by Joe
on
December, 13 2011 5:52A
Another tool I'll often use to remove malware from PCs is ComboFix. It's an excellent program that works great for removing malicious software from your computer like viruses, trojans, rootkits & spyware. This tutorial will guide you on how to download, install and use the ComboFix program to scan your PC for infections. Of course no single anti-virus program will catch or be able to remove 100% of the viruses being found today, but between this and Malwarebytes' Anti-Malware, you've got a great chance at getting your computer running smoothly again.
Page Outline
Demonstration video on how to download, install and run ComboFix
To get right into it, I have a 6½ minute video that goes over everything I'm about to cover in the post below. There's really no version number displayed, but the file version I downloaded was 11.12.13.2, so if yours look a little different when you run the program, then you may be running a newer version than what I made the demo with and they may have changed some things around.
Download ComboFix for Free
There's only 1 version of this program available, and it's completely free (for non-commercial use only according to the disclaimer).
Free Version: To download the free version you should get it directly from BleepingComputer.com. They're the official place to download ComboFix from.
Installing ComboFix onto your computer
Once you've downloaded the file you need to run it to start the installation, so you need to browse to where you saved the file and typically you can just double-click on it to execute it and that'll start the installation process. (Alternatively, you may have been prompted to "Run" or "Save" when downloading it. If you selected the "Run" option, then the installation process will begin automatically after it's downloaded.)
The installation is really easy. Once you agree to the disclaimer, then it starts extracting all the files to the hard drive. That's it. After it finishes extracting them, it automatically starts up.
Using ComboFix to scan for infections on your PC
After the program has been installed on your computer, the installation will automatically start the program for you.
Create a new System Restore point
Before ComboFix makes any attempts at removing anything from your computer, the first thing it does is create a system restore point. This way, if there are any issues afterwards, you can always restore your computer to the state it was in before ComboFix made any changes. System Restore is supposed to back up the registry, important Windows files, and other miscellaneous files I'm not sure of. It doesn't touch your documents though.
Install Microsoft Windows Recovery Console
The next step in the process is to install the Microsoft Windows Recovery Console. If you already have it installed, then you most likely won't see the prompt for it, unless there's an updated version of it. If you don't, then ComboFix will prompt you to install it and even do it for you automatically. The recovery console is important because after you run Combofix, if the computer is not able to boot back up into Windows, then you can boot into the Recovery Console and get to a command prompt to make further repairs.
Without the recovery console installed, ComboFix will not do as thorough a job or be as aggressive as it typically would, so installing the recovery console is highly recommended. You simply have to click Yes to the End User License Agreement (EULA) and ComboFix will install it automatically for you.
Scanning for Infected Files
At this point you have ComboFix downloaded, installed & running. It's gone through creating a system restore point and installed the Windows Recovery Console. Now it's going to scan your computer for any malicious files and infections. It goes through about 50+ stages and can take up to 10 minutes, or sometimes longer for badly infected machines. It'll list them as it finishes them... "Completed Stage_1", "Completed Stage_2", ... "Completed Stage_50", etc... Some stages go really quick, and others will take longer, so if it appears to have stopped after completing a stage, just give it some time and it should resume with the completion messages once it gets through that stage.
Sometimes you'll see messages in between the stage completion notices that tell you something it did, like if it deleted some files. In the video it deleted the Cache folder and showed us that right after stage 50.
Log Report
After it's done scanning it'll prepare a log report with the details of its findings. It can sometimes take quite a while to prepare the report. There were many times I was wondering if the program just got hung up and then the log file popped up. So be a little patient with this part too. The log report will open up automatically in Notepad. It gets saved to the computer also at C:\ComboFix.txt. The log report details what it did (like deleting the Cache folder as it did in the video), and also gives a lot more information that a technician can look at to see if any further action is necessary or recommended. So at this point the computer should be virus free. If you want to run a supplemental scan, I suggest running Malwarebytes' Anti-Malware to see if there are any additional malicious items that it can clean up.
by Joe
on
March, 8 2011 2:48A
One of the tools I use quite often to remove viruses from PCs is the Malwarebytes' Anti-Malware program. It's an excellent program that works great for removing malicious software from your computer like viruses, worms, trojans, rootkits, dialers & spyware. This tutorial will guide you on how to download, install and use the Malwarebytes' Anti-Malware program to scan your PC for infections. Of course no single anti-virus program will catch or be able to remove 100% of the viruses being found today, but this is usually number 1 in my arsenal.
Page Outline
Demonstration video on how to download, install and run Malwarebytes' Anti-Malware
To get right into it, I have a 7½ minute video that goes over everything I'm about to cover in the post below. The version I'm using for the demonstration video is 1.50.1100, so if yours look a little different then you may be running a newer version than what I made the demo with and they may have changed some things around.
Download Malwarebytes' Anti-Malware for Free
There are 2 versions of this program available, a free version and a paid version. You can use the free version for running scans manually and removing viruses after you've already been infected. However, the paid version unlocks additional features such as real-time protection, scheduled scanning & scheduled updating, helping you stay more proactive at protecting yourself to prevent infections.
Paid Version: You can purchase Malwarebytes' Anti-Malware here at the Malwarebytes' store.
Free Version: To download the free version you have a couple options.
Installing Malwarebytes' Anti-Malware onto your computer
Once you've downloaded the file you need to run it to start the installation, so you need to browse to where you saved the file and typically you can just double-click on it to execute it and that'll start the installation process. (Alternatively, you may have been prompted to "Run" or "Save" when downloading it. If you selected the "Run" option, then the installation process will begin automatically after it's downloaded to a temporary location.)
The installation is really easy and consists of 10 steps. Don't get overwhelmed, you very simply need to let the installation wizard guide you through it (accepting all the default options) and basically just keep clicking "Next" until it reaches the end. Here are the steps for the current installation program at this time:
- Select Setup Language. Select your language and then click on the OK button.
- Welcome Screen. This is just an introductory page. Click the Next > button to continue.
- License Agreement. It's a good idea to read through the agreement first and then you want to select the option that reads "I accept the agreement". Click the Next > button to continue. (The "Next >" button won't be available to click on until you accept the agreement.)
- Informational Screen. This screen just shows you what has been updated in this latest release. Click the Next > button to continue.
- Select Destination Location. This screen tells you where it will install the program on your computer. You have the option to change it, but it's a good idea to just leave it alone and let it install in the default location. Click the Next > button to continue.
- Select Start Menu Folder. Here you can decide if you want to create a start menu folder (or not) and what to call it. Again, it's a good idea to just leave this at its default value and let it create the folder. Click the Next > button to continue.
- Select Additional Tasks. On this screen you can decide if you want the installation program to put an icon on your desktop and/or the Quick Launch bar. I usually leave this at the default setting too, where the option to put it on the desktop is already selected and not the Quick Launch bar. Click the Next > button to continue.
- Ready to Install. This is just a summary screen outlining all the options that were selected for you to review before actually installing it. If you want to change anything, then click the "< Back" button to get to the appropriate screen and make your changes. At this point you should be all set though. Click on the Install button to continue.
- Installing. There's nothing to do here, just wait for the installation to finish installing the program.
- Completing the Malwarebytes' Anti-Malware Setup Wizard. This is the final screen of the installation. It will now prompt you to "Update" the program and then "Launch" it. I usually leave both of these options selected so the virus definitions database gets updated right away and then the program starts up so you can use it. Click the Finishbutton to continue.
- Updating Malwarebytes' Anti-Malware. If you kept the "Update" option checked, then after you click the "Finish" button you'll see a window pop-up where it will check for any updates and automatically download and install them for you. When it's done it will tell you the database was successfully updated. Click the OK button to continue.
Using Malwarebytes' Anti-Malware to scan for infections on your PC
After the program has been installed on your computer, the installation will either start the program for you initially, or if you didn't select that option during installation (see step 10 above), then you can start Malwarebytes' Anti-Malware by double-clicking on the icon it placed on your desktop.
Update first, (I highly recommend you do this)
Before doing a scan it's always a good idea to check for updates first to make sure you have the latest program updates and virus definition files. To do that, just click on the Update tab and then click on the Check for Updates button. A window will pop-up where it'll connect to its server and see if there are any updates available, and if so it'll download and install them. (Sometimes an update will require the program to close and re-open. It'll prompt you if it needs to do that and simply click Yes if it does and it'll do it for you. When it opens back up, check for updates again to make sure there aren't any more.) When you're up-to-date another window will pop up telling you "You have the latest database version." Click the OK button to continue.
Running a Scan
At this point you have Malwarebytes' Anti-Malware downloaded, installed & updated. Now you want to scan your computer for any malicious files and infections. First of all, make sure you don't have any other programs or files open unless this is just a routine scan. Click on the Scanner tab to see your scanning options. You can select to either "Perform quick scan", "Perform full scan" or "Perform flash scan". (The flash scan is not available in the free version, so if you have the free version you can only run a quick or full scan.) If I'm pretty sure I don't have a virus but just feel like double-checking, I'll usually use the quick scan. Occasionally I'll use the full scan just to be sure. However, if you know you have a virus and you're sole purpose of running Malwarebytes' Anti-Malware is to get rid of it, then definitely run the full scan.
After you've selected the quick or full scan, click on the Scan button. Just sit back and let it do its job now. It'll show you its progress as it goes along displaying how many items it scanned, how many were infected, and how long it has been running for. Unfortunately it doesn't have a progress bar where it can estimate for you how much time is left, but after you run the scan a couple times you'll have an idea of how long a full scan takes on your computer.
Post Scan Clean-up
When the scan completes a message box will come up telling you it's completed. Click the OK button to continue. If it found something, the button at the bottom right will read "Show Results"; otherwise it'll read "Main Menu". If it didn't find anything, congratulations, you're system is clean and you're done... you can click the Exit button to quit the program. If it did find something, click on the Show Results button to continue. It'll display a list of the infected items it found and they should be checked by default. (If you don't want to remove a file, make sure it's not checked.) Click the Remove Selected button to start the removal process. After it's done removing the infected items it'll display a log. You can take a look at the log if you want to see what it did, when you're done, close the log file (you can find this log again under the "Logs" tab). At this point it may need to restart the computer to complete the removal process. If it prompts you to do that, then click the Yes button (you shouldn't have any other programs or files open right now). After the computer reboots then you should be all done and virus free!