Remove Malware

For Free

disclaimer: while these methods work great for basic malware they may not work against more sophisticated virus, trojans, and worms and will almost definitely NOT work against a Rootkit.

INTRO: Virus vs Malware

Remove W32 Virus with free tools

System Restore



Virus vs. Malware:

Most people think that anything bad on their computer is a "virus". But there are actually many variations such as worms, trojans, logic bombs and others. Collectively, these are all known as "malicious software" aka malware. Spyware is not usually considered, but recently the lines between spyware and malware have begun to blur as spyware gets more aggressive, subversive and intrusive.



Here are the two easiest ways to remove viruses and spyware from your system without using Symantec, Mcafee or other high priced "security" application.

1) Conduct a System Restore. Click Here to remove a virus with System Restore

2) Use FREE Adaware/Spybot Search and Destroy (see instructions below on how to remove a virus using free security tools)




Remove Virus with Free Security Tools


1. Load Anti-Spyware/Anti-Malware Applications

Download and Install Adaware SE for free at

When installing, ensure that you update the signature files of Adaware (it will prompt you to do so).

Download and install: Spyware Search & Destroy

You can get Spybot Search & Destroy from

Spyware Search & Destroy may prompt you to install the updates once you have installed the software on your system. Just follow the Install Wizard walk through and you'll be fine. (Step 4 & 5 will instruct you on how to clean the system, but it is best to be in SafeMode, which is explained in Step 2.)


2. Reboot and go into Safe Mode

Reboot your computer and HIT the “F8” Funtion Key like crazy If it doesn’t, work try again. The system should ask you what mode you want to boot in. You want “Safe Mode” or “Safe Mode with Networking” MORE ON SAFE MODE


3. Add/Remove Spyware From "Programs"

Once in Safe Mode, Go to Start | Run | Add/Remove Programs. Look for odd software that looks suspicious. Spyware typically has keywords like "Optimizer" or "Spy Sheriff" or "surf."

You should have any doubts about the program you are going to remove DO NOT DO IT. Go to the next step. I just want you to realize that Add/Remove programs can be an important feature for removing unwanted programs.


4. Clean your system up with Adaware SE

Once you are in Safemode and have the free anti-virus/anti-spyware loaded, do a "Full System scan" and an ADS scan with Adaware SE

An ADS scan will require you to select a drive (select the C: drive.) *ADS Scans look for files hiden in files.


5. Clean Malware off with Spybot Search & Destroy


Install the updates once you have installed the software on you system. You may have to click on the desktop icon or go into Start | Programs to start "Spybot Search & Destroy" and do a complete system scan.

6. Make sure the malware is gone:

Once you boot back into Normal mode (just reboot the system), system performace will be an indication of whether of not the system has been cleaned of the malware and Spyware.

If the system is not clean, I would suggest running both Spybot and Adaware again to make sure you didn't miss any steps.

If you still can not remove all the malware, check out what your system is doing with Netstat and Task Manager. It may give you some clues of what malware is still being executed. Here is a list of command malware:

List of Malware that was loaded on my system:




winstall.exe (reloads Spy Sheriff after it is uninstalled)

iexplorer.exe (Variant of evivinv.virus, rapid Blaster)


z*.exe (z11, z12, z13.exe ect.)

sywsvcs.exe (Troj/Orse-L)


You have to realize that some Malware is really, really hard to get rid of and may require much more time to remove. One great way to figure out how to get rid of more specific hard to remove malware such as PS Guard, smithfraud, rootkits, and others that will piss all over Spybot and Adaware, is to seek out the forums. If you have the problem, chances are 1000 people have already had it and lived through it.

You might also try as System Restore. Its even faster than the instructions above.

When all else fails, back up your important porn and format with your original Windows software. And make sure you have adequate protection (preferably, a hardware firewall using NAT) otherwise you will, like a Katrina survivor, moving right back under the levee with no protection from another disaster that is almost certain.

You should also surf with Firefox. It is currently the best browser on the market IMO.



This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys.

1. Download Autorun into C:\Autoruns and run it in while in Safemode (you will have to reboot to get to safemode).

2. When in Safemode, goto the C:\Autoruns folder and double-click on autoruns.exe.

3. When autoruns.exe starts, click on the "Options" menu and enable the following options

- Include empty locations

-Verify Code Signatures

- Hide Signed Microsoft Entries

4. The F5 key on your keyboard will refresh the startups list using these new settings.

5. Autoruns will show information on all the locations where the malware is loaded (pay attention to Logon and the Services tabs). Click on each tab and look through the list for the filename that you want to remove. The filename will be found under the Image Path column. There may be more than one entry associated with the same file as it is common for malware to create multiple startup entries.

6. Once you find the entry that is associated with the malware, you want to delete that entry so it will not start again on the next reboot. To do that right click on the entry and select delete. This startup entry will now be removed from the Registry.

7. The next step is to delete the file using My Computer or Windows Explorer. If you can not see the file, it may be hidden (How to unhide files).

8. When you are finished removing the malware entries from the Registry and deleting the files, reboot into normal mode as you will now be clean from the infection.

9. Visit Beeping Computer and give thanks