Quick fix and Malware Diagnostics
tps://www.malwarebytes.com/mac/
Malware and adware infects computers through attachments to emails, installing software that has "adware" as an option, visiting infected websites. Symptoms of malware are easily noticed if you pay attention to your computer as it "should be" or "was" vs how it is today. This page is designed to help those who do not have "geek level" computer skills and feel lost.
Some common indications: Unexplained behavior (Microsoft Article)
PUP - Potentially Unwanted Programs -
PUP's are the generic term for anything you did not intend to be installed on your computer.
Suggested Reading before starting:
>>>>> Malware removal for MAC computers <<<<<<<
Malwarebytes for mac: https://www.malwarebytes.com/mac/
Team Viewer for MAC: https://www.teamviewer.com/en/download/mac/
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Remote Help
Prior to starting if you will desire remote help download and install "Team Viewer" - free for private use. Do not select the remote control options. To share your desk top when needed you will pass along your ID and Password to the helper who also has team viewer installed. Once the desktop is shared then give mouse control to the helper.
Start Here!
Junkware Removal Tool by Malwarebytes - download, save, run
Interesting things to consider:
I would appreciate feedback on any experience with the products discussed here.
As a quick solution that can be easily followed there are some common steps that will resolve many problems. This involves downloading free versions of several pieces of software. It is recommended that this download be done from another uninfected computer and the software be transferred to the infected computer on a flash drive and installed. This avoids being re-directed to malware sites in an attempt to download.
Here is a process recommended by Microsoft if you wish to try it first: Microsoft How to get rid of malware
Microsoft Tools:
As you install ANY software go to the custom mode, unclick everything except install and install desktop icon, also “Decline” any offers as you go through the install process. Example: KMPlayer is an excellent player for all forms of videos, however, it has an extremely aggressive installation process which tries to load all sorts of stuff. Some, like Irfanview you only need to unclick a couple of things like the ASK toolbar etc. All mentioned on my recommended downloads page are worth the effort.
Note: In some cases there is a trial version and a free version, do not install the trial or it will try to get you to buy it later. For some of the utilities, like Malware Bytes Pro, it may be worth buying the full version as it has become an industry standard for virus removal.
In addition Malware Bytes now has Anti-Exploit giving even more protection. It is not free but seems worth it.
Downloads: A good site for clean downloads is CNET. To find the download via CNET put the CNET and Name of the download in a Google search window. Example: CNET Irfanview will yield a link to the CNET download. Note: Do NOT use the CNET Downloader, download plain copy without the downloader assistance. (Direct Download Link) will appear below the download now button.
Step 1. - Download and install the following software:
Note: I recommend you create a folder on your desktop, name it "PC Fix Software" and place the links to all of these downloaded utilities in that folder. This will un-clutter your desktop and give you a good first place to start when seeking relief from a problem.
1. RKILL - from "bleeping computer" site. If this is executed before an attempt to remove infections using Malware bytes it will halt any infected processes from running. If bad processes continue to run during the removal attempts then they can evade the removal preventing success. RKILL halts all un-necessary windows processes.
Download steps:
Malware and adware infects computers through attachments to emails, installing software that has "adware" as an option, visiting infected websites. Symptoms of malware are easily noticed if you pay attention to your computer as it "should be" or "was" vs how it is today. This page is designed to help those who do not have "geek level" computer skills and feel lost.
Some common indications: Unexplained behavior (Microsoft Article)
- Computer has become slow
- Browser goes to the wrong site, or takes a long time to go to a site.
- "things" begin to appear on browser pages (adds, options to click here, boxes with words)
- Computer does not behave as it did a week ago or a day ago.
- Very long boot times. (caused by computer going to many different sites to communicate)
- Any indication that your search engine has been changed, especially to "Conduit"
PUP - Potentially Unwanted Programs -
PUP's are the generic term for anything you did not intend to be installed on your computer.
Suggested Reading before starting:
>>>>> Malware removal for MAC computers <<<<<<<
Malwarebytes for mac: https://www.malwarebytes.com/mac/
Team Viewer for MAC: https://www.teamviewer.com/en/download/mac/
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Remote Help
Prior to starting if you will desire remote help download and install "Team Viewer" - free for private use. Do not select the remote control options. To share your desk top when needed you will pass along your ID and Password to the helper who also has team viewer installed. Once the desktop is shared then give mouse control to the helper.
Start Here!
Junkware Removal Tool by Malwarebytes - download, save, run
Interesting things to consider:
- Adblock Plus - https://adblockplus.org/en/
- Who to Trust - Make an informed decision about software or what site to trust.
I would appreciate feedback on any experience with the products discussed here.
