Windows是世界上最流行的操作系统,恶意软件编写者希望将其作为目标。结果,为它编写了许多恶意软件和恶意软件。这使人们错误地评论说Windows不安全;当事实实际上并非如此!恶意软件(Malware)可能是病毒、广告软件、间谍软件、勒索软件、恐吓软件、BOT、后门(Backdoor)、利用木马(Exploits Trojan)、Rootkit、拨号程序(Dialer)、木马(Trojan)、蠕虫(Worms)、 无文件恶意软件(Fileless malware),甚至可能是不需要的程序(Potentially Unwanted Programs)。
如何从Windows 11/10
这些恶意软件通常通过电子邮件中的附件或即时消息传播。您甚至可以在浏览危险网站甚至知名但受到威胁的网站时发现它。您最终可能会在不知不觉中甚至在知情的情况下将其下载到您的计算机上,或者如果您将朋友受感染的USB驱动器连接到您的 PC,您可能会发现它。它们可以是有趣的图像、贺卡、音频和视频文件,也可以隐藏在盗版软件、恐吓软件或流氓软件中。
您的计算机可能被入侵的典型症状有很多,并且有多种方法可以判断您的计算机是否感染了病毒(tell if your computer has a virus)。
从Windows Vista开始,微软(Microsoft)在操作系统中引入了许多安全功能,这些功能在Windows 7和Windows 8中得到了进一步的改进。尽管如此(Nevertheless),如果您的计算机感染了恶意软件,有一些方法可以消除恶意软件感染,并且在大多数情况下它们都会成功!但是在尝试任何事情之前,请务必将所有重要数据备份到外部设备,因为在系统发生故障时,您至少可以使用该数据。
阅读(Read):您可能会从防病毒扫描中排除的 Windows 文件和文件夹(Windows files and folders you may exclude from Antivirus scans)。
(Malware Removal Guide)适用于Windows 11/10恶意软件删除指南
确保(Make)您的Windows 操作系统(Windows OS) 已完全更新,并安装了最新的 Windows 更新(latest Windows Updates)。
运行Junk Cleaner以清除您的 PC 垃圾和临时文件 - 包括您的Cookies、Flash Cookies和Java Cache 文件夹。CCleaner是一款不错的免费软件!Temporary Internet Files 文件夹曾经是特洛伊木马下载(Trojan Downloaders)器和其他从 Internet 下载的恶意软件的典型位置。但是,由于缓存(Cache)现在被视为具有低权限的虚拟文件夹 - 以减轻这些威胁。删除所有垃圾也将减少扫描时间。
更新您的防病毒软件并运行全面深入的系统扫描(run a full in-depth system scan)。在发生严重恶意软件攻击的情况下,安全模式或启动时扫描(safe-mode or a boot-time scan )始终是首选方式。因此,如果您的防病毒软件可以选择在启动时运行扫描,那么最好这样做。否则尝试在安全模式下运行扫描。杀毒软件在安全模式下(Safe Mode)更容易捕获和删除病毒。要进入安全模式(Safe Mode),请在计算机启动时按住 F8 键。
有些杀毒软件可能无法在安全模式下(Mode)运行, 这种情况下你别无选择,只能在正常模式下运行。发现时删除所有发现的感染。如果您的防病毒软件无法删除病毒或受感染文件,请使用一些免费软件在重新启动时删除粘性受感染文件。这个有用的实用程序将在病毒有机会加载到内存之前在重新启动时删除病毒。您可能需要通过文件夹选项显示隐藏文件。(Show hidden files)
重启(Reboot)。您需要这样做,以便在重新启动时锁定删除的文件将被删除。现在您应该再次运行CCleaner,以清除残留的注册表(Registry)项和其他垃圾。如果您需要更多帮助,那么这篇文章将向您展示如何检查注册表中的恶意软件并手动删除条目(how to check the Registry for malware and manually remove the entries)。
这个基本通常可以解决大多数病毒感染的情况。但如果没有,这里还有一些针对特殊情况的额外提示。(This basic usually solves most cases of virus infections. But if it doesn’t, here are a few more additional tips for special scenarios.)
在线文件扫描仪
如果您的防病毒软件没有检测到文件是病毒,但您怀疑它可能是,或者如果您想对文件是否是病毒有第二意见,那么我建议您使用扫描该特定文件 具有多个防病毒引擎(如Jotti 或VirusTotal )的(VirusTotal)在线恶意软件扫描(Online Malware Scanners)程序。
按需扫描仪
尽管我们大多数人可能在我们的Windows计算机上安装了防病毒软件(antivirus software),但有时可能会有疑问,您可能需要第二个意见。虽然人们总是可以从知名安全软件访问在线防病毒扫描程序来扫描个人电脑,或者使用多个防病毒引擎使用在线恶意软件扫描程序扫描特定文件,但有些人更喜欢在本地安装独立的按需防病毒扫描程序。在这种情况下,您可以使用这些按需防病毒扫描程序(on-demand antivirus scanners)。
提示(TIP):测试杀毒软件是否正常工作(Test if Antivirus is working or not)。
检查可疑文件的身份
恶意软件可以命名任何东西,事实上,病毒编写者喜欢用一些合法的Microsoft进程或流行软件来命名它们。检查(Check)它位于哪个文件夹。如果听起来熟悉的进程位于System32文件夹中 - 它应该在哪里,它可能是合法的 MS 文件夹。但如果它位于其他文件夹中,则很可能是恶意软件试图将自身作为Windows进程传递。因此,搜索该文件,右键单击它并检查其属性(check its Properties)和详细信息。
阅读(Read):删除特定病毒的免费恶意软件删除工具(free Malware Removal Tools to remove Specific Virus)列表。
解决互联网问题
某些恶意软件变种会打开Internet代理服务器并劫持Windows DNS缓存,这可能会阻止您访问Internet或下载删除恶意软件所需的工具。因此,下载一个能够修复与Internet相关的问题的工具。试试迷你工具箱(MiniTool Box)。
重置代理设置
恶意软件可能会更改Windows Internet Explorer代理设置,而这些更改可能会阻止您访问Windows Update或任何Microsoft 安全(Microsoft Security)站点。将代理设置重置为默认值。您可能还需要运行IE 疑难解答 以将所有安全设置重置为其默认值。
恢复 Windows 功能
如果您发现任务管理器(Task Manager)、注册表编辑器(Registry Editor)、控制面板(Control Panel)、命令提示符等重要的(Command Prompt)Windows功能已被禁用,您可以使用我们的免费软件FixWin来启用它们。将Windows 安全设置重置为默认值。将Windows 防火墙设置重置(Reset Windows Firewall settings)为默认值。
Rootkit 和删除
Rootkit是一种 恶意软件,可防止自身被检测/删除软件检测到。因此,请安装一个易于使用的有效Rootkit删除工具。(Rootkit)Kaspersky TDSSKiller在这方面是可靠的,但您也可以尝试 Malwarebytes Anti Rootkit Tool。您可以使用粘滞键后门扫描程序来检测粘滞键后门。
浏览器劫持和删除
(Browser)当您发现您的网络浏览器的设置在未经您许可的情况下被更改时,就会发生浏览器劫持。在此处阅读有关浏览器劫持和免费浏览器劫持者删除工具(Browser Hijacking and Free Browser Hijacker Removal Tool)的更多信息。
勒索软件移除
勒索软件(Ransomware)病毒会锁定对文件或您的计算机的访问,并要求向创建者支付赎金以重新获得访问权限,通常通过匿名预付现金券或比特币(Bitcoin)允许。这篇关于如何防止(prevent Ransomware)勒索软件的帖子将建议采取措施以保持保护,并提供免费反勒索软件工具的(free anti-ransomware tools)链接。这是可以帮助您解锁文件的免费勒索软件解密工具列表。(Ransomware Decryptor Tools)如果你确实被感染了,那么这篇文章将向你展示在勒索软件攻击后该怎么做。(what to do after a Ransomware attack.) RanSim Ransomware Simulator会告诉您您的计算机是否受到勒索软件的保护。
宏病毒清除
如果Word(Word)或Excel的文件图标已更改,或者您无法保存文档,或者您的宏列表中出现了新的宏,那么您可能会认为您的文档已感染了宏病毒。在这种情况下,您需要采取紧急措施来删除宏病毒。
漏洞利用保护
计算机漏洞是任何软件、操作系统或服务中的一个“漏洞”,网络犯罪分子可以利用这些漏洞为自己谋取利益。漏洞利用遵循“漏洞”。如果网络犯罪分子在Internet或其他地方检测到任何产品的漏洞,她或他可能会攻击包含该漏洞的系统以获取某些东西或剥夺授权用户正确使用该产品的权利。 SecPod Saner Free、 Microsoft Baseline Security Analyzer、Protector Plus Windows Vulnerability Scanner、 Malwarebytes Anti-Exploit Tool和ExploitShield是可用于Windows的一些知名免费工具。,可以为您提供针对此类威胁的保护。如果您正在寻找免费的反可执行安全软件来保护您的Windows PC 免受恶意软件的侵害,请查看VoodooShield。
流氓软件和删除
这些天来,计算机用户正在遭受大量的流氓软件(Rogue Software) 和勒索软件(Ransomware),这些软件可能是用户自己下载的,而没有意识到这一点。所以请记住,不要被欺骗只下载任何软件 - 始终从您知道和信任的网站下载软件和免费软件。而且在安装的时候,千万不要盲目的点击Next-Next。请记住(Remember)取消选中您不想安装的 foistware 和工具栏。
Rogue Software又称Rogues、Scareware,伪装成安全软件,发出虚假警告,让您购买安全软件,盗版者从中获利。下载的软件可能包括更糟糕的恶意软件形式。勒索软件(Ransomware)将加密个人用户数据或阻止您的整个 PC。一旦你通过匿名服务支付了“赎金”,你的电脑就会被解锁。
如果被感染,您可能会在系统托盘中看到此类警告:
Warning! Your computer is infected! This computer is infected by spyware and adware
此外,在Internet上浏览时,如果您在弹出对话框中收到类似于警告的消息,请不要单击对话框内的任何内容。
Are you sure you want to navigate from this page? Your computer is infected! They can cause data lost and file corruption and need to be treated as soon as possible. Press CANCEL to prevent it. Return to System Security and download it to secure your PC. Press OK to Continue or Cancel to stay on the current page
而是press ALT + F4 on your keyboard to close the dialog box。如果在您尝试关闭对话框时不断出现诸如此类的警告,则表明该消息是恶意的。
While most antivirus software will also remove Rogues, you can if you wish also do the following: Boot into Safe Mode with Networking and try to uninstall the Rogue Software and Ransomware from Control Panel\All Control Panel Items\Programs and Features. Then navigate to the System Program Folder and delete all concerned folders. Run a registry cleaner after that. The Rogue may be easier to uninstall, but the Ransomware may not be!
使用Eset Rogue Applications Remover。这个免费工具将帮助您删除流氓软件或恐吓软件。HitmanPro.Alert是一款免费的勒索软件保护(Ransomware Protection)和浏览器入侵检测工具(Browser Intrusion Detection Tool)。CryptoPrevent是另一个方便的工具,它可以为您的计算机提供抵御Cryptolocker或任何其他类型勒索软件的屏障。Anvi Rