Malware Removal Guide for Windows

Hi everyone. I have made a step by step guide to help users in the process of removing malware from a computer. I would like to know what you think about it. I will be updating it as I go on. I would greatly appreciate any info on how to make it better.

-http://realsecurity.web.officelive.com/removemalware.aspx- Malware Removal Guide for Windows

 

Update:

I have added an additonal step to the guide: Automatic Preliminary Rootkit Scan

Comments and suggestions are appreciated.

 

I am unable to access the page. I use OpenDNS.

 

What exactly is it displaying? Did you type in the correct address?

-http://realsecurity.web.officelive.com/removemalware.aspx

 

I am getting this error:

 

I'm getting error Error 101 (net::ERR_CONNECTION_RESET): Unknown error.

 

Try running CCleaner and see if that fixes it.

 

I can access it just fine...

Guys, perhaps it's your DNS services.

 

Information on Error 101 (net::ERR_CONNECTION_RESET): Unknown Error:

http://www.google.com/support/forum/p/Chrome/thread?tid=261ff247ac4dd565&hl=en

I think this error has something to do with Chrome.

 

I also cannot access with IE. I'm not using my own system, rather a relative's which has ClearCloud DNS.

But, if some problem related to ClearCloud, most likely it would show a Google page saying the page doesn't exist or something similar.

I can't test without ClearCloud right now to say whether or not it's related to it. But, I can exclude any problems with Chromium, because IE also does not load it.

-edit-

I can access other -http://*.officelive.com domains.

 

I can load it with Firefox and Google Chrome just fine. That's kinda strange...

 

I also could not load it, but homepage works fine and from there just click on the link - Remove Malware - it might work.

 

I still couldn't open the link provided by geohac, and yesterday I couldn't open the homepage either, but I just tried and now I could open the homepage.

 

Coupla things.

Is it worth running Dr Web if you run HitmanPro as I think HitmanPro uses the Dr Web engine.

For exe killing rogues, including Internet Security 2011 and Antivirus 2010 which are using rootkits, may I suggest adding RogueKiller which seems to do a good job in taking a lot of these rogues out.

RogueKiller will also report on the hosts file and proxy settings after a scan which takes less than 5 seconds.

May have to execute RogueKiller a couple of times if an exe killing rogue is active but it should eventually kick in.

 

Franklin, I have removed Dr. Web. Thanks for the suggestion.

 

Is the problem (error) still occurring for you guys? I would like some help if this is still an issue.

 

I still can not open it, only when I go to homepage and then to the webpage, then I can even access that URL directly again until the cache is cleaned with CCleaner.

 

I had to press the Try Again button to see the Page.

Nice Site.

 

With Firefox 3.6.13 (Sandboxed), the web page would not display. I had to click on "Try Again", and then I was able to access the web page.

The same thing happened with IE7 (Sandboxed). I clicked on IE7's web page reload, and then I was able to access the web page.

 

Update:

- I have removed Dr. Web Curit.
- I have revised the instructions for Step 2 (Run a Full Scan Using Antivirus Software).
- I have added Re-Enable and SARDU to the guide (Additional Malware Detection/Removal Tools).

Also, the website seems to be up and working now. Please inform me if there are any further problems.

 

Why did you remove DrWeb Cureit?

 

Because Hitman Pro uses the Dr Web engine.

 

My impression is that DrWeb Cureit's "Express" scan may cover more areas than Hitman Pro's Default scan. My impression is based only on scan times. The few scans I have done with each gave the following approximate scan times:

Hitman Pro Default scan: ~1.5 minutes
DrWeb Cureit Express scan: ~30 minutes

Have you tried to compare what files/folders are scanned by each?

Thanks in Advance.

 

Thanks for update. Site is accessible now.

 

No, I have not.