Malware: Types, Protection, Prevention, Detection & Removal

On this page you will learn everything you need to know about the types, symptoms, protection, prevention, detection and removal of malware (computer virus, ransomware, spyware, adware, rootkits, trojan horse, worms, etc..).

Everything explained in a easy way.

This article is the result of my own experience and several well-known online sources.

What is Malware?

Malware short for "malicious software" is software that is specifically designed to damage or disrupt a system, steal information (spy on you), or destroy data.^[1]

Malware is a broad term used to describe many different types of malicious programs.

Malware Types

Common Malware types are:

• Computer Virus - is capable of copying itself and spreading to other computers. Viruses can perform harmful activities on an infected PC such as corrupting the system or destroying data.
• Spyware ^[2] - secretly monitors your activities and gathers your information through your Internet connection without you knowing about it.
• Adware ^[3] - shows unwanted advertisements on your computer and generate revenue for its creator. These advertisements are often in the form of annoying pop-ups (windows).
• Rootkit ^[4] - is a collection of tools (programs) that are designed to remotely access or control a computer or network without being detected. Rootkits are difficult to detect because they are activated before your system's Operating System has completely booted up.
• Trojan Horse ^[5] - (also known as a "Trojan") disguises itself as a normal file or program to trick users into downloading and installing malware.
• Worm ^[6] - is capable of copying itself and spreading to other computers. It uses networks to spread itself and causes harm by using a lot of bandwidth (this makes your internet slow) or possibly deleting files or sending documents via email. Worms can also install backdoors on computers. The difference between a worm and a computer virus is the way they spread – worms spread across networks and viruses attach themselves to various programs and executable codes.^[7]
• Ransomware ^[8] - prevents or limits users from accessing their system or data. It forces its victims to pay the ransom through certain online payment methods in order to grant access to their system, or to get their data back.
• Keylogger ^[9] - runs in the background and records every keystroke you make (everything you type on your keyboard). These keystrokes can include usernames, passwords, credit card numbers, and other sensitive and personal data. The keylogger will share this information with its creator.
• Botnet ^[10] - (also known as a zombie army) is a network of malware infected computers which are controlled by the creator of the botnet (cybercriminal). Each computer functions as a "bot" because it's infected with a specific type of malware. A botnet can be used to send spam emails, transmit malware, perform DDoS attacks and perform other malicious tasks.
• Rogueware - often pretends to be security software such as antivirus and anti-malware software, but can also pretend to be other software such as system cleaners. This type of malware is simply misleading (fake) software that asks users to pay money for removing fake problems and threats. When a PC is infected with Rogueware, the Rogueware will give warnings in an aggressive (annoying) way and if you want to try to remove these so-called problems or threats (found by the rogueware), you will probably be redirected to the payment page where you will need to purchase the so-called software to remove the (fake) problems and/or threats.

Malware Symptoms (Signs)

Some Malware symptoms (signs)^[11] are:

• Computer, programs and internet connection run slower than usual
• Your web browser often freezes (hangs or unresponsive)
• Annoying unwanted pop-up windows and ads appear
• System or programs regularly crash
• Hard drive continues to have excessive activity — even when you don't use it
• Sudden increase of disk space on your hard drive
• Unusual high network activity when not using your web browser
• Your web browser's home page has been changed
• A new toolbar is placed at top of your web browser
• You want to open a website, but you are sent (redirected) to another (different) website
• Unusual messages appear
• Unusual programs start automatically
• Your antivirus program and/or its shields and update function is turned off (disabled)
• Your friends are receiving strange (weird) messages and/or emails from you (which you didn't sent)
• You're blocked from getting access to your system and get forced to pay money (ransom) to regain access again
• You are unable to access the Windows Control Panel, Task Manager, Registry Editor or Command Prompt
• Your computer automatically plays music
• There are new unknown icons on your desktop
• Your computer restarts (reboots) by itself (turns automatically off and on)

Malware Protection

The BEST malware protection is YOU.

Look:

You can have the best malware protection on your computer, but even the best anti-malware (antivirus) software can fail to detect new malware.^[12]

Malware threats have grown significantly in the past decade. These threats grow so fast, that antivirus programs take too long to catch up with malware (even the best programs).^[13]

Therefore, the best protection is yourself.

You might be wondering:

What does he exactly mean?

Well, if you do any of the following:

• Use illegally downloaded software on your computer
• Install "free" software without checking it out first (reviews).
• Click on "OK", "Yes", "Continue" or "Run" when a pop-up window appears and asks you to install unknown software.
• Click on links in emails you don't trust.
• Download and open email attachments you don't trust.
• Ignore security warnings from Windows or your antivirus program
• Never update your operating system (Windows) and software
• Don't use antivirus software
• Use an unsecured web browser

Then there's a good chance that your computer will get infected with malware.

There's no better malware protection than yourself, so pay attention with everything you do online and offline.

And now:

Anti-Malware (Antivirus) Software

You should always use antivirus software on your computer – even when antivirus programs can't protect you 100% against all malware.

But:

It's better to have some protection than no protection at all.

And:

Good antivirus software can protect you against most known malware.

You should always install and use only one (1) antivirus program on your computer.

Using multiple antivirus programs on a PC is a very bad idea! ^[14] Why?

• They might attack each other: because one of them might think that the other one malware is because it's monitoring your system (same like spyware or other malware) and then it will attempt to block and remove it.
• They will fight over malware: when one of them detects, removes and places malware in quarantine, then they other program might also detect the same malware (even when the other program already has it in quarantine) and then it will also try to remove the malware and place it in quarantine. Then you will keep getting the same notifications about this malware over and over again.
• They will make your system slow: antivirus programs use a lot of your system memory to perform system scans and other related tasks. So your system will become slower when using two antivirus programs.

There are so many free and paid antivirus programs out there that it's difficult to choose one.

If you are looking for a good paid antivirus program, then Bitdefender and Kaspersky are good options. Bitdefender and Kaspersky always have very high scores in antivirus tests (AV-tests), like AV-TEST and AV-Comparatives.

If you are looking for a good free antivirus program, then the free versions of Bitdefender and Kaspersky are good options.

Extra Anti-Malware Software

You can use additional free anti-malware software and services together with your current antivirus program, like:

• Malwarebytes: free version doesn't offer real-time protection, but can be used for scanning and removing malware. The paid version offers real-time protection.
• Bitdefender Anti-Ransomware Tool is a free security tool that can protect against existing and emerging ransomware attacks. Can be used with your current antivirus software.
• RansomFree by Cybereason is a free security tool that can protect against existing and emerging ransomware attacks. Can be used with your current antivirus software.
• ESET Online Scanner: is a second opinion scanner for scanning and removing malware.
• Norton Power Eraser: is a second opinion scanner for scanning and removing deeply hidden and difficult to detect malware.
• Kaspersky TDSSKiller: detects and removes the following malware Rootkit.Win32.TDSS, bootkits and rootkits.
• Emsisoft Emergency Kit: contains a collection of programs that can be used without installation to scan for malware and clean infected computers.
• AdwCleaner: is a removal tool for adware, toolbars, PUPs (Potentially Unwanted Programs) and Hijackers (Hijack of the browser's homepage).
• VirusTotal: is a free online service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware. It uses different antivirus engines, website scanners, file and URL analysis tools and user contributions.
• Windows Defender Periodic Scanning (Windows 10 only): scans your PC periodically for malware and will remove the malware it finds. It's intended to offer an additional line of defense to your existing antivirus program's real-time protection. You can also perform manual scans with this feature.
• Kaspersky Virus Removal Tool: is a second opinion scanner for scanning and removing malware.

If you think your system is infected with malware or you don't trust a file, then you can use the above mentioned programs to scan for malware and try to remove malware.

The good thing about malware scanners is that you can use them alongside your current antivirus software. Which means you get the chance to use another antivirus program on your system without any problems.

