Carnegie Mellon University Website Home Page
 

Steps to Clean Your Windows Computer

Important Note: Due to the wide variety of malware and the constantly changing tactics employed, completing the steps below does not guarantee your computer will be clean.  Additional steps may be required for your specific situation that are beyond the scope of this guide.  In some cases the damage done by the compromise may be so extensive that it may be more practical to backup your data and reinstall Windows.


Before You Begin

Before you begin to use this document, take note of the following:

  • Faculty, staff or students employed by the university who suspect that the security or privacy of their work-related computing resources has been compromised, should follow the Procedure for Responding to a Compromised Computer.  This is especially important if the computing resource stores data that the University defines as restricted.
  • If your computer is managed by a departmental administrator or DSP consultant, you should refer to them for help with cleaning your computer.

Step 1: Change Passwords

If your computer has been compromised by a malware attack, any passwords you may have typed on this computer should be CHANGED. This is an important precaution since:

  • malware may include a keystroke logger which records what you type
  • malware may search your computer for saved passwords
  • any passwords found may be sent to the people who compromised your computer

Change passwords for your online accounts (e.g. administrative work accounts, Andrew accounts, other email accounts, financial accounts for online banking & credit cards, Facebook, MySpace, Instant Messenging, Netflix, iTunes, etc.).


Step 2: Download, Install and Run Malwarebytes' Anti-Malware

Malwarebytes developed a tool that can identify and remove malicious software from your computer. Follow these steps to download and install Malwarebytes' Anti-Malware:

  1. Download Malwarebytes.
  2. Once the download is complete, double-click the Malwarebytes installer icon to run the installer.
  3. Through the installation process, accept the default responses. When you click Finish, make sure that the options to Update and Launch the software are checked.
  4. Once Malwarebytes launches and the Malwarebytes' Anti-Malware screen appears, select the Update tab and then click the Check for Updates button.
  5. Once any updates are loaded, select the Scanner tab, select the Perform quick scan radio button and then click Scan. The scan may take a few minutes.
  6. When the scan is complete, it will show you all of the potentially harmful files on your computer. Click the Remove Selected button to remove them automatically. Malwarebytes' Anti-Malware creates a log file of the results.

Step 3: Check Your Computer

Walk through some of the processes that had been causing problems and do one of the following:

  • if the problems seem to have been corrected, proceed to Step 4: Uninstall AntiVirus
  • if the problems HAVE NOT been corrected, you may need to back up your files (as applicable), wipe out your hard drive, and reinstall your operating system. This can be a lengthy process that is NOT geared to the novice user. For a fee, this service is available through SARCOM via the Computer Sales desk in the University Store.

Step 4: Uninstall/Remove AntiVirus

Malware infections tend to damage antivirus software. Assuming that you were running an antivirus program, follow the appropriate steps below to uninstall it:

  1. Select Start > Control Panel.
  2. Do one of the following:
    • On Windows 8 from the tiled start menu, scroll your mouse over the hotspot located to the bottom left corner of the screen and right-click on the thumbnail. Select Control Panel from the context menu, then click Programs and Features.
      Note: You may also have to turn off Windows Defender from the Control Panel. Within Windows Defender, click the Settings tab and uncheck "Turn on real-time protection," then click Save changes.
    • On Windows 7, under Programs, select Uninstall a program.
  3. Scroll down through the list until you find the antivirus program (e.g., Symantec AntiVirus, McAfee, etc.) select it and then click Remove or Uninstall.
  4. Next, verify that the removal worked by following the appropriate steps below:
    • Windows 8:
      1. From the tiled start menu, scroll your mouse over the hotspot located to the bottom left corner of the screen and right-click on the thumbnail.
      2. Select Control Panel from the context menu.
      3. Click Programs and Features.
      4. If the name of an antivirus software program appears, (e.g.,  Symantec AntiVirus, McAfee, etc.) the removal DID NOT work completely; there may be a fragment of the program left. Make note of the antivirus software name.
        Note: Click Windows Defender in the Control Panel to verify that Windows Defender is off.
    • Windows 7:
      1. Sart Control Panel
      2. Under System and Security, select Review your computer's status
      3. If the name of an antivirus software program appears, (e.g.,  Symantec AntiVirus, McAfee, etc.) the removal DID NOT work completely; there may be a fragment of the program left. Make note of the antivirus software name.
    • If removal fails, refer to the following vendor sites for addtional help with uninstalling it:

Step 5: Download, Install Symantec Endpoint Protection

  1. Download Symantec Endpoint Protection to your desktop.
  2. Once downloaded, double-click the Symantec icon to run the installer. As you progress through the installation, accept the default responses.
  3. If Symantec fails to install, repeat the processes in Step 4 to remove any fragments of the program, and then try the install again.

Step 6: Run Live Update

Once Symantec is properly installed, launch the program and click the LiveUpdate button to download the latest virus definition files. 


Step 7: Boot into Safe Mode

Follow these steps to boot your computer into Safe Mode.

Note: You will be unable to boot into Safe Mode if Windows required system files are corrupted. While in Safe Mode, you will only have access to very basic drivers, mouse, monitor, keyboard, etc.

  1. Click Start > Shut Down.
  2. Select Restart.
  3. Depending on whether you have multiple operating systems loaded on your computer, follow the appropriate step below:
    • If your computer offers only one operating system, begin tapping the F8 key before your machine reaches the Microsoft Window's display screen.
    • If your computer offers multiple operating systems, select the appropriate operating system from the list, then begin tapping the F8 key.
  4. Use your up or down arrow keys to select and highlight Safe Mode with Networking. Press Enter.
    Note: NUM LOCK must be off before the arrow keys on the numeric keypad will function.
  5. Select the appropriate operating system. Your computer boots into Safe Mode.

Step 8: Run Symantec Full Scan

  1. While in Safe Mode, launch Symantec Endpoint Protection.
  2. Select Scan for Threats and then select Run Full Scan.
  3. The scanning process begins. The duration of the scan depends on the total size of the files on your computer and may take hours to complete. Once complete, the software will display any problems that it has found and will provide further instructions.
  4. To exit Safe Mode, restart your computer as your normally would.

Step 9: Enable Firewall and Verify/Change Passwords

A firewall restricts network access to your computer. Firewalls can also make your computer "invisible" to the outside world so that it does not become an easy target for a malicious attacker.  You should also verify that an Administrator account and password has been established. Passwords should ALWAYS be changed if your computer is compromised, even if you just restore from a backup. Follow steps at:


Clean? Keep it that way

Once your computer is free from infection, keep it that way!  Follow the Secure Your Computer steps.

Last Updated: 12/5/13