Stopping malicious processes is the first step at malware removal, however it is never sufficient. After reboot malware will come back, so one has to stop the processes from starting on system startup.
The best way to do so is scanning with automated anti-malware tools like spyhunter and removing malware completely. However, one can do so manually for free as well.
NOTE: In most of the cases you should try to stop malicious processes prior fixing startup entries. Scanning with spyhunter will help to identify startup entries that needs to be modified.
Using MSConfig to stop startup entries
- Press Start
- Enter MSConfig in search box, do not click enter
- Right-click on MSConfig
- Choose run as administrator from menu
- Go to startup tab
- Go through startup items and disable malicious ones. Most of processes launched from your user folder, especially temporal, are not safe and will not cause any harm if disabled.
- Reboot.
- Proceed to complete malware deletion
Using Hijackthis to remove malicious startup entries
Hijackthis is wonderful utility owned by TrendMicro. It can be downloaded from trendmicro, but if you fail to launch it, you can try this version instead. Note, that hijackthis scan can not determine which items are good or bad, so you need to remove the items that are clearly BAD.
- RightClick on hijackthis.
- Launch as administrator (on Vista/7) or run normally on XP.
- Do a system scan
- Go through various items, paying especial notes to O4 (startup items) and mark malicious ones.
- Press fix sellected
- Follow instructions and reboot.
- Proceed to complete malware deletion
Note, that there are rootkits and other forms of malware that are not listed on hijackthis log due to specific tricks used to start.
If you removed startup entries successfully, you should not see less or none malware symptoms after reboot. That does not mean that there is no malware in your PC. This can be proven by running multiple passes of various security tools, including antimalware tools like spyhunter, Malwarebytes Anti-Malware, Hitman Pro and decent antivirus. Some of parasites reside in locations that are not covered in these startup locations (for example, in master boot record) and require specific manual.
The next step should be Spyhunter with anti-malware tools or decent antiviruses, unregistering malicious DLLs and removing malicious files.
