo completes you should restart the computer before reinstalling the program. However, do note that this program cannot uninstall 64 bit programs. These will not even show up in its list. For these programs I would recommend just uninstalling them normally, and then restarting the computer, before reinstalling them.
C) Use Microsoft Fix It Solutions To Fix Common Windows Problems
If problems still remain then it may be helpful to install and run a registry cleaner. Fixing registry problems may be able to fix some problems which could be leftover from malware infections. However, it's also possible that something could go wrong and the computer could end up with even more problems. To protect yourself from this possibility you should always use reputable registry cleaners and, when provided with the option to back up the registry, you should always back it up. That way, even if something does go wrong, you can just restore the registry and be fine. I would recommend that you use either the registry cleaner built into Eusing Free Registry Cleaner or CCleaner. Note that if you decide to use CCleaner you should download the Portable version from this page to avoid inadvertantly installing unwanted software. However, at this stage of the repair process do not use it to remove anything other than registry entries.
E) What To Do If Problems Remain
If, even after following all of the above advice, problems still remain then you do still have some options remaining. Even though the next section is mainly about what to do if your computer cannot boot into Windows, the advice provided may also be able to repair many other types of problems. Please follow sections A and B to see if they can fix whatever problems you are still experiencing.
5. What To Do If Your Computer Cannot Start
A) Try Repairing Windows Without A Disk
If your computer cannot boot into normal Windows mode, and you're running Windows Vista or Windows 7, there is an easy way to fix many problems with your computer. Restart your computer and, as soon as it starts booting up, tap F8 repeatedly until an options menu comes up. Then select the option to "Repair Your Computer" and press enter. Answer any questions the wizard asks you and let it fix whatever problems it finds. If your computer is now able to boot back into normal windows mode, then I would suggest that you go back to the beginning of this article and fix any remaining problems.
If your computer is running Windows XP or earlier, or the above advice did not fix the problem to the point where you can now boot into normal Windows mode, then you should try to get your computer to run in Safe Mode. A tutorial for how to do this can be found on this page. Once in safe mode try running all fixes as mentioned in this section of this article. If your computer is now able to boot back into normal windows mode, then I would suggest that you go back to the beginning of this article and fix any remaining problems. However, if the problem was that your computer wouldn't boot at all then I would suggest that you continue to the next part.
B) Repair Windows Using Windows Disk Or Alternative
If Windows still won't start you may need to repair Windows from a disk. If you have a Windows disk then the first thing I would do is to put it in the drive and boot from it. Note that you may need to change the boot order in the BIOS to make sure the computer will boot from the CD. Here is a useful article on How To Change the Boot Order in BIOS. For our purposes you should change the order so that the "CD/DVD Rom drive" is first. Then, after booting from the Windows disk, you can select the option to repair Windows. When you reach the screen where it gives you multiple repair options select the one for "Startup Repair". This should be able to fix many problems with the computer. Of course, this option is only available to those who have a Windows disk.
If you do not have a Windows Disk then you can download a program called Sardu from this page. This program is designed to create bootable CD's for malware removal and computer repair. After downloading the zip file install the program. Be very careful about the added offers now included with the installer. Sadly, this program now tries to trick people into installing extra programs, which are largely unnecessary. Then open the program and go to the tab for Windows. Under this tab look at the section for "Win Recovery Disk". I would recommend only using this program to download the recovery disk for XP, as the ones for Vista and Windows 7 are not free. For downloading the ISO for Windows 7 please go to this page. After downloading the ISO move it to the ISO folder, which is located inside the Sardu folder. After doing this you can use Sardu to create your rescue disk by going to the Windows tab, making sure the check mark is next to the correct recovery disk, and clicking the button to either make a USB or to make an ISO. Once complete this recovery disk will now work similar to if you had inserted an ordinary Windows disk.
C) Repair Master Boot Record As That Could Be Root Of Problems
If repairing with the Windows disks was still not able to fix your computer then it's possible that your Master Boot Record (MBR) has been corrupted. This can happen after removing certain types of very vicious malware. In that case I would recommend rebuilding the MBR. To do this please download the bootable CD version of MiniTool Partition Wizard from this page. Then burn the ISO to a CD. After creating your bootable CD you may need to change the bootup sequence in your BIOS settings to ensure that if you insert a bootable CD the computer will boot from it instead of from the normal operating system. Here is a useful article on How To Change the Boot Order in BIOS. For our purposes you should change the order so that the "CD/DVD Rom drive" is first. After doing this follow the directions on this page, which are largely explained by the pictures, in order to load the program on the computer.
