Service Desk - Quick Malware Removal Guide

This document describes the process of removing adware from a computer through various malware scans.

See Software Support Tools to download the necessary tools.

Unsupported Software

The tools in this document are not developed or supported by DoIT. The University of Wisconsin is not liable for any loss of data resulting from use of these tools. Please make sure that your data is backed up. If you are having a computer problem that you are unable to resolve, Get Help from DoIT.

Mac

  1. Remove PUPs (Potentially Unwanted Programs), including any unwanted or extra antivirus programs, from the applications folder using AppCleaner.
  2. Run Malwarebytes for Mac scan and reboot.
  3. Install Symantec Endpoint Protection, reboot, and run LiveUpdate.
  4. Remove any remaining unwanted browser extensions, clear cache and cookies, and reset browsers. To automate this step, run the browser cleanup script. WARNING: Resetting browsers will clear all data including stored passwords and bookmarks. Back up data if necessary.
  5. Manually verify that all browsers have been cleaned. They should not have any redirects, malicious search engines or home pages.

Windows

  1. Check the applications list in Control Panel. If there are more than 4 suspicious or known malicious programs installed, check it in for malware removal.
  2. Run Rkill. If Rkill finds evidence of a ROOTKIT, back up your data and Get Help from DoIT.
  3. Run TDSSK. If TDSSK finds evidence of a ROOTKIT, back up your data and Get Help from DoIT.
  4. Remove any PUPs (Potentially Unwanted Programs) and unwanted antivirus programs by installing then running Revo Uninstaller and reboot.
  5. Install SuperAntiSpyware and Malwarebytes and update definitions. DO NOT run the scans yet.
  6. Reboot into safe mode using "msconfig".
  7. Run a quick scan with SuperAntiSpyware from safe mode and reboot back to safe mode.
  8. Run ADW Cleaner from safe mode and reboot back to standard mode.
  9. Install Symantec Endpoint Protection, reboot, and run LiveUpdate.
  10. Remove any remaining unwanted browser extensions, clear cache and cookies, and reset browsers. WARNING: Resetting browsers will clear all data including stored passwords and bookmarks. Back up data if necessary.
  11. Check user's antivirus program and Action Center to verify that everything is operating correctly.
  12. Run CCleaner scans.



Keywords:remove viruses malware adware spyware rootkit trojan worm adware mac os osx windows virus   Doc ID:46151
Owner:Karl W.Group:DoIT Tech Store
Created:2015-01-12 17:33 CSTUpdated:2016-12-01 14:03 CST
Sites:DoIT Help Desk, DoIT Service Desk, DoIT Tech Store
Feedback:  1   0