Remediation Protocol

OK, so, you have issues with your computer. You've managed to get yourself infected, and you don't want to pay someone lots of money to fix it, but you need to fix it.

What follows is the protocol that I follow when dealing with issues. The process has a high rate of success, but is not perfect, nor will it address all possible issues.

WARNING:  Do this starting early on the weekend.  This will likely take 2-3 days to complete, depending on the veracity of the infection and the speed of your computer.  This can destroy your computer, even if done right.

  1. If you have the ability to clone your hard drive, then clone it, and put the clone in your computer and work on that.  If not, then do a file-level backup to an external USB drive or cloud.
  2. Download & Run SuperAntiSpyware (SAS) portable.  Do a full scan and allow the corrections/deletions to be made.
  3. Reboot
  4. Install MalwareBytes AntiMalware (MBAM), update, run
  5. use msconfig to force safe mode (type it in the Run... dialogue in the start menu.)
  6. reboot the machine.  If you did the last step correctly, the machine will reboot into safe mode automatically.
  7. run SAS
  8. reboot again, into safe mode
  9. run MWBAM
  10. run msconfig to enable booting into normal mode
  11. reboot into normal mode
  12. install CCleaner from Piriform
  13. use msconfig to force safe mode
  14. reboot into safe mode
  15. use CCleaner to:
    1. disable browser extensions
    2. dump temporary files
    3. uninstall PUPs/Malware
    4. check registry and repair.
    5. check scheduled tasks and disable anything that looks suspicious
  16. Use msconfig to enable normal mode.
  17. Run SAS, full scan.
  18. Run MBAM, full scan
  19. Update your anti-virus software (AVS).
  20. Locate the exceptions that have been configured in your AVS and delete/disable anything looking suspicious.
  21. Perform a full system Scan with your AVS.
  22. Reboot.
  23. If you are bold, run regedit and look in the Run & Run Once Keys. Delete anything suspicious.
  24. Look in the Startup folder in your start menu.  Delete anything suspicious.
  25. Reboot.
  26. Force Windows Updates.
  27. Reboot.

Your system should be clean now.

I take no responsibility or liability for you following these instructions and destroying your computer.  You bare the liability on yourself.  Remember Backup and update often, it is your only key to survival.

Thanks for reading.

Jay C. Theriot
System Engineer, Web Content Producer
Technology Outreach Missionary

Please, Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.