DISCLAIMER

This article is NOT intended as a guide to prevent virus and malware infection.

The free software used in this guide are intended for private use by individuals, and not for businesses.

PREFACE

In the 10 years since we first started our support service here at Laptops Direct, we have witnessed a substantial increase in the number of customers who are affected by viruses and malware. While researching the subject, I have spent the past 12 months testing the numerous solutions out there, to find an effective, yet easy way for the average laptop user to perform DIY malware cleaning. Most of the existing methods I found through Google or Youtube are either out of date, or only work for some of the test subjects. After I perfected our own method described in this article, I was able to test it on 121 units, with fantastic results. Therefore I felt compelled to write a guide which will hopefully be beneficial to all laptop users.

The Principle:

1. Even with the best of today’s Internet Security software, it is almost impossible to prevent your laptop from getting infected with malware, unless you do not access the internet at all. The most common causes of malware infection we see in our test subjects are Limewire, Bearshare, Spam eMails, social networking website apps, and to a lesser extent, BitTorrent clients.
2. Once infected, you will most likely need more than one malware removal tool to clean it off. This is because there are so many types of malware out there, and there simply isn’t one malware detector that can do them all. So in order to get rid of all your (true) Viruses, Worms, Trojans, Diallers, Keyloggers, Spyware, Adware, Rootkits and goodness knows what else; you’d better arm yourself with multiple weapons.
3. As stressed in the disclaimer, it is very important to understand that although the method we describe here proved very effective in removing all malware during our trial, it will NOT prevent your laptop from being infected in the future. To minimise the possibility of re-infection, we recommend you use one paid-for Internet Security Suite with automatic updates, and run scans as regularly as you can. Avoid using more than one piece of software with Active protection, since they will conflict with each other and also slow down your system dramatically.

The difficulty in removing malware from some of the worst infected Windows systems is that:

1. You are not able to log into Windows Desktop, not even in safe mode.
2. You cannot install virus removal software because the resident viruses prevent this from happening.
3. You cannot connect to the Internet, both through LAN and Wifi, because of the resident viruses.

Under these circumstances, you really have two choices:

1. Use a bootable rescue disc with virus scanner.

There are several out there including Avast BART CD (paid for), Avira Antivir Rescue System (free), Kaspersky Rescue Disk (free) and BitDefender Rescue CD (free). The biggest problem I find with most of these is that it can be difficult for the average user to configure the network settings, be it Wifi or LAN, so that updated virus definitions (without which it’s a futile exercise) can be loaded before the scanning starts. Other problems I have encountered include the discs not recognising the local hard drives due to the Linux operating system not having drivers for the SATA controllers or incompatible graphics cards. Some clever people have managed to use Unetbootin to make a bootable USB drive (very handy for netbooks) from these rescue discs, although from a licensing stand point, the manufacturers of these software are never too keen on their property being distributed in this way.

1. The method which we shall describe in this article. In order to test the effectiveness of this method, a list of popular free malware scanners were ran after each test subject to ensure no remnants of malware were left. Our results show a 99.9% success rate overall. The list of test software are, by alphabetical order:

Avast! Home Edition

AVG Anti-Virus Free

BitDefendfer Free Edition

Kaspersky Free Virus Scan (online)

Panda Active Scan Free Antivirus

Spybot Search & Destroy

Ad-Aware

Spyware Doctor

Main Article

You will need the following:

• A working computer running Windows XP, Vista or Windows 7 connected to the internet.
• An external USB hard drive caddy for your internal 2.5” Hard Drive. Make sure you get the right type, as some of the older laptops use PATA(IDE) drives instead of the more common SATA hard drives. You should be able to purchase one of these from most computer stores or online.
• A suitably sized Philips screw driver which you will use to retrieve the hard drive from the laptop with infected hard drive.

WARNING: If you are unsure as to how to do this, please do not attempt to do so.

• Access to a suitably fast internet connection, preferably through a broadband router. If you do not have Wifi access then an Ethernet Cable may be required.

Step 1:

Remove the hard drive from the infected laptop and install it in the USB Hard Drive Caddy.