After the program is running you should right-click on "Disk 1" and select the option to "Rebuild MBR". Note that this option will be grayed out if on your computer Disk 1 is only a partition. For those cases you may need to select one of the other disks. That said, Disk 1 should almost always be the one containing the operating system. After selecting the option to "Rebuild MBR" you should see that there is now one operation pending, which can be seen on the lower left-hand corner of the window. After confirming that the operation to rebuild the MBR is pending select the option for yes, which should be near the upper left-hand corner of the window. This should rebuild the MBR and hopefully make your computer bootable again.
If after following the advice in this section your computer is now able to boot you should go back to the beginning of this article and fix any other problems which may be left over from the infection. However, if your computer still won't start please go to the section about What To Do If These Steps Fail.
6. What To Do If These Steps Fail
If even after following all of the above steps, the problems you are experiencing are still not fixed, there are a few things I would like for you to do. Please first leave me a comment letting me know what steps you took to try and fix the problems, and which problems remain. After doing this, which is important because it will help me to improve the article, you should go to a specialized forum where they may be able to help you to fix your computer. A forum which I have found to be very helpful is MalwareTips.
However, if even going to a specialized forum is not enough to get your computer back to working order, it's likely that the damage is too severe for you to repair. In those cases you will need to reinstall your operating system. Make sure that if you do this you perform a full format of your operating system as part of the reinstall process. This will make sure that any malware, or related problems, are fully removed before your fresh operating system is installed. Failure to do this could lead to future problems with the new operating system. After your computer is now problem free, regardless of how it reached this state, please read the section about What To Do After Everything Is Fixed.
7. What To Do After Everything Is Fixed
Once you have successfully cleaned all infections from your computer, and repaired any leftover damage, you should now take steps to ensure that it does not happen again. For this reason I have written an article about How to Stay Safe While Online. Please read through it and implement whichever methods you feel best fit your needs. Also, now that all problems are solved you can use a program called CCleaner to remove all of your temporary files. You should download the Portable version from this page to avoid inadvertantly installing unwanted software. Running CCleaner may even contain inactive pieces of malware, which will be removed by this program.
After securing your computer, and removing all temporary files, you can now restore any of the backed up files that may have been lost during the repair process. Hopefully this step is not necessary, but just in case it is you can safely restore them now. However, do make sure that your computer is strongly protected, as described in my article, as it's possible that malware may have infiltrated your backup files and will now try to reinfect the system.
Please help by rating this article. Also, if you believe this article deserves anything less than 5 stars, please leave a comment below explaining how you think it can be improved or where you find fault. This article is written by me but fueled by the community. Thus your opinions and advice are not only much appreciated, but actually necessary in order for this article to grow and improve.
If you found this article useful then perhaps you'd like to check out some of my others.
How to Clean An Infected Computer
How to Harden Your Browser Against Malware and Privacy Concerns
How to Install Comodo Firewall
How to Know If Your Computer Is Infected
How to Protect Your Online Privacy
How to Report Dangerous Websites
How to Report Malware or False Positives to Multiple Antivirus Vendors
How to Tell if a File is Malicious
How to Tell If A Website Is Dangerous
This software category is in need of an editor. If you would like to give something back to the freeware community by taking it over, check out this page for more details. You can then contact us from that page or by clicking here
We are looking for people with skills or interest in the following areas:
Comments
Venting! I upgraded from Win XP Pro to Win 7 Ultimate in Aug. 2014, primarily to receive windows security updates. I've been hit by 4 Trojans since the upgrade. What a mess. My computer appears to still be infected - slow boot and startup, programs timing out including Firefox browser. I've spent almost $300 dollars for removal applications and online support - some are effective, some are rip-offs. I recently considered purchasing another laptop, but not yet since there'll be issues with existing purchased software and since the Microsoft push is now for Win 8.1. - I'm not looking for another OS version. Currently, I appreciate the concise details provided by this site for addressing a windows infection - I'm not sure why I didn't discover this site within a google search. Could've saved me time and money - I haven't tried any of the suggestions yet, but my fingers are crossed. I would've liked to have seen an initial overview of suggested steps. I'll figure it out as I printed the documents and re-read what I need to do. I'll put venting on the back burner for now - time to get to work. Thanks for listening...
Thank you for all these well detailed steps. They were easy to follow. Unfortunately I am still getting multiple BSOD per day and this is after re-installing windows 8 on my computer.
I contacted Microsoft tech support and the last person said I had some kind malware or virus on my computer and they could quickly remove it for 99$. Funny thing is, when I first re-installed windows 8 on my computer I did not get any BSOD. Until I started downloading all the updates for windows 8.
I am beyond frustrated because I've lost over a week of work at home time on this issue.
Some of the BSOD errors that have been happening since re-installing windows and all its updates:
SYSTEM_SERVICE_EXCEPTION (MULTIPLE TIMES)
KERNAL_SECURITY_(DIDN'T SEE THE REST)
KMODE_EXECEPTION_NOT_HANDLED
ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY
SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
KERNAL_DATA_ _ERROR 0X00021A
ADBUPDATE.EXE
SYSTEM_PTE_MISUSE
IRQL_NOT_LESS_OR_EQUAL
Long story short, does anyone have any knowledge of this so called virus or malware? CAn anyone point me in a direction to stop these BSOD issues?
Hello, nice articles!
I haven't applied any of the methods you advice because I am still in the backup phase of the process. I recently had my computer infected by a Trojan from a USB flash drive, which brought me here. I have already fixed this, however, I had also trouble time ago with some malware from portable software one teacher gave me (Photoshop). Since this happened, Adobe Reader and my antivirus (Avast! 2014) stopped working.
Each time I try to start Adobe Reader, there's a window which says there was a problem with a instruction referenced at memory. Besides, Avast! stopped running; I can't start the program again and not even uninstall and reinstall works. All this makes me think I will have to repair from a CD or install WinXp again.
AND HERE IS MY BIGGEST PROBLEM. I have backed up most of my files, but some videos that I only have in my computer (no other copies) where damaged and I cannot copy them because of a CRC error. I have already tried the xcopy command, but it doesn't work either.
What advice can you give me about my problems? I would really appreciate your answer, even if it's only regarding the videos issue.
Malware Removal:
I usually use the following method to remove malwares from Windows:
(1) Run Malwarebyte Anti-Malware, do a quick scan. Wait till completed. List out the names and locations of these malware and record it.
(2) Remove them all. But some cannot be removed and come back again after restarting
the Windows. For example, trying to remove "Conduit.." malware, a program called
"Rundll32.exe" cannot be removed from Windows.
Locate this program (in /Windows/SysWOW64/Rundll32.exe.
(3) Shutdown the Windows.
(4) Run a Linux OS, such as Knoppix from a bootable USB Flash Drive.
(5) Locate that program and rename it , e.g. to Rundll32.exeBAK. Do not delete it. It might be needed by other program.
Shutdown the Knoppix and restart your Windows. That malware should have gone.
Have fun.
First, great, comprehensive article!
Second, here's some info on SARDU bloatware/adware bundling. You do not caution here to be careful of that, but you do in your companion article "How to Clean An Infected Computer" http://www.techsupportalert.com/content/how-clean-infected-computer.htm
I was doing a MalwareBytes Anti-Malware (MBAM) scan today with "potentially unwanted programs" (PUP) on and it found
C:\Users\USERNAME\AppData\Local\Temp\MyBabylonTB_google_20120807.exe (PUP.Optional.Babylon.A)
sorting that folder by date revealed 3 files create at the same time:
C:\Users\USERNAME\AppData\Local\Temp
2013-01-12 19:52:11 12780 sardu.jpg
2013-01-12 19:52:04 899224 MyBabylonTB_google_20120807.exe
2013-01-12 19:51:59 2324576 somoto-master.exe
md5:cd733d22b6372a9dc9c62d2b05f389f1 sardu.jpg
md5:77dfb27d68ce46659a3d5e93410c0b75 MyBabylonTB_google_20120807.exe
md5:1a07766de2ca5f4f9625adb596539057 somoto-master.exe
I checked the date of my sardu download, and, sure enuf
2013-01-12 19:00:16 13620912 SARDU_2.0.6.3.zip
md5:c48b9c218d8eadfd6d224e7f1bbbb1cb SARDU_2.0.6.3.zip
Now, i notice this is a ZIP FILE, not an installer exe. I am not sure how those files got there. Given the .zip has the earlier date, it must have been when i ran sardu.exe; Not happy :(
MBAM also detect these files right in sardu itself:
SARDU_2.0.6.3.zip (PUP.Optional.Somoto)
SARDU_2.0.6.3\SARDU_1 (PUP.Optional.Somoto)
The only thing i know about Somoto is at http://virusscan.jotti.org/en/scanresult/dace04f7bcc8740a356ecd3e549bb30... Dr.Web detects it as "Adware.Somoto.4".
All that said, sardu appears to be a great program that a lot of people use effectively. I have dl'd it but not used it yet myself. I plan to.