As a quick solution that can be easily followed there are some common steps that will resolve many problems. This involves downloading free versions of several pieces of software. It is recommended that this download be done from another uninfected computer and the software be transferred to the infected computer on a flash drive and installed. This avoids being re-directed to malware sites in an attempt to download.
Here is a process recommended by Microsoft if you wish to try it first: Microsoft How to get rid of malware
Microsoft Tools:
- MS Safety Scanner
- Caution!: As most of the programs are free, there may be adware associated with them. Use extreme care not to install any adware as it can be an annoying task to remove it.
As you install ANY software go to the custom mode, unclick everything except install and install desktop icon, also “Decline” any offers as you go through the install process. Example: KMPlayer is an excellent player for all forms of videos, however, it has an extremely aggressive installation process which tries to load all sorts of stuff. Some, like Irfanview you only need to unclick a couple of things like the ASK toolbar etc. All mentioned on my recommended downloads page are worth the effort.
Note: In some cases there is a trial version and a free version, do not install the trial or it will try to get you to buy it later. For some of the utilities, like Malware Bytes Pro, it may be worth buying the full version as it has become an industry standard for virus removal.
In addition Malware Bytes now has Anti-Exploit giving even more protection. It is not free but seems worth it.
Downloads: A good site for clean downloads is CNET. To find the download via CNET put the CNET and Name of the download in a Google search window. Example: CNET Irfanview will yield a link to the CNET download. Note: Do NOT use the CNET Downloader, download plain copy without the downloader assistance. (Direct Download Link) will appear below the download now button.
Step 1. - Download and install the following software:
Note: I recommend you create a folder on your desktop, name it "PC Fix Software" and place the links to all of these downloaded utilities in that folder. This will un-clutter your desktop and give you a good first place to start when seeking relief from a problem.
1. RKILL - from "bleeping computer" site. If this is executed before an attempt to remove infections using Malware bytes it will halt any infected processes from running. If bad processes continue to run during the removal attempts then they can evade the removal preventing success. RKILL halts all un-necessary windows processes.
Download steps:
- Warning: Do not click on any of the "sponsored advertisements" on that page.
- Rkill download should start when the page is accessed, look for a browser warning of being re-directed and click "allow" you will see the download info in the lower left portion of the browser window when download starts.
- Find RKILL in your download folder:
- Run RKILL and save the report to your desktop.
From RKILL site:
- RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.
2. Malware Bytes - Excellent virus removal tool. The PRO paid version is cheap and "watches" your computer with regular scans.
Download Here: Malwarebytes (malwarebytes.org)
Click on the "Free version download"
Once you see how well it works, I recommend the "by pro now" as it is inexpensive and seems to provide good protection, and quicker easier removal.
Link from bleeping computer site; http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
3. Adware Cleaner - This program may be helpful for certain of the more annoying infections. It is very good for Browser infections, in particular Conduit. Look at all the tabs when the results come back, then click clean. Download and keep as an option for stubborn cases. Click download now from the bleeping computer site. It can cause problems if not run with care or the assistance of a knowledgeable helper. (The authors site is in french) http://www.bleepingcomputer.com/download/adwcleaner/
4. Microsoft Recommendations for how to get rid of Malware:
Step 2. - SCAN and Remove
1. re-boot computer to start with a relatively clean boot (if possible)
2. Run RKILL - save the results to the desktop, or in your PC Fix folder
3. Run Malware bytes - Quick Scan
- If the report shows infections remove them by clicking the boxes next to the PUP's, some boxes may already be clicked
- Repeat the quick scan process (if a reboot was requred, run rkill again before repeating malwarebytes)
- When Quick Scan is complete do a full scan and remove what it finds
4. Re-boot computer, note if it boots quicker and seems to respond normally. check your browsers to see if they have been re-directed or have some remaining problems.
5. Run AdwCleaner if there still seems to be any problem, or if you were infected with Conduit search engine redirect.
6 Common Browser problems may need to be fixed at this point.
Firefox
- In Firefox go to "tools"> Options > General tab and check your homepage to see if it is what you want, change it if it is not.
- In Firefox go to "tools" > Options > Advanced tab > Networks tab > click Settings under connections and make certain that "no proxy" is selected.
- In Firefox go to the search engine box in at the upper right corner of the window, click the drop down arrow, Click "Manage Search Engines" and select the order (usually google at the top)
- Remove unwanted add-ons and extensions for Firefox go to "Tools" > Add-ons > disable or remove Extensions, Plugins, as needed. Pay attention to any blocked items (in red).
Chrome
- In Chrome click on the settings (bunch of horizontal lines at upper right corner of page)
- Select "settings" click on show advanced settings at bottom of page.
