Starting from scratch is the only malware cure
If you discover malware on your system, don't mess around. Back up your data, format your hard drive, and begin again
Follow @rogeragrimesMost people I meet who have found malware on their computer regale me with a cat-and-mouse story of the fight and the painstaking steps they had to take to remove it. When it comes to battling today's malware, the plot shouldn't have so many twists and turns. I've got an easier answer.
In the old days (i.e. just two or three years ago), most malware programs were harmless -- annoying, yes, but ultimately benign. They were mainly ways for tech-headed teens to show they could do something neat. Their creations would replicate files, modify the computer in a funny way, or pull a goofy prank -- maybe play a tune, print out a joke, or display a dramatic but fake warning. Only a small percentage of viruses or worms did something intentionally harmful.
[ See Roger's guide to browser security and security reviews of Chrome, Firefox, Opera, Internet Explorer, and Apple Safari. See also his comparison of Web browser security tools, "Sandbox security versus the evil Web." ]
Fast forward to today, and 99 percent of malware is crimeware designed to hurt you financially. If you discover that a malware program is active on your computer, you don't want to take any chances. Even if your antivirus program tells you it is simple adware, don't take any chances. Go to full eradication.
Today's malware exists to steal your money, whether it be through your identity, passwords, data, or bank account. There is no way to tell how the malware has modified your computer beyond the rogue executables you or your antivirus program has found. There is no antivirus removal program that can be guaranteed to have completely cleaned your machine. Your livelihood is at stake. So don't fight malware -- eradicate it!
Immediately unplug the computer in question from the network. This will prevent the computer from receiving additional commands from its remote user or command-and-control server.
Back up all your data, which you should have been doing all along, anyway. To make things simple, I back up all personal data to a single folder. You may want to make sure you back up your e-mail, browser favorites, and preferences files.