Malware Prevention Tips

You can prevent malware by following these tips:

• Keep your operating system and software always up-to-date
• Use a firewall (Windows firewall is enough).
• Always take security warnings from Windows or your antivirus program seriously. Never ever ignore security warnings!
• Don't download and use pirated software.
• Never click on "OK", "Yes" or "Run" when a pop-up window appears and asks you to download and install unknown software.
• Never click to fast on "Next", "Install", "OK", etc... when installing software, because you might install extra unwanted third-party software (like toolbars). If you see extra offers, then uncheck all their checkboxes.
• Always download software from the official link or from a trusted website.
• Don't click on links in emails from unknown senders.
• Don't download and open email attachments – unless you can verify the source.
• Check free software before downloading and installing it onto your computer. Just Google the software first and look for reviews or forums.
• Use a secure and safe web browser like Google Chrome or Mozilla Firefox and keep it updated.
• Disable or uninstall Java if you don't need it.
• Disable or uninstall Adobe Flash Player if you don't need it. You can also disable Flash Player in your web browser.
• Don't click on links you don't trust, but first check the link. When you go with your mouse-cursor on the link, then you can see at the bottom left corner of your browser window the REAL location the link is pointing to. You can also check the link using VirusTotal.com.
• Never download "codecs" or "players" to watch videos online. If you can't play the video online in your secure web browser then there's something wrong with the video or website.
• When you insert a USB flash drive or external hard drive from someone else into your PC, then scan it first with your antivirus program before opening or copying anything.
• If you want to take risks, then at least install VirtualBox on your PC, then install a operating system, like Linux (Linux Mint or Ubuntu) as a virtual machine in VirtualBox and do your risky things in there. But remember that also this is NOT 100% safe.
• Don't use a Windows administrator account for daily use, but use a standard account instead. If malware or a hacker gets access to your system, then the malware or hacker has the same rights of whatever account you're using. So if you use an administrator account and malware or a hacker takes control of your system, then the malware or hacker can do anything he, she or it wants and have full control of your system, but if you use a standard account then they can only do things that don't require administrator permission, so he or she can't change important system settings or install malware, and malware can't install itself unless you enter the administrator password.
• Microsoft recommends that you disable SMB1 on Windows for security reasons.^{[15] [16]}

Malware Detection & Removal

I will show you step by step how to detect and remove (get rid of) malware from your infected PC in a few different ways using anti-malware software and free online scanners (malware removal tools).

The good thing about malware scanners is that you can use them alongside your current antivirus software. Which means you get the chance to use another antivirus program on your system without any problems.

Important Tips!

1. Create a system restore point. If something goes wrong you can restore the mistake with a system restore point.
2. Always scan your PC with multiple malware scanners to get more complete detection coverage, because some programs may detect malware that others might miss.
3. Always double check the results of each scan and make sure that nothing important is selected for removal. Even malware scanners can make mistakes and sometimes see something harmless as a threat.

Recommended Solution

If your computer is infected with malware (computer virus, spyware, rootkit, trojan horse, worm, etc..), and you want to be 100% sure that your system will be clean, then the best solution is to reinstall Windows or restore a system image backup that's 100% clean.

Why?

Well, if your antivirus (anti-malware) software detected malware, then you will never know for sure if that's the only piece of malware that has infected your system.

Malware can nestle itself deeper into your system and hide itself, so that it can't be discovered by your security software and it can also open doors to other malware.

Now:

I know that most people don't want to reinstall Windows or don't have a system image backup, so that's why I will show you step by step how to remove malware from your infected PC in a few different ways.

Step 1: Enter Safe Mode with Networking

If you think your computer has a malware infection, then boot Windows into "Safe Mode with Networking".

Booting into "Safe Mode with Networking" will only load the minimum required programs and services.

This mode may also prevent Malware from loading automatically when Windows starts.

This is important because it helps to remove Malware easier since it's not running and active.

