Clean an Infected Computer via Safe Mode with Networking
What is Safe Mode with Networking?
To understand Safe Mode with Networking, you must first understand safe mode. The idea behind safe mode is actually quite simple: it is a boot mode in Windows that launches a minimal set of device drivers while disabling nearly every startup item (i.e. only necessary startup items are loaded upon booting into Windows). Safe mode is useful for troubleshooting problems that may arise with your PC, such as removing malware.
As the name suggests, Safe Mode with Networking follows the same rules as safe mode (e.g. minimal drivers loaded, startup items disabled, etc.), with the addition of network adapter drivers being loaded. Thus, Safe Mode with Networking is useful whenever you need to troubleshoot your computer, but also require an Internet connection.
Why Does Safe Mode with Networking Work for Malware Removal?
When malware has infected your PC and you boot into Windows normally, 99.99% of the time, the malware becomes active along with the rest of the drivers, programs, and more that usually load as well. This makes removing malware completely next to impossible, as the moment you reboot your computer and boot into Windows normally, the malware will reload as well. In some cases, the malware will reinstall itself the moment you remove it while booted into Windows as usual as well. To put it simply, think of malware as having a “defense mechanism” that cannot be fully uninstalled whenever you are booted into Windows normally. The malware has the ability to automatically reappear after you attempt to remove it thanks to the “defense mechanism,” meaning you need a more discrete “plan of action” for removing the malware.
That is where booting into Safe Mode with Networking comes into play. Because drivers, startup items, and more fail to load when booting into Safe Mode with Networking, so too does the malware fail to load as well. And do you know what else fails to load? The malware’s “defense mechanism” we discussed a second ago. Thus, by properly removing the malware, you will also remove the “defense mechanism” we discussed a second ago, meaning the malware is fully removed from your computer.
Windows XP / Vista / Windows 7
Turn Your Computer Off
In order to access Safe Mode, we first need to turn the infected computer completely off. It’s important to fully power the computer down. Going into Standby Mode or Hibernate will not work.
Power On, then start tapping F8.
Once you’ve powered the computer back on, you can then start tapping the F8 key on your keyboard.
Select Safe Mode with Networking
Using the arrow keys on your keyboard, highlight Safe Mode with Networking, and press Enter.
Log into your User Account
Once your computer reaches the log on screen, you can now type in your password and log on to your account.
Keep in mind: Getting into Safe Mode can be tricky with Windows 8. If you’re unable to get in: drop us a line.
Restart your computer
It’s as simple as that. Go ahead and reboot the computer normally.
Use Keys to Enable Advanced Bootup
At the login screen, hold the Shift key, while also using your mouse to select the Reboot button.
Select Select Safe Mode with Networking
After booting into Safe Mode with Networking, continue the removal guide below.
The Cleanup Process
Now that we’ve booted into Safe Mode with Networking, we need to start cleaning up the system. The following programs should be run in order. Each program serves its own purpose, and no single program will fully clean up your computer. If you’re having trouble with any of the steps below, leave a comment and a technician will respond with suggestions.
Get Rogue Killer
RogueKiller is a fantastic little program that will check for hijacked registry keys, your PC’s processes, and various other areas that malware infects. It’s absolutely free and takes only a few minutes to open and run. You can download RogueKiller from the author’s website or below.
Version:FREE (32Bit / 64Bit)
Download and Save RogueKiller
Download the proper version of RogueKiller to your computer, ensuring it’s saved in a location you can access (Desktop works best!) Most new computers will require the 64-Bit version, while some of the old systems, such as Windows XP, require the 32-Bit version. It’s not a big deal if you accidentally download the wrong version, simply re-download the proper version if it won’t run.
After you have downloaded RogueKiller, double-click the program to launch it. Allow RogueKiller to load, select Accept on the prompt asking you to agree to the EULA statement.
Start the Scan
Now that we have RogueKiller open, go ahead and click the scan button. It may take a few minutes to finish scanning your computer.
Delete all Malicious Files Detected
After RogueKiller has finished scanning, it may have found a few detections. If this is the case, select Delete. Once the malicious files have been deleted, close the program.
Download Malwarebytes Anti-Malware
The second tool we’re going to run is called Malwarebytes Anti-Malware. This software is no doubt, the most effective software available. The software is absolutely free, yet there is a paid version (Malwarebytes Anti-Malware Pro) available for only $25. If you can afford to purchase the full version, it is worth it as it will provide real-time protection against malware going forward.
- Price:FREE / $24.95 USD (Lifetime)
- Free Version:Malware Scanner Utility (No Protection)
- Pro Version:Malware Scanner + System Protection
Install Malwarebytes Anti-Malware
Install Malwarebytes Anti-Malware in the same way as you would install any other program. After the installation process has completed, it is time for you to scan your computer thoroughly.
Run Full Scan with Malwarebytes Anti-Malware
Choose Full Scan, select the C: drive, then select Scan. Your PC will be scanned for malware, and once the scanning process has finished, it is time to look at what was found
Removing the Infected Files
Choose the infected files found within Malwarebytes Anti-Malware, and select Remove Selected. This will delete the infected files completely. Once deleted, the software may prompt you to reboot your computer. This is normal. Go ahead and let Malwarebytes reboot the computer.
Remove Browser Hijack/Extensions
Another important aspect of malware removal is browser hijacks and extensions. If your web browser is packed with junk toolbars, extensions, and other plugins, there is a much higher chance of malware sneaking into your computer. AdwCleaner is our tool of choice when it comes to cleaning this part of the system. Instead of having to manually remove each one, AdwCleaner takes care of everything in 1 click.
- Software Type:Adware / Spyware Cleaner
After you have downloaded AdwCleaner, double-click on the program. AdwCleaner will be installed and open it’s main interface.
Once you have AdwCleaner open, go ahead and click the scan button to allow AdwCleaner to look for junk on your computer.
Delete the Detected Files
Select Delete to begin the removal process of the infected files. After the files have been removed, a window will display that asks you to close any open programs. Select OK so your PC can reboot. AdwCleaner will automatically reboot your computer.
Log Back Into Windows
Once you’ve logged back into Windows, AdwCleaner will open a document with a log of all the junk it removed. It’s safe to close this window.
Open Your Web Browser
Check to see if your web browser does not have any toolbars and/or other annoying pieces of malware do not load (e.g. hijacked pages loading, browser extensions you did not install, etc.). If everything looks clean, then that’s great!
Check for Hidden Infections
Some modern computer infections can remain hidden, even after the first few scans. It’s a good idea to run a quick scan to ensure the computer really is clean. To do this, we recommend TDSS Killer by Kaspersky.
Download and Install TDSSKiller
TDSSKiller is free, fast, and extremely effective.
KASPERSKY TDSS KILLER
- Software Type:Specialty Malware Removal Utility
- Author:Kaspersky Labs
Run Scan With TDSSKiller
Select Start Scan to scan your PC for rootkits. Once the scanning process has finished, a screen will be displayed that states whether or not any infections were found on your PC. If an infection was not found, then great; you’re all done! However, if an infection was found, read on to remove the found infections.
Remove Found Rootkits
Select continue to allow TDSSKiller to clean the infections. It’s generally safe to leave any found infections to their default settings. If you’re unsure of something, drop us a comment below.
After the infected files found have been cleaned, select Reboot Now to reboot your PC.
Clean Junk Files and Registry
CCleaner is an incredible utility that removes unused files, temporary Internet files, cache, cookies, and more from your PC so that it can run much more optimally. In a sense, CCleaner removes the “gunk” from your computer, allowing you to free up hard disk space and system resources. It’s a great way to put the finishing touches on removing malware from your PC, and a great program to use a few times per month.