How to scan and remove malware using SymDiag and Malwarebytes in 6 steps?

How to remove malware from Windows in 6 steps

Is your computer running slower than usual? Do you see a lot of pop-ups? Have you noticed any other, unusual occurrences on your computer? If so, your PC has probably picked up a virus, spyware, or other malware, even though you have an antivirus program installed. We will now show you in a few steps how to check the system.

Step 1: Prepare (preferably on a secure computer, not infected)

Download tools that can help you detect viruses/threats on your computer. There are a number of free tools available that allow both online (while online) and offline computer scans.

Our advice is to try two great tools:

  • SymDiag (Symantec) - which you can download here
  • Malwarebytes - which you can download here


In addition to these tools, there are also Kaspersky Virus Removal Tool, Microsoft Malicious Software Removal Tool, BitDefender Free Edition, and others.

Save the tools you downloaded to USB and throw yourself on the infected computer.

 

Step 2: Boot the system in Safe Mode


First, disconnect your computer from the Internet and do not connect until you are ready to clean your computer. This can help stop the spread of malware and/or compromise your files. If you suspect malware, start your computer from Safe Mode

Only the necessary programs and services are available in this mode. If the malware is programmed to start automatically when Windows starts, Safe Mode can prevent it. This is important because files can be removed more easily from there because they are not running or active.

Unfortunately, Microsoft has complicated the process of entering Safe Mode in Windows 10 compared to Windows 7 and 8. To enter Safe Mode in Windows 10, click Start and select the Power button, but do not click on anything. Then hold Shift and click Reboot

When the full-screen menu appears, select Troubleshooting -> Advanced Options -> Startup Settings. In the next window, click the Restart button and wait for the next screen to appear. The menu with Startup options will appear - select number 4, ie. Safe Mode. Note that if you want to use one of the online scanners, you must select option number 5, which is Safe Mode with the Internet.

When it comes to Windows 7 (or 8), Safe Mode is much easier to enter - just before the operating system loads (so as soon as you turn on the computer) to press F8 (sometimes it helps to press F8 repeatedly) until the Safe Mode menu appears.

Your computer may run noticeably faster in Safe Mode. This probably means that the system is infected with malware, although it can also mean that a lot of regular programs run along with Windows.

Step 3: Delete the temporary files


You can use the built-in Disk Cleanup utility in Windows 10 to delete. In Safe Mode, run a virus scan. Before that, delete the temporary files. This can speed up scanning, free up disk space, and even remove some malware. You will find the Disk Cleanup utility if you type "Disk Cleanup" into the search, or it will appear if you click the Start button.

Step 4, Option A: Scan the system with the SymDiag tool


Double click on the downloaded file, SymDiag, to run it and accept EULA.

Then click on the 'Start Scan' button next to 'Threat Analysis' in the 'Scans' section on the front page:

Threat Analysis Scans

The ‘Threat Analysis’ dialog will appear where all you have to do is click ‘Next’ to start scanning your computer (you can also select the ‘Scan for root kits’ option):

Malware Threat Analysis Scan

If your computer is not connected to the Internet, you can continue scanning, but you need to save the scan results so that you can later analyze them on a computer named Internet Access, specifically Symantec Reputation database:

Malware Threat Analysis Scan 2

Malware Threat Analysis Scan 3

If you have Internet access when the scan is complete, options will be displayed to give you further analysis. These options include:

  • Copy one or more files to zip so that you can send them to Symantec for analysis (you can also use the Virus Total service, www.virustotal.com)
  • Removal of files
  • File display filtering
  • Review of data collected during the analysis

Malware Threat Analysis Scan Report

If you started the analysis without Internet access, you need to record the results of the analysis, to complete the work on the computer with Internet access, ie. Symantec Reputation database. Select the ‘Save’ tab to go to the analysis results save page where you can select the directory where the file will be saved (the USB you prepared in the first step, for example). The file has a .sdbz extension and can be opened with the SymDiag tool. 

Malware Threat Analysis Scan Report Save

To complete a scan that you started on a computer without Internet access, run the same tool, SymDiag on a computer with Internet access and the Symantec Reputation database, and choose File> Open Report from the menu and open the file you saved with the .sdbz extension. Select the 'Threat Analysis' tab and then click on the 'Complete Report' button.

Malware Threat Analysis Scan Complete

Check the files that have a negative analysis result (marked in red) in the report - these files are likely a virus or parts of a virus. Be sure to send these samples for analysis (either to Symantec or through the Virus Total service) and check if it is a virus and remove them if necessary. SymDiag also includes a Power Eraser that effectively removes found viruses.

Step 4, Option B: Scan the system with Malwarebytes


Run the Malwarebytes you downloaded in the first step from USB. Once you have installed the program, run the default "Threat Scan" option (the update will be checked first). This option is generally enough to find all infections. 

When the scan is complete, you will get the results. If you get a notification that there is no malware, but you still have doubts, run a "custom scan" and try one of the other scanners mentioned above. If Malwarebytes shows an infection, remove them using the "remove" option and restart your computer if prompted. If the problem persists, run a "full scan" (in both Malwarebytes and other scanners). 

If you think the malware has been removed, run a "full scan" in your AV program in real-time to confirm the results.

It can happen that after running Malwarebytes it disappears, which probably means that it is a deep infection and then it is better and much easier to back up the files first, and then reinstall Windows or leave the computer to someone who has more experience and knowledge.

Step 5: "Fix" and Internet browser


There is malware that modifies your homepage in your browser to re-infect your computer, display advertisements, prevent you from surfing, and annoy you. Before you start the browser, check the home page and connection settings.
 

Step 6: If the malware persists, back up and reinstall Windows

If you were unable to remove the malware, or if Windows is not working properly, you must reinstall Windows or have your computer serviced. to leave it to someone who has more experience and knowledge. Before that, copy the files to an external drive or USB. If you use an email client (such as Outlook), export the settings and messages to save them. 

Also, back up your drivers using apps like Double Driver if you don't want to download them again. Once you have backed up everything you need, you can reinstall Windows.
 

How can your computer stay clean and free of malware?


Always use the latest updated version of the AV program in real-time. You can additionally use the free OpenDNS service (https://www.opendns.com/home-internet-security/) which blocks dangerous sites. If you visit suspicious sites, you can protect yourself by running an Internet browser in sandbox mode (this prevents malware from damaging the system). 

Check your online accounts (bank accounts, email, and social networks) and focus on suspicious activity. If you notice them, change your passwords because cybercriminals can access them using certain malware.

If you use automatic file backup, scan them as well to make sure that an infected file is not accidentally saved. Keep all your applications, including Windows, up to date. It is best to set the option to automatically update systems and applications, wherever possible.




No comments