How to start Windows in "Safe Mode with Networking" in Windows XP, Vista & 7

1. Start your PC and keep tapping on the F8 key repeatedly until a menu appears.

2. When the "Advanced Boot Options" menu appears, select "Safe Mode with Networking".

3. Press Enter.

How to start Windows in "Safe Mode with Networking" in Windows 8 & 8.1

Method 1

1. Start your PC and keep tapping on the F8 key repeatedly until a menu appears.

2. When the "Advanced Boot Options" menu appears, select "Safe Mode with Networking".

3. Press Enter.

Method 2

1. Click on the Start menu button.

2. Click on the power button.

3. Hold the Shift key down while clicking on "Restart".

4. When the options menu appears, click on "Troubleshoot".

5. Click on "Advanced options".

6. Click on "Startup Settings".

7. Click on "Restart" to restart your PC.

8. When the Startup settings menu appears, press the 5 key of your keyboard for "Safe Mode with Networking".

How to start Windows in "Safe Mode with Networking" in Windows 10

1. Click on the Start menu button.

2. Click on the power button.

3. Hold the Shift key down while clicking on "Restart".

4. When the options menu appears, click on "Troubleshoot".

5. Click on "Advanced options".

6. Click on "Startup Settings".

7. Click on "Restart" to restart your PC.

8. When the Startup settings menu appears, press the 5 key of your keyboard for "Safe Mode with Networking".

Step 2: Delete Temporary Files

Deleting your temporary files can speed up the scanning process and also free up disk space.

You don't need to install any extra software, because Windows has a built-in tool called "Disk Cleanup".

1. Open Windows Disk Cleanup.

Three ways to open this tool:

• Go to the Windows searchbar and search for cleanup and click on "Disk Cleanup".
• Press the Windows + R key on your keyboard, enter cleanmgr.exe, and click on "OK".
• Open Windows Explorer or File Explorer (Windows 10), right-click on the (C:) drive, choose "Properties" and click on "Disk Cleanup" (General tab).

2. Select the Windows drive (when asked for and if not already selected).

(C:) is the default installation location for Windows.

3. Click on "OK".

The tool will now calculate how much disk space you will be able to free on your system drive.

4. Select the type of files you want to delete. I always select everything.

5. Click on "OK".

6. Click on "Delete Files".

This may take a while. The time it takes depends on how many files need to be deleted. When it's finished the tool will close by itself.

Step 3: Full System Scan with Your Antivirus Software

Look:

Your antivirus program may missed the malware that has infected your PC the first time.

But:

Antivirus companies update their virus definitions hourly, daily or weekly, so it's possible that the malware that has infected your PC has been added in the last update.

First update your antivirus software and then run a full system scan with the program.

Step 4: Kaspersky TDSSKiller

Kaspersky TDSSKiller detects and removes the following malware:

• malware family Rootkit.Win32.TDSS
• bootkits
• rootkits

You can download the latest official version of Kaspersky TDSSKiller here.

1. Open TDSSKiller.

2. Accept the "End User License Agreement".

3. Accept the "KSN Statement".

4. Click on "Change parameters".

5. Select "Detect TDLFS file system".

6. Click on "OK".

7. Click on "Start scan".

TDSSKiller will now scan for malware.

This scan will only take about 30 seconds till a minute.

When the scan is completed it will show you the results of the scan.

8. If malware is detected, then click on "Continue" to remove the infections.

Step 5: Malwarebytes

Malwarebytes detects and removes all kinds of malware like computer viruses, spyware, rootkits, trojan horse, worms, and more.

You can download Malwarebytes here.

When you install Malwarebytes it will automatically enable a two week trial version of the premium version, but if you don't want the two week trial, then you can easily disable it in the settings.

Enable 'Scan for rootkits'

1. Open Malwarebytes.

2. Click on "Settings" (located at the left side).

3. Click on "Protection" (located at the top).

4. Go to "Scan Options".

5. Turn on "Scan for rootkits".

Note: You will only have to change this setting once.

Remove Malware

1. Open Malwarebytes.

2. Click on "Scan Now".

Malwarebytes will first look for updates and then it will scan for malware.

This may take a while (about 20 till 30 minutes).

When the scan is completed it will show you the results of the scan.

3. If malware is detected, then click on "Remove Selected" to remove the infections.

Malwarebytes may ask you to restart your PC.

