How to Remove Malware that Keeps Coming Back?

Dennis Faas's picture

Infopackets Reader Frank P. writes:

" Dear Dennis,

A friend of mine has a malware (or a virus) on his computer and can't get rid of it. He has tried to download various malware removal utilities online (such as malwarebytes antimalware, etc), but his web browser appears to have been hijacked and subsequently, malwarebytes won't download. What can he do to remove the malware? "

My Response:

Some malware will purposely block websites (such as malwarebytes) to prevent you from downloading and removing the infection. The easiest way to get rid of pervasive malware is to boot from an uncontaminated (clean) environment.

Here are some options:

1. Assuming you have disk imaging software installed on your system and have made previous backups, you can restore a disk image of the infected system. Disk image restoration is great and has saved me many times, but comes with a few caveats; first: you need to create backups on a regular basis. Second, you need to have a rescue CD or bootable rescue environment already installed on the system to boot from a clean environment. Third, you may lose any data or preferences that were updated since the last disk image backup, depending on how you have things set up. That said, disk image backups are near bullet proof because they guarantee the malware will be gone, assuming your system was infection-free when you made the last backup. I personally use Acronis True Image for my disk image backups on all my PCs at home (and have been since 2004), and highly recommend it.

2. Use a second PC to clean the infected drive. In this case, you would take the hard drive out of the infected system and put it into a clean system. You would then boot the clean system, then scan the infected drive. A major caveat here is that you will need to ensure that you don't accidentally boot from the infected drive or you will risk infecting the clean system. You can manage this by going into the BIOS settings and select the boot order. The benefit of going this route is that you have a wide array of options in cleaning the infected drive once the system has booted; for example, you can use multiple programs to clean the infected drive - whether it's malwarebytes or some other antivirus program. If the drive can't be cleaned properly (due to a severe malware infection), you can also back up the data, format the drive, then retrieve the important data later - just be aware there is also a chance for reinfection from backup, depending on the nature of the malware.

3. Boot from an antimalware / antivirus CD or bootable USB thumb drive. In this case you would be booting from the infected system, but the operating system that boots from CD or USB is independent of Windows, therefore the environment is clean. There are a handful of utilities out there that can do this sort of thing. For example, Grisoft AVG (free antivirus / antimalware) offers both a CD image and bootable USB image. I have personally tested the bootable CD and it works great; I believe it runs from Linux and even offers the option to update the virus definitions via the Internet. The caveat here is that the antimalware / antivirus definitions may not catch all infections and are therefore limited. Also, depending on the malware infection, it may be difficult to download anything. As such, I recommend always backing up with disk images on a regular basis as they are true disaster recovery. If you need help setting up disk image backups, send me an email and we'll set up a time to meet online.

Additional 1-on-1 Help: From Dennis

If all of this is over your head and/or you are completely stuck and need help removing a virus or malware that keeps coming back, I can assist you 1-on-1 through remote desktop support (a service I offer). In this case, I can do one or more of the following:

  • Advise you step-by-step what to do to get the problem fixed, and/or
     
  • I can help you to download and create bootable rescue CD or USB drive;
     
  • Remove the virus / malware from the system - if you can login and access the desktop of the affected machine;
     
  • Remove the virus / malware from the system - if you cannot access / login to the affected machine, you will need to take the hard drive out and place it into another computer (either by going inside the machine or by placing the hard drive into an external enclosure);
     
  • Backup your data on the computer that's messed up, so that you can prep it for a Windows reinstall and so you don't lose all your data. There are restrictions with this: if you cannot get into the desktop on the system that is affected, then you will need to extract the hard drive and place it into another computer (or external enclosure). If you can get into the desktop, then I can backup from within Windows and then advise you on what to do next.

To get in touch with me for this service, please use the contact page.

About the author: Dennis Faas is the owner and operator of Infopackets.com. With over 30 years of computing experience, Dennis' areas of expertise are a broad range and include PC hardware, Microsoft Windows, Linux, network administration, and virtualization. Dennis holds a Bachelors degree in Computer Science (1999) and has authored 6 books on the topics of MS Windows and PC Security. If you like the advice you received on this page, please up-vote / Like this page and share it with friends. For technical support inquiries, Dennis can be reached via Live chat online this site using the Zopim Chat service (currently located at the bottom left of the screen); optionally, you can contact Dennis through the website contact form.

Rate this article: 
Average: 5 (6 votes)

Comments

blueboxer2's picture

Some time ago I got a malware attack that blocked all my defensive software, including Malwarebytes. Fortunately on my other computer I did a search that directed me to www.bleeping-computer.com, where a program called rkill is offered. It's a bit complex and apparently sufficiently potent that an error in using it can do enough damage to make you wish for the malware back so the complex instructions need careful following. But it blows away the block, lets you download mbam or other anti-malware of your choice, and permanently clean your machine.