MRfMM – 2. Scanning the System

Full Segment

Rkill

Download Rkill

Some malware prevents you from running tools to remove it. Rkill is a program that terminates known malware processes so you can use the tools you need to clean. It does NOT remove malware. It only kills processes active in memory.

Here’s how to use Rkill:

  1. Click the link above and download Rkill. Download the iExplore.exe program. It is rkill renamed to prevent malware smart enough to kill any program named Rkill.
  2. Find Rkill in your downloads folder.
  3. Right-click over it and select “run as administrator”.
  4. It will take a few seconds to run. When it completes close the window and move on to the next step.

– Enabling Internet Explorer Downloads

If you are using Internet Explorer and you can’t download Rkill because “Your security settings do not allow this file to be downloaded” then malware has disabled downloads.

To enable downloads:

  1. Click on the gear icon in the upper ight of Internet Explorer.
  2. Select “Internet Options”.
  3. Click on the Security tab.
  4. Select “Custom Level”.
  5. Scroll down the list until you see the Downloads section.
  6. Click Enable.
  7. Click Ok.
  8. Click Yes.
  9. Click Ok.

Now retry the download. In some cases you may need to restart IE.

This setting does not effect Firefox or Chrome. If you are unable to download with them see the video on Safe Mode and System Restore.

Malwarebytes Anti-Malware

Download Malwarebytes Anti-Malware

Download Malwarebytes using the link above. Then run the executable. During the installation click “Next”. On the last screen uncheck the “enable trial…” box. You won’t need this for the cleaning.

When Malwarebytes starts it will update itself. When that is complete do the following:

  1. Click the “Scan” tab at the top.
  2. Select “Custom Scan”.
  3. Click on “Configure Scan”.
  4. On the right, select the C drive. If you have other drives you want checked, select them.
  5. On the left you can select “Scan for rootkits”. This is useful but note that it will roughly triple the length of the scan.
  6. Click “Scan Now”. Depending on the amount of data, speed of your computer and problems involved, this may take awhile.

When the scan is complete make sure all items found have  a check mark to the left. Then click “Remove Selected”.

Malwarebytes may ask to restart the system to finish cleaning. If so, do so.

AdwCleaner

Download AdwCleaner

Download AdwCleaner using the link above. Find the file where you downloaded it and right-click over it. Then select “Run as administrator”.

When it runs, it will update itself. When the main screen appears, do the following:

  1. Click the Scan button.
  2. When the scan is complete, click the Cleaning button.
  3. Press Ok on the dialog box that pops up.
  4. Click Ok when AdwCleaner asks to restart the computer.

After the restart, AdwCleaner will display a log of the actions it took.

Installed AV Scan

Finally, run a scan using your day-to-day AV software. It’s not uncommon for items to be found during this cleaning. Usually these are remains or traces left over from the other scans. Remove or quarantine what is found.

Now it is time to detail the system.

< 1. Preparing the System for Cleaning                    3. Detailing the System >