Step 6: Kaspersky Virus Removal Tool

Kaspersky Virus Removal Tool is another tool for removing malware.

You can download Kaspersky Virus Removal Tool here.

1. Open Kaspersky Virus Removal Tool.

2. Accept the "End User License Agreement".

3. Click on "Change parameters".

4. Select (check) "System drive" and click on "OK".

5. Click on "Start scan".

Kaspersky Virus Removal Tool will now scan for malware.

This may take a while (about 30 till 45 minutes).

When the scan is completed it will show you the results of the scan.

6. If malware is detected, then click on "Continue" to remove the infections.

Step 7: ESET Online Scanner

ESET Online Scanner is one of the best free online second opinion scanner that can be used for scanning and removing malware.

You can download ESET Online Scanner here.

Click on "SCAN NOW" to start the download of this tool.

1. Open ESET Online Scanner.

2. Accept the "Terms of Use".

3. Choose between:

• Enable detection of potentially unwanted applications
• Disable detection of potentially unwanted applications

4. Click on "Scan" to start the scanning process.

This may take a while (about 30 till 45 minutes).

When the scan is completed it will show you the results of the scan.

5. If malware is detected, then choose one of the following options:

• Select the threats you want to delete and click on "Clean selected".
• Click on "Clean all".

6. Now you will have the following (optional) option: "Delete application's data on close".

7. Click on "Finish".

Step 8: Emsisoft Emergency Kit

Emsisoft Emergency Kit contains a collection of programs that can be used without installation to scan for malware and clean infected computers.

You can download Emsisoft Emergency Kit here.

1. Open Emsisoft Emergency Kit.

2. Click on "Malware Scan".

Emsisoft may ask you to detect potentially unwanted programs (PUPs).

Emsisoft Emergency Kit will now scan your computer for malware.

When the scan is completed it will show you the results of the scan.

3. If malware is detected, then choose one of the following options:

• Quarantine selected
• Delete selected

Step 9: Windows Defender Periodic Scanning (Windows 10 only)

Windows Defender Periodic Scanning will periodically scan your PC for malware and will remove malware it finds. It's intended to offer an additional line of defense to your existing antivirus program's real-time protection. You can also perform manual scans with this feature.

Enable Windows Defender Periodic Scanning

1. Open "Settings".

2. Open "Update & Security".

3. Click on "Windows Defender" (left sidebar).

4. Go to "Limited Periodic Scanning" and turn it on.

Perform a Manual Scan with Windows Defender

1. Go to the Windows notification area in the taskbar.

2. Right-click on the Windows Defender icon and choose "Open".

3. Go to "Scan options" and select "Full".

4. Click on "Scan now".

Windows Defender will now scan your system.

This may take a while.

When the scan is completed it will show you the results of the scan.

5. If malware is detected, then you can check the results and choose to apply the action(s).

That's it. I hope your PC is clean and that you've learned enough about malware.

Maybe you're also interested in:

• Important Computer & Internet Security Information & Tips
• Computer Virus: Types, Symptoms, Protection & Removal
• How to Build Your Own PC & Internet Security Suite For Free
• How to Remove Malware (computer virus, spyware, rootkit, trojan horse, worm, etc..) from your PC
• How to Install, Setup & Turn Off Avast Free Antivirus
• Windows 10 Security Tips & Is Windows Defender good enough?
• Cyber Security

Reference(s):

• Wikipedia: Malware
• Webopedia: Spyware
• Wikipedia: Adware
• TechTarget: Rootkit
• Kaspersky: Trojan Horse
• PCTools: Worm
• Kaspersky: Computer Viruses vs Worms
• TrendMicro: Ransomware
• Webopedia: Keylogger
• Norton: Botnet
• HeimdalSecurity: Warning Signs that Your Computer is Malware-Infected
• LastLineLabs: Antivirus Isn't Dead, It Just Can't Keep Up
• GCN: Is antivirus now useless?
• Kaspersky: Why Using Multiple Antivirus Programs is a Bad Idea
• Microsoft: Stop using SMB1
• TheWindowsClub: Why and how to disable SMB1 on Windows 10/8/7