If you suspect your computer is infected with Malware:

For a computer located and maintained in the Mathematics Department

Disconnect the network cable (looks like a phone cable but has 8 wires instead of 4, so it is wider) and contact either Dave or Jason at x33486.

For a computer not located in the Mathematics Department

1. If you have Microsoft Windows Defender installed, go here.
2. If you have Microsoft Security Essentials installed, go to this external site.
3. If you have some other anti-malware software, you will need to follow the instructions for that software.  Check Google, or your preferred search engine, and find instructions on your particular software if you can't find it on your computer.
4. If you don't have any anti-malware software, it will be more difficult to remove as it is harder to install properly if your computer is already infected.   You can try these instructions to boot from a USB drive where you can try to clean malware from your PC.  Then, you might be able to install Windows Defender and follow the link in Step 1.

Following the instructions above might help to remove the malware (a collective term used to describe adware, spyware or viruses).   But since malware is always evolving, and no program is 100% effective, there is no guarantee that your computer will be cleaned completely.  Sometimes, in the worst cases, the best solution is to re-install Windows.

The instructions below assume you have Windows Defender installed.

Faculty, Staff and Students at UH should have McAfee VirusScan Enterprise 8.5 or 8.8 installed, but is mainly used as an anti-virus, but does catch some malware.

Instructions:

1.	Restart the infected computer and go into Safe Mode.  (This is necessary so that malware is not running to stop you from removing it.) When Windows shuts down and the screen goes blank, after a second or two, the screen will have some text or a graphic (Dell usually has a Dell Graphic that fills the screen). Start pressing the <F8> key repeatedly and a boot menu screen should appear.  (If the Windows boot screen appears, you can either hit the reset button on the PC, if it has one, or try pressing <Ctrl> + <Alt> + <Del> together to reboot, or wait until windows is loaded and reboot again.  Start pressing the <F8> key sooner.) At the top of the boot menu is an option for "Safe Mode" and another for "Safe Mode with Networking". If you already have Windows Defender installed, you may not have the latest updates.  Choose "Safe Mode with Networking". If you have access to another computer with internet access which is not infected and a USB disk or other removable media that both computers can use, then select "Safe Mode". If you have the latest programs and updates on a USB disk, you can also select "Safe Mode". If you are using some other Anti-Malware app(s) and have the latest version(s), but not the latest updates, select "Safe Mode with Networking". Else, just select "Safe Mode with Networking". Use the <up> and <down> arrows to select the proper choice and press <Enter> or <Return>.  You may have to press <Enter> or <Return> twice. Windows should boot into Safe Mode.  You’ll know because a window will appear and tell you you’re in Safe Mode.   Then you will have to click on the OK button.
2.	If you already have the latest version of Defender installed, skip to Step 4.
3.	To install Windows Defender. If you have the programs on a USB disk, then plug in the USB disk and copy the file(s) to the infected computer. Else, if you chose "Safe Mode with Networking", then download the programs from the following links. Download Defender from http://www.microsoft.com/windows/products/winfamily/defender Download the Defender updates from http://www.microsoft.com/security/portal/ADL.aspx Be sure to remember where you save the files, if you are using the infected computer.
4.	To update Defender. If you have the updates on a USB disk, then you should have a file named: mpas-fe.exe.  Run this file and it will update Defender. Else, if you chose "Safe Mode with Networking" then allow the programs to update themselves after installing.
5.	Defender doesn't place an icon on the Desktop, but instead puts it in the Start Menu under Programs.  It should look similar to this.  .  For help on using Defender see this page.
7.	If this is a machine maintained by the Math Department, then the Windows Defender listing will be under the Start/Programs/Accessories/System Tools menu.
8.	Run Defender and from the Scan Menu choose Full Scan and wait for the scan to finish.  Once Defender finishes the scan, if it finds any suspicious or suspected malware, it will show the list of all items found and allow you to delete, quarantine or ignore each item.  If you are unsure about the item, quarantine it as this should disable the item and move it to a safe storage where you can either restore it or delete it later.
9.	On the desktop, you may have an icon for Internet Explorer.  If not, go to the Control Panel and choose the Internet Options icon (In XP, you might have to open the Network and Internet Connections icon first.)  Open the Internet Options.  In the Temporary Internet files area, click on the Delete Files...button.  Then check the Delete all offline content and click Ok.  Then In the History area, click the Clear History button and then click Yes.  This will get rid of any other leftover crap from any unfriendly webpage.
10.	If you use another browser, like Mozilla, Firefox, Opera, or some other one, you might also want to clear it's temporary files.  You can do this using the browsers preferences or manually.  The temporary files are usually stored in your profile.  Check your browsers settings to see the location of the temporary files cache.  For an example, Firefox uses subfolders under"C:\Documents and Settings\ {your username} \Local Settings\Application Data\Mozilla\Firefox\Profiles", just look for a sub-folder named "cache".
12.	Also, you might want to delete temp files created by Windows and other programs.  Look in "C:\Documents and Settings\ {your username} \Local Settings\Temp" and "C:\WINNT\Temp" or "C:\Windows\Temp" and delete whatever is there.  This is just good to do in general as Windows usually keeps temp files forever which uses up disk space.
13.	Go to the Control Panel and open Add/Remove Programs.  Uninstall any suspicious programs you don't know about. If you are unsure about some of the programs, either ask someone else or check on the name of the program on another computer.  Web searches should give you enough info to know whether you should have it or not.  Some programs will not uninstall in Safe Mode, so write down the names of these programs and when you boot back into normal mode, then uninstall them.

Now, you should be able to reboot and all should be ok.

Sometimes, infections are so serious that the only way to get rid of them is to do a more aggressive, and complicated, procedure.  Other times, you have to just give up and re-install Windows.  Hopefully the above procedures fixed the problem.  If not, then more instructions can be found on other websites.  Or, I or someone else, can do it for you.  Depending on who you get to do this, it can get expensive if the infection is really, super-bad.

One thing that can help stop future infections is to make sure an Anti-Virus and Anti-Malware are installed and updated.  McAfee Enterprise Anti-Virus is provided by the University from a site license which allows free use fro Students, Faculty and Staff.  You can download it from here.

Last revised: September 6, 2011 20:32