MRfMM – 1. Preparing the System for Cleaning

Full Segment

Stopping the pop-ups

– Exiting pop-up programs

Pop-up programs are the most visible but usually least malicious malware infections. If you are getting too many pop-ups to work on the system, try doing the following to cut down or stop them.

  1. Go to the system tray and mouse over each icon to see what it is. Right-click over those that are potentially unwanted programs (PUPs) and select exit or quit.
  2. Click on the little ^ (uptick) at the start of the system tray and mouse over each icon in the hidden notification area. Right-click and exit the PUPs.

While this may not stop all the pop-ups, it may lessen the number enough to work on the system. This does not remove any of them. It just exits some of the programs. If you restart the system, they will appear again.

You can stop many of them by editing the startup items via MSCONFIG.

– Checking MSCONFIG

On boot, programs in the startup list begin running. Often malware will add themselves to the startup list to make sure they start running when you turn the system. You manage the startup list from MSCONFIG. To turn off unwanted programs do the following:

  1. Go to the Start menu and type “msconfig.exe” in the search box at the bottom.
  2. Click on msconfig in the search list. It should be the first item.
  3. Click on the Startup tab.
  4. Go down the list and uncheck unwanted Startup items.
  5. Click OK.
  6. Click Restart.

Hopefully, enough of the pop-ups have stopped to let you work on the system.

If you are unsure what something is, search on the Startup Item name or Command to see what it does. If searching by Command, you only need search on the executable name. Don’t include the path, ie “example.exe” not “c:\Program Files\Example\example.exe”.

Can you get on the internet?

If you are unable to connect to the internet with a browser, the likely reason is that malware has created a proxy server setting in Internet Options. Doing this enables malware to inspect your browsing data and inject ads, popups or even send your data to hackers.

Even if you can get to the internet, it is good practice to check this setting to make sure it is not being maliciously used.

To check proxy server settings:

  1. Go to the Start menu and in the search box type in “internet options”.
  2. Click on “Internet Options”.
  3. At the top, click the Connections tab.
  4. In the lower right side, click on “LAN settings”.
  5. About halfway down on the left, find the “Proxy Server” label.
  6. If “Use a proxy server…” is checked, uncheck it.
  7. Click Ok and then close the Internet Options box.

You should now be able to access the internet with a browser. If not, then view the Safe Mode and System Restore video for further instructions.

Uninstalling PUPs

While the malware scanners will usually remove unwanted programs, it is not a bad idea to uninstall those that allow you to uninstall them. The most malicious malware doesn’t even show up as a program to uninstall.

To uninstall programs:

  1. Go to the Start menu and in the search box type “uninstall programs”.
  2. Click on “Uninstall a program”.
  3. Review the list of programs. When you see one you don’t want, click on it and then click Uninstall towards the top of the panel.
  4. Carefully read what the uninstall programs displays. Many programs try to trick you into keeping them or even installing other software.
  5. After reviewing the screen, click Next or Finish. Repeat for each screen.
  6. If a programs asks to “Restart Now”, select “Restart Later”. To save time and restarts, uninstall all the programs first and then restart the system.
  7. Repeat for other unwanted programs.
  8. Restart the system.

Creating a Restore Point

System restore points allow you to take the operating system back to an earlier time when it worked correctly.

It’s good practice to create a restore point before a cleaning in the unlikely event something goes wrong during the scanning.

Often malware disables this system protection and deletes previous restore points to prevent you from trying to remove it.

To check if system protection is turned off do the following:

  1. Go to the search bar and type in “create a restore point”. On Win 7/Vista, this is at the bottom of the Start menu.
  2. Select “Create a restore point” from the items found.
  3.  In the System Properties box, click on the System Protection tab.
  4. In the System Protection section, check that Protection is turned on for your C drive.
  5. If it is not, then click on the Configure button.
  6. Select “Restore system settings and previous versions of files”.
  7. Click Ok.

Now to create a restore point, do the following:

  1. In the Systems Properties box, click Create.
  2. In the box that pops up enter a name for your restore point.
  3. Click Create.

It may take a few minutes to create the restore point. When it’s done, click Close and then dismiss the Systems Property box.

If creating a restore point fails, you have two options. You can watch the Safe Mode and System Restore video or continue on without creating a restore point. The chance of something going wrong during the cleaning is roughly 1%.

Disabling your anti-virus software

Before you begin scanning, you should disable your anti-virus real-time protection. It will make the scanning go faster. Also, many anti-virus programs falsely determine that the cleaning tools we’ll use are malware because of the techniques they use to root out and remove the real malware.

– Disabling Windows Defender

By default Windows enables Windows Defender for anti-virus protection. Most third party av solutions disable it when they install. Here is how to disable it:

  1. Type “windows defender” in the search bar at the bottom of the Start menu.
  2. Click on Windows Defender.
  3. If a box appears stating this program is turned off. It is already disabled. Now disable your main av software.
  4. In the Windows Defender main window, click on Tools.
  5. Click on Options.
  6. At the bottom of the list on the left select Administrator.
  7. Uncheck “Use this program”.
  8. Click Save.
  9. In the box that pops up, click Close

– Disabling AVG and other AV software

To disable AVG Free:

  1. Locate the AVG Free icon in the system tray to the left of the date and time at the bottom right of your display. It may be located in the hidden notification area. You access it by clicking the ^ (uptick) at the left of the system tray.
  2. Right click over the AVG Free icon and select “Temporarily disable AVG protection”.
  3. In the pop-up box that appears, click on the time and select “Until Restart”.
  4. Click OK.

During the cleaning process you will need to disable your anti-virus software after each restart of the system.

Refer to your specific product help to learn how to disable yours.

< Table of Contents                    2. Scanning the System >