Step 2:

On the working computer, make sure there are no other internet security software installed. If there are, remove them. For McAfee or Norton, you can google for McAfee Removal Tool or Norton Removal Tool, if they refuse to uninstall. Download and install Avira’s AntiVir Free Version on the working computer from:

http://www.free-av.de/en/trialpay_download/1/avira_antivir_personal__free_antivirus.html

Use default options during the installation. For instructions on how to do so, see

http://www.free-av.de/documents/products/pdf/en/man_avira_antivir-personal_en.pdf

You will need to download the latest updates to Antivir before proceeding to the next step

Step 3:

Attach the USB Caddy with the infected hard drive to the computer now with Avira Antivir installed and updated. Then begin scanning.

This scans both the internal hard drives on this computer, as well as the attached hard drive from the infected laptop. If you wish to speed things up, you can do the following:

In the main page of Avira, click on Local Protection, then select Scanner, now go to Manual Selection and nominate the laptop’s hard drive (make sure you select all partitions if there are more than one on this drive). Now right-click on the partition/partitions and select either “Start Scan” or “Start Scan Admin”.

Step 4:

When the scan is finished, select repair to remove all entries found. Allow Antivir to restart the system if it requests so.

Step 5:

Now that AntiVir has completed removing all the malware it could find on the hard drive, you can Safely Remove the USB Caddy from the computer, and reinstall the hard drive back into the laptop from where it came. We are now finished with the working computer.

*Before we go onto the next step let me explain why we cannot do everything externally. During the first stage of this exercise, Avira has effectively removed all the really nasty stuff. Our trials have shown that after Avira has finished, all test subjects were able to load into the Windows Explorer, and have internet connection restored. However, some malwares make changes to Windows Registry. Malware scanners tend to overlook the registry when it is on a second hard drive. So although it would be nice to have all the work done on the working computer, sadly it isn’t practical.

_______________________________________________________________________

Step 6:

After reinstalling the hard drive into the infected laptop, we should now be able to boot into Windows. Next, we need to establish a working internet connection, preferably through Wifi or an Ethernet Cable to your broadband router.

*During our test there were many cases where the test system cannot connect to the Internet at this stage. There are many reasons why this may happen, and they are not related to malware. Although this guide will not be sufficient to troubleshoot internet connection problems, the following tips can come in handy.

• Start Internet Explorer. Go to Tools -> Internet Options. Then go to the Connections Tab. Click on LAN settings. Make sure that “Automatically detect settings” is clicked, and that Proxy server is unticked.
• If the above is performed and you still cannot access the internet, launch a Command Prompt window. In Windows XP you may simple go to Start->Run then type Command in the space after Open then hit Enter button. In Windows Vista/7 go to Start->All Programs->Accessories. Right-click on Command Prompt and click Run as administrator.

Type netsh winsock reset in the command prompt and hit Enter button.

You should restart your computer in order to complete the reset, and test your internet connection once again.

Step 7:

Download and install the free version of Malwarebytes from

http://www.malwarebytes.org/

Download and install the free version of Superantispyware from

http://www.superantispyware.com/

Please make sure you run the update on both products so that they are able to detect the latest malwares.

*We have used many variations to find the best solution, and feel that currently these two are by far the most effective combination in combating malware. Moreover, since neither of these deploy an “Active Guard” they can be run simultaneously, and will not conflict with any of your existing Internet Security software such as Norton or McAfee.

Step 8:

Please pay attention to the details specified in this step.

For Windows XP:

Go to Start -> All Programs -> Malwarebytes’ Anti-Malware then start the program.

Select “Perform Full Scan”.

Do the same for Superantispyware Free Edition and select “Perform Complete Scan”.

When the scans are complete, remove/repair any entries found. If a restart is required, do so when both scans are complete.

For Windows Vista/7:

Go to Start -> All Programs -> Malwarebytes’ Anti-Malware then right-click on Malwarebytes’ Anti-Malware and select “Run as administrator”.

Answer “Yes” when User Account Control asks “Do you wish to allow the following program to make changes to your computer?”

Select “Perform Full Scan”.

Do the same for Superantispyware Free Edition and select “Perform Complete Scan”.

When the scans are complete, remove/repair any entries found. If a restart is required, do so when both scans are complete.

Step 9.

You have now completed the removal of all malware from your laptop. You can choose to uninstall Malwarebytes and Superantispyware or leave them for the future.

Author:

Tom Lei, Technical Director of LaptopsDirect.Net