- Click manage search engines, remove all but Google, Yahoo, Bing and maybe Ask. (click X to right side of engine) Remove any extras under "Other search engines" unless you really know what they are and want them.
- Under Network "change proxy settings" make certain there is "no proxy" selected.
- If all else fails, click "reset browser settings" to reset to defaults.
Internet Explorer
- In the upper right corner of the window select the "gear" symbol and click on Internet Options
- On the General tab select your desired home page
- On Security tab select "enable protected mode" and set security level to medium-high
- On Privacy tab "usually accept all cookies " is needed, click "never allow websites to request your location" and click "turn on pop-up blocker"
- Under Programs, Manage add-ons make certain nothing "extra" has been included that you do not understand/want.
AOL Desktop browser - No help no hope - do not use.
Step 3. Final options
Protection for future:
When finished with virus / adware removal download and install the Microsoft Security Essentials (except on Windows 8). This is a free protection software which is fast, unobtrusive, and seems to do a very good job. It is offered free by Microsoft.
Scan the computer with Malwarebytes at least once a week, full scan,. it may be necessary to run RKILL before the scan as shown above.
A frequent scan with AdwCleaner can't really hurt either.
Tips and Guides for various problems:
- How to remove Any Browser Redirect virus (Removal Guide)
- Remove ANY TOOLBAR from Internet Explorer, Firefox and Chrome
- Remove Pop-up Ads from Internet Explorer, Firefox and Chrome
- How to easily clean an infected computer (Malware Removal Guide)
- Remove stubborn malware
- 3 Easy ways to remove any Police Ransom Trojan
- How to fix a computer that won’t boot
More anti-virus tools to remove infections
Browser Cleanup - Avast Browser Cleanup
It is frequently necessary to make an additional effort to get rid of everything that has infected your browsers. This software has been recommended so it might be worth a try. Could be somewhat out of date, here is a link to the current Avast Pages.
http://download.cnet.com/Kaspersky-Virus-Removal-Tool-2015/3000-2239_4-76079830.html (Handy and Portable)
Above all make certain you have good virus protection. For Windows 10 use the free (included) Microsoft windows defender and the associated Microsoft Firewall.
Slow operation or boot - MSCONFIG
Many computers become very slow to boot due to multiple harmless but usually unwanted programs that have been installed, frequently as "updaters" when printers or other software is installed. These programs slow down the computer during boot because they try to communicate with their "home servers" before boot is finished. If they are old and the server address is unreachable then the computer waits for the connection to time out. Care should be exercised here to make certain that essential programs are not disabled. "Manufacturer" is a good key, Microsoft, Google, Mozilla, Apple are usually ok. Epson, Cannon, HP etc may frequently be disabled. Note that frequently there will be software added by a camera that always looks for that camera to be connected. Uncheck any that you do not use.
Many computers become very slow to boot due to multiple harmless but usually unwanted programs that have been installed, frequently as "updaters" when printers or other software is installed. These programs slow down the computer during boot because they try to communicate with their "home servers" before boot is finished. If they are old and the server address is unreachable then the computer waits for the connection to time out. Care should be exercised here to make certain that essential programs are not disabled. "Manufacturer" is a good key, Microsoft, Google, Mozilla, Apple are usually ok. Epson, Cannon, HP etc may frequently be disabled. Note that frequently there will be software added by a camera that always looks for that camera to be connected. Uncheck any that you do not use.
- Click on the start icon (lower left except for Windows 8)
- In the box: search for programs and files type in msconfig
- Administrator warning will appear so click "allow"
- A System Configuration box will appear, click on the Startup tab.
- All of the startup items with a check mark will try to run every time you boot,
- Un-check updaters, items which show no manufacturer, items which are unknown or suspicious.
- You will find a lot of printer junk, most of this does not need to be started every time a computer boots.
- Click on the Services tab
- Look at the services that are running, see if they are all desired.
- Finally Click apply, then OK
- Click "exit without restart" in the window that appears
- When you re-boot you will get a warning that some services have been disabled, allow this warning to happen for a week or so until you are certain that nothing important has been disabled, then allow it to make the changes permanent.
Remove old or unwanted programs
Frequently annoying programs can actually be uninstalled using the windows tools.
Frequently annoying programs can actually be uninstalled using the windows tools.
- Go to Control Panel
- Programs - Uninstall a program
- Look at all the programs, see when they were installed, When last used, and consider if you know what they do and if you use them.
- Exercise caution as they can not be re-installed once removed.
- Example: Anything from conduit should be uninstalled. See Blogs
Some useful commands
Problem: Can't connect to internet:
Problem: can ping but can't connect via browser - Possible DNS problems - clips of responses to that problem searched in google.
In the Command Prompt:
a) ping www.google.com - does it work?
b) ping 74.125.237.83 - Does it work?
c) nslookup www.google.com - Works. Gives a list of Google IP addresses.
If these work then there is an internet connection.
In Firefox's URL bar:
d) www.google.com - Does not work. Server not found.
e) 74.125.237.83 - WORKS and takes me to Google page!
If the direct ip address works then there is a nameserver / dns problem.
try a static DNS of 8.8.8.8 with a secondary of 8.8.4.4
------------------------
----------------
------------------------------
----------------
----------------------------
- Ping a site to see if machine is connected
- Open start and type run in search for programs and files
- in the box that comes up type cmd
- In the black dos window type: ping google.com
- It should be able to ping google and respond 4 times, at the end it should say: 0% packet loss
- I this fails type: ping 8.8.8.8
- I this fails you are probably not connected to the internet,
- shut down computer,
- turn of power strip so no power goes to computer,
- turn off your router and the cable or dsl modem.
- Turn back on the modem and router after about 30 seconds, wait until lights stop blinking and you see internet solid
- Turn computer back on, see if browser connects now.
Problem: can ping but can't connect via browser - Possible DNS problems - clips of responses to that problem searched in google.
- go to run> cmd> in command window (black dos) type> Flush DNS: ipconfig /flushdns
- If a microsoft update has just happened it should be considered as a suspect.
- Make certain no proxy server is selected.
- Go to control panel, select network and internet, select network and sharing center
- In lower left of window click on "internet options"
- In internet properties window that appears, click on "connections" tab
- In connections tab click on "lan settings"
- In settings window that pops up make certan that poxy server is not checked.
In the Command Prompt:
a) ping www.google.com - does it work?
b) ping 74.125.237.83 - Does it work?
c) nslookup www.google.com - Works. Gives a list of Google IP addresses.
If these work then there is an internet connection.
In Firefox's URL bar:
d) www.google.com - Does not work. Server not found.
e) 74.125.237.83 - WORKS and takes me to Google page!
If the direct ip address works then there is a nameserver / dns problem.
try a static DNS of 8.8.8.8 with a secondary of 8.8.4.4
------------------------
- check browser options and click no proxy server.
----------------
- Here is the link for Microsoft Safety Scanner
http://www.microsoft.com/security/scanner/en-us/default.aspx
------------------------------
- Open command with admin privileges:
- 1. Click on Start button.
2. Type Cmd in the Start Search text box.
3. Press Ctrl-Shift-Enter keyboard shortcut to run Command Prompt as Administrator. Allow elevation request. - netsh winsock reset netsh int ip reset tcpip.log
- What netsh winsock reset command does are it resets Winsock Catalog to a clean state or default configuration. It removes all Winsock LSP (Layered Service Providers) previously installed, including the potential malfunctioned LSP that causes loss of network packets transmission failure. So all previously-installed LSPs must be reinstalled. This command does not affect Winsock Name Space Provider entries.
- Open a command line window as an Administrator (ie. right click on All Programs > Accessories > Command Prompt and select Run as administrator) ... Type the command netsh and wait for prompt Type the command interface and wait for prompt Type the command ipv4 and wait for prompt Type the command set subinterface "Local Area Connection" mtu=xxxx store=persistent
----------------
- Last resort, call your ISP and have them change your ip address. There is a possibility that it has been blocked due to a virus etc.
----------------------------
- start the computer in Safe mode with networking
http://windows.microsoft.com/en-us/windows/start-computer-safe-mode#start-computer-safe-mode=windows-7
If issue does not persist in safe mode with networking, follow step 2
Step 2:
There could be possibility of some background programs conflicting with the smooth running of the computer. To help troubleshoot error messages and other issues, you can start computer by using a minimal set of drivers and startup programs. This kind of startup is known as a "clean boot." A clean boot helps eliminate software conflicts.
- Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
Click the Start button , click the arrow next to the Shut Down button , and then click Restart. - Do one of the following:
- If your computer has a single operating system installed, press and hold the F8 key as your computer restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you'll need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer.
- If your computer has more than one operating system, use the arrow keys to highlight the operating system you want to start in safe mode, and then press F8.
- If your computer has a single operating system installed, press and hold the F8 key as your computer restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you'll need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer.
- On the Advanced Boot Options screen, use the arrow keys to highlight the safe mode option you want, and then press Enter. For more information about options, see Advanced startup options (including safe mode). Note: you want safe mode with networking
- Log on to your computer with a user account that has administrator rights.