Introduction
Here at Puget Systems Support, we find that people have trouble with popups, malware, or viruses from time to time. To assist in solving these problems, we have created two guides to walk you through removing those offenders using free tools that are available online.
The first is a Safe Malware/Virus Removal guide that is unlikely to affect the files in your system, so we recommend starting there to see if it takes care of your problem. The Advanced Malware/Virus Removal guide includes more advanced tools that should only be used for severe virus infections. It is meant to be used if the safe guide has not worked or if your only other option is using your Restore DVD or reinstalling Windows.
If you are not comfortable doing this yourself, we recommend using the Restore DVD, a fresh Windows install, or taking your computer to your local computer repair shop to have them do a virus removal personally.
Safe Malware/Virus Removal
There are a number of free tools that do a pretty good job of detecting and removing malware. The tools we link below are what we recommend using, but they need to be run the exact order we list them. If possible, try to run these tools with Windows booted into "SAFE MODE WITH NETWORKING" mode. Running these tools in safe mode prevents a lot of viruses from protecting themselves while you do the scans.
Step 1: Before running any malware/virus removal tools, you first need to restart Windows into safe mode.
Keep in mind that Bluetooth keyboards or mice will not work in safe mode, so you will want to use a wired keyboard and mouse in a USB 2.0 port which are typically colored black.
To enter safe mode, go to the Start Menu and type msconfig.exe, press enter and when the System Configuration window comes up go to the tab that says "Boot". From there, click "Safe Boot", then click "Network" and click "OK". After that, simply restart your computer. When you are done with the malware/virus scan, simply repeat these steps only uncheck the safe boot box to allow Windows to boot normally.
If that does not work, follow these steps to try to get to safe mode with networking:
Step 2: Once Windows is booted into safe mode, the first tool to use is Kaspersky's Tdsskiller (it will download automatically). Once you have downloaded it from the link we provided, run it to scan and cure any rootkits it finds.
Step 3: Next, download and run Malwarebyte Anti-Malware (it will download automatically). Do a threat scan (full scan) once it is installed and quarantine anything it finds.
Step 4: Finally, download and run ADW Cleaner (it will download automatically). Click "Scan" and when it is finished click "Clean". This cleans out general adware for the most part.
If you still notice any issues, you can check your web browser's add-ons or extensions for anything that looks suspicious, such as random characters or deal related add-ons. Below are specific guides for different browsers to check and disable add-ons:
Advanced Malware/Virus Removal
This section is a last resort before simply reinstalling Windows and has a chance of corrupting your OS. Unfortunately, the only true way to be certain the infection is gone is to use your Restore DVD or re-install Windows, but these steps may save you from having to do that. Each of these tools below are free and will do a pretty good job of detecting and removing malware. These tools need to be run in order, so be sure to follow this guide exactly.
Step1: Before running any malware/virus removal tools, you first need to restart Windows into safe mode.
Keep in mind that Bluetooth keyboards or mice will not work in safe mode, so you will want to use a wired keyboard and mouse in a USB 2.0 port which are typically colored black.
To enter safe mode, go to the Start Menu and type msconfig.exe, press enter and when the System Configuration window comes up go to the tab that says "Boot". From there, click "Safe Boot", then click "Network" and click "OK". After that, simply restart your computer. When you are done with the malware/virus scan, simply repeat these steps only uncheck the safe boot box to allow Windows to boot normally.
If that does not work, follow these steps to try to get to safe mode with networking:
Step 2: Once Windows is booted into safe mode, the first tool to use is Rkill (it will download automatically). This will try to stop any running processes that are malicious. It will also reset your hosts file and reset .exe file associations in case they have been tampered with.
Step 3: After Rkill, download and run Kaspersky's tool Tdsskiller (it will download automatically). Then scan and cure any rootkits it finds.
Step 4: Next, you want to download and run Combofix (it will download automatically). It will give you a warning about antivirus, which you can ignore, as well as ask you if you want a recovery console, which you can say no to as well. This may take several hours and can damage Windows if stopped halfway through its process so be sure to let it finish completely. Once it is done, the system will reboot automatically and display a text log on the screen showing what was removed.
Step 5: Then download and run Malwarebyte Anti-Malware. Do a threat scan (full scan) once it is installed and quarantine anything it finds.
Step 6: Finally, download and run ADW Cleaner (it will download automatically). Click "Scan" and when it is finished click "Clean". This cleans out general adware for the most part.
If you still notice any issues, you can check your web browser's add-ons or extensions for anything that looks suspicious, such as random characters or deal related add-ons. Below are specific guides for different browsers to check and disable add-ons: