The first thing to do is determine the validity of any antivirus alerts. A popular malware technique is to display alerts saying a computer is infected in hopes of the user downloading more malware and/or paying for fake antivirus protection.

These programs are often called scareware or Trojan horses. If you receive any antivirus alerts, don’t click on them directly until you’ve verified them. Open your installed antivirus program via the system tray icon in the lower right corner of Windows and check the status or logs. If you don’t find any evidence of your actual antivirus program catching a virus or other malware, consider the alerts you’re getting to be bogus.


Ignore what they say, don’t click them, and certainly don’t fork over any money.

If you are getting true virus alerts from your existing antivirus software, go ahead and click to remove or quarantine any infections. You should also follow the next tips to run some scans with some additional scanners to make sure everything is caught.

Delete temporary files first - Before you run scans, you should delete the temporary files of Windows and Internet Explorer. Sometimes the malware might be located there. Furthermore, scanning these files can greatly increase the scanning time. You can remove manually or use the Disk Cleanup utility via the Start Menu: All Programs > Accessories > System Tools.

Use on-demand scanners in Windows - You should try running some on-demand scans. If you can still get into Windows and onto the Internet, that is, the job will be much easier. Here are a few programs that offer free editions: MalwareBytes, SUPERAntiSpyware, ComboFix, and Spybot Search & Destroy.

You should use at least two different programs. Remember, no one scanner can catch every single virus or malware.

If scanners won’t run, rename the file, kill virus processes, or restore extensions - Sometimes malware will block you from running the popular malware scanners. However, sometimes you can get around this by simply renaming the setup and/or program executable. If that still doesn’t help, you can try running RKill to try to kill the malware processes.

If you get errors when opening any executable (.exe) program, the malware may have removed or corrupted the file extensions. Thus you should try to restore the file extensions.

Try the advanced boot options and system recovery options - If Windows won’t load or you can’t run any on-demand scanners, you should reboot and immediately press F8. This will bring up the Advanced Boot Options. First try the Last Known Good Configuration, which can possibly revert system changes and revive Windows. If no luck, try Safe Mode with Networking and then plain old Safe Mode. If you can get into Windows, try running the on-demand scanners again.

If you’re getting blue screens that disappear too quickly or Windows automatically restarts, select the Disable Automatic Restart on System Failure option on the Advanced Boot Options menu.

Fixing Windows

Before going further with malware removal, you might want to see if you can first fix Windows.

Even if you remove the malware with the tips in the next sections, Windows still might not work properly and you’ll have to do a Windows reinstall anyways. Thus you might want to just go into Windows repair mode rather than continuing with malware removal mode to save time in the long run. If you do want to try and fix Windows, here are a couple things to try:

If using Windows XP, get into the Recovery Console via pressing F8 at boot, using Ultimate Boot CD for Windows (UBCD4Win), or the Windows Setup CD. Consider running Check Disk (chkdsk), fixboot, and fixmbr. If you can get into Windows XP via normal startup or a Safe Mode, try using System Restore to restore to a previous point before you think you were infected.

If using Windows Vista or 7, get into the System Recovery Options via pressing F8 at boot, using a Windows Recovery CD, or the Windows Setup DVD. Consider running Startup Repair and System Restore, and from the Command Prompt Check Disk (chkdsk) and System File Check (sfc).

Use bootable discs or USBs if Windows doesn’t load - If you can’t seem to get Windows working, you can still access your computer and run scans from a live CD/DVD or USB drive. See my article Antivirus Review: Bootable Discs and Bootable USBs that reviews some bootable antivirus solutions: Kaspersky Rescue Disk, BitDefender Rescue CD, F-Secure Rescue CD , and AVG Rescue CD.