Decontaminating a Compromised System

  1. Disconnect the contaminated system from the Internet.
  2. Backup all documents, photographs, music, and other important user data, if you are going to be re-installing the entire operating system.
  3. Look in the event logs to see when any suspicious events happened, such as the installation of remote control software for example.
  4. Remove all remote control software and other programs that were installed at the same time.
  5. Go into System Properties and disable Remote Assistance connections.
  6. Disable all remaining remote support capabilities (such as services upon which programs like ‘TeamViewer’ and ‘LogMeIn’ rely.
  7. Run Malwarebytes Anti-Malware (if you have difficulty running this program then you will need to run MBAM Anti-Exploit first to kill off self-protecting malware).
  8. Reboot the system.
  9. To increase coverage, run another program for removing malicious software, such as Spybot Search & Destroy or SuperAntiSpyware.
  10. Update the operating system to the maximum possible extent, then update all applications that are out of date and represent possible security risks.
  11. If official support for the operating system has ended, consider installing an alternative operating system such as Linux Mint alongside or in place of the outdated one.
  12. Change all passwords, including those for logging in to the computer, fetching and sending e-mail, connecting wirelessly to the router, gaining administration access to the router, etc.
  13. Log in to the router and check the DNS settings (they will probably point to the Internet Service Provider’s DNS, but you could set the primary DNS to ‘8.8.8.8’ and the secondary DNS to ‘8.8.4.4’ to use Google’s facilities).
  14. Check that ‘/etc/hosts’ has not been contaminated (the anti-malware programs run earlier should have done this, but it never hurts to inspect this file personally).
  15. Re-connect to the Internet, then download and install a good free anti-virus program such as Avast Free Antivirus.
  16. If you are limited for time, run a Smart Scan, but if you have plenty of time then run a boot-time scan (it is a good idea, when running a boot-time scan with Avast Free Antivirus, to allow the program to download and install additional definitions before starting the scan).
  17. Use ‘autoruns’ to switch off any remaining suspicious processes.
  18. Use ‘services.msc’ to to switch off unnecessary services.
  19. Use ‘CCleaner’ to remove unnecessary files and registry entries.
  20. Optionally use ‘BleachBit’ to remove even more unnecessary files.