Step 1: Test Browsers for pop ups and search engine hijacks. We need to ensure that the customer is indeed infected and not just seeing normal adverts. Create a desktop folder called. “<campaign name> Tools create sub folder called “Reg Backups” Move all scanner short cuts into main folder and create a desktop link to the support portal on the desktop.
Step 2: Check through installed programs for possible/suspected malware and uninstall.
Step 3: Download or update Ccleaner from piriform.com or a mirror. During install, deselect the options: run clutter scan and reg scan. Backup reg and scan until no more issues.
Step 4: Download or update (Program and definitions) Superantispyware. Download from superantispyware.com or a mirror. Run a FULL scan. Remove all infections. If machine and connection is stable, reboot. If not, then move onto next scan.
Step 5: Download or update (Program and definitions) Malwarebytes. Download from Malwarebytes.org or mirror. Run a FULL scan. Remove all infections. If machine and connection is stable, reboot. If not, then move onto next step.
Step 6: Test Browsers for infections and popups. If still infected, move onto next scan. If not then jump to Step 8.
Step 7
ownload or update (Program and definitions) Spybot 2. Download from safer-networking.org or mirror. Run a FULL scan. Remove all infections.
Step 8: Check browser homepage and search engines. Check browser extensions and reset IE to defaults. Check the properties for each browser’s .exe files for added URLs and remove if needed. Try resetting Chrome or deleting the profile. Check proxy settings from Internet properties / Connections / LAN Settings to make sure none are set. The configuration should usually also be set to Automatically detect settings.
Step 9 Access %AppData% folder from File Explorer and go up one level. Check in the Local, LocalLow and Roaming folders for malware, infections and old profiles.
Also it is worth checking in the “User” folder under “Downloads” and “Documents” for saved malware data and suspicious installation files.
Step 10: Test Browsers for infections and popups. Try at least four websites. Bbc.co.uk, yahoo.co.uk, amazon.co.uk and facebook.com. Use your own clean and legal websites if you wish. Try clicking links off these sites as well. If OK, jump to Step 12.
Step 11: If still infected try ESET online scanner. Install and run a full scan. Return to Step 10
Step 12: Check startup and services in MSCONFIG. Remove unwanted/unneeded programs from startup, including the scanners. Check services and hide Microsoft services. Disable unneeded/unwanted services.
Step 13: Ensure windows updates are up to date. Make sure they are on the correct service pack for the OS/ Correct version of OS. Make sure they are protected by A/V and it is up to date.
Step 14: Finish off: Clean up system restore. Create a new restore point with the label “<campaign name> Cleaned”. Create a desktop folder called. “<campaign name> Tools” Move all scanner short cuts into there and create a desktop link to the support portal. Advise the customer, by IM, telephone or a message left on the desktop saved as “readme.txt”, that we have finished cleaning their PC.
