- Use at your own risk: Geeks to Go, does not take responsibility for any outcome of following these directions. Every computer is different, so we cannot guarantee the outcome.
- DO NOT use for Google (browser) Redirects!! See HERE
When you find that your computer is so bogged down with malware and nothing works, please read through this tutorial. Likely one of the options will work.
1. The first thing we want to do is to download and run Malwarebytes' Anti-Malware (MBAM) which you probably can't do....that's why you're here.
Common Issues, Questions, and their Solutions for MBAM HERE and HERE
The malware is preventing you from downloading any programs, running any files such as .exe (executable) and even preventing you from using safe mode. We will attempt to terminate the malware that's running on your computer and restore some of the functions by using rkill or exehelper, they both do a good job at it, it's just a matter of finding out which one will run on your computer.
Please Note: The purpose of these tools is to stop certain processes and fix certain reg keys that stop you from using our normal clean up tools. They're NOT designed to remove infections in their entirety and not designed to fix all problems.
You can try running these in safe mode also if possible.
If needed you can download them to a usb flash drive and then transfer them to the sick computer.
There's 3 versions of exehelper and 5 versions of rkill.
When you find a version that does run, immediately download and run MBAM.
explorer.exe<----exehelper with a different file name
rkill.exe rkill.com rkill.scr
WiNlOgOn.exe uSeRiNiT.exe <-----these are rkill with different file names
If you can't connect to the internet, here's how to fix that:
- Open up Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options.
- Now click on the Connections
- Now click on the Lan Settings
- Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Then press the OK button to close the Internet Options screen.
- Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer.
VIPRE Rescue Program is a new anti-malware utility that runs from the command prompt that will scan for and remove most malware including rootkits. It will run when other programs won't.
Please note: Windows must load for this scanner to work.
It's easy to use:
1. Download VIPRE Rescue to your desktop (it's a big download about 80mb.....takes about 4-5 minutes on broadband and always download a fresh copy as it is updated frequently)
2. Double click on the VIPRE Rescue icon, it will ask if you want to extract VIPRE Rescue Scanner to your computer, click yes.
3. The "WinZip Self- Extractor" window will pop-up, click Unzip
It should by default unzip to C:
Make sure the checkbox for "When done unzipping open: .\deep_scan.bat" is checked
After the files are unzipped, click OK
4. VIPRE Rescue will now run automatically and perform a deep (full) scan.
5. When it's done, type exit and press enter to close the program.
6. The log isn't that good but will be in the VIPRERESCUE folder and listed as a CSV file.
7. Now see if you can run MBAM.
Note: If you find that you can't download any programs to the infected computer, you can download VIPRERescue to a usb flash drive on another computer.
Then plug the drive into the infected computer, navigate to the drive and double click on VIPRERescue****.exe and follow the directions above starting at #2.
It's easy to use, just download SAS Portable Scanner to the sick computer, double click on it and then run it.
If you can't download it on the sick computer, download it onto another computer and then put it on a usb pen drive or cd and run it from there.
Please note: Windows must load for this scanner to work and also the scanner is saved under a random filename so that malware infections won't block the scanner.
Good Luck and Thanks for using the forum