Step-by-Step Guide

Remove malware step 3 - Check obvious places

Check all the obvious places such as your Windows startup folder, the Startup tab in msconfig, and any registry keys referencing this program under HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current Version/Run in regedit. Also, you cannot underestimate malware that's located in a seemingly benign directory such as the Windows temp directory. It's therefore important to run a full system scan.

    Requires Free Membership to View


Remove malware step-by-step

  Introduction
  Step 1: Use several tools
  Step 2: Try free tools
  Step 3: Check obvious places
  Step 4: Dig deeper
  Step 5: Unload infected software
  Step 6: Disable system restore, reboot in safe mode
  Step 7: Check for software corruption or hardware problem
  Step 8: Don't rely solely on a search engine
  Step 9: Check for vendor-specific removal tools
  Step 10: Hash suspect files
  Step 11: When in doubt, reload
  Step 12: Create a formal security incident response plan

About the author
Kevin Beaver is an independent information security consultant, author, and speaker with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments. Kevin has written five books including
Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver @ principlelogic.com.

This tip originally appeared on SearchWindowsSecurity.com.

This was first published in February 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: