Friday, October 18, 2013 Malware – Remove Radically

‘Every time I'm on or in my yahoo email accounts I get a pop-up disguised as something I've downloaded (or maybe I did download it??) and says:
Do you want to open or save get-user-id.js from
I have looked at a lot of posts dealing with this issue, but I'm thinking that I need to ask specifically for my computer.  I've done all that I know  to do which is running a scan through trend micro and deleting temporary internet files.  I also tried something I found on ehow which was blocking’
– quoted from one of its victims.

FAQ: what is popup?

Apparently that shares the same popup ads with sponsorship and Browser helper object as is, it is in effect a malware that would implant vicious codes into database to hijack browsing functions, making itself being capable of popping up whenever it wants. Such malware like possessing the ability to modify configurations by force will incur undesirable problems:

  • Tracking cookies are able to install onto the compromised computer to collect information.
  • Computer becomes vulnerable to be under attacks by various types of virus.
  • Computer becomes much slower than before and page-loading speed is slowing down somehow.
  • Search results may be redirected one day.
  • Error messages can occur when attempts are made to rectify something or uninstall programs.
Should one leaves popup issue behind, one will be certainly encounter much more ads appearing on the computer to the extent that one cannot browser at all. Therefore, one should adopt efficient method to remove malware before it triggers more troubles to complicate the removal procedures.

Steps to Remove Malware

Step1: End running process of malware.

> Windows7/vista/XP
Hold Ctrl, Alt and Delete key combination together > Task Manager shows > hit Process tab > find and select items related to > hit ‘End Process’ to remove malware.

> Windows 8
Start screen > type ‘Task’ > Task Manager shows > hit Process tab > find and select items related to > hit ‘End’ to remove malware.

Step2: Reset browser to remove malware.

> Internet Explorer
  • Open Internet Explorer.
  • Click on the Tools menu and then select Internet Options.
  • In the Internet Options window click on the Advanced tab. Then click on the Restore Defaults button and then press OK.
> Firefox
  • Click on the Firefox button > Help > Troubleshooting information.
  • Locate a box containing ‘Reset Firefox’ button on the left uppers corner of the web page.
> Google Chrome
  • Choose ‘Customize and Control Google Chrome’ menu.
  • Select ‘Options’.
  • Click ‘Under the Hood’ tab on ‘Options’ window.
  • Click ‘Reset to Defaults’ button.

Step3: Manually modify browser settings to remove malware further.

> Firefox users to follow up:
  • At the top of the Firefox window, click on the Tools menu
  • Manage Add-ons
  • Modification should be made under Extensions tab and Plugins tab respectively.
> Google Chrome users to follow up:
  • Click on ‘Customize and control’ Google Chrome icon
  • Select ‘Settings’
  • Manage ‘Extension’
  • Select ‘manage search engine’.
> Internet Explorer users to follow up:
  • Go to Tools
  • Choose ‘Manage Add-ons’.
  • Find and click on something useless including malware in ‘Toolbars and Extensions’, ‘Search Providers’ respectively
  • Click ‘Disable’/ ‘Remove’ to remove malware.
Step4: Launch build-in popup blocker to stop malware from popping up.

> Mozilla Firefox
  • Open Mozilla Firefox.
  • Click Tools.
  • Click Options.
  • Click the Web features button on the left hand side of the Options window.
  • Remove malware.
> Microsoft Internet Explorer
  • Open Internet Explorer.
  • Click Tools.
  • Click Options.
  • Click the Privacy tab.
  • Locate pop-up Blocker section at the bottom of the Privacy tab.
  • Check "Block pop-ups" option to remove malware.
> Google Chrome
Use Google Toolbar that includes a free popup blocker to remove malware.

Step5: Show hidden files and folders before find out and delete any item associated with malware in Drive C.

> Windows 8
  • Open Windows Explorer by clicking on Windows Explorer application from Start Screen.
  • Select View tab on Windows Explorer window.
  • Tick ‘File name extensions’ and ‘Hidden items’ options.

> Windows 7/XP/Vista
  • Open ‘Control Panel’ from Start menu and search for ‘Folder Options’.
  • Under View tab to tick ‘Show hidden files and folders and non-tick Hide protected operating system files (Recommended)’ and then click ‘OK’.
Step6: Empty out all Temp folders in under System32

> Double click on Temp folder under System 32.
> Press Ctrl and A key together.
> Right click on one of the selected items.
> When a drop down list shows, press Shift and D key together.
> A box comes up for confirmation.
> Press Enter key.
> Restart the infected computer.
If error message prompts up after reboot to tell that files cannot be found, it is telling you that there still are registry keys being modified by malware. Follow the path showed in error message to modify registry entries.

Step7: Go to the Database and navigate to HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion, HKEY_CURRENT_USER\Software\Microsoft\Windows and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows to find items related to malware contained in folders of infected browser (e.g. IE, Mozilla Firefox, Google Chrome)

> Windows 8
Move your mouse over lower right screen -> charms bar appears -> click Search charm -> type ‘regedit’/‘regedit.exe’ -> hit Enter key.

> Windows 7/XP/Vista
Press Win key and R key together -> type ‘regedit’ (without quotation) in the box -> hit Enter key.

It has been reported by many of its victims that neither anti-virus program or anti-spyware programs are able to help with complete removal of malware. That’s because that the vicious codes are embedded in the extension/plug-in/add-on, the type that is not considered to be viral. To help yourself out and regain a clean computer, it is better to employ manual method. Should failure occurs, one needs to recheck is there is any other virus to help its survival. Or should one needs professional assistance, feel free to consult experts here.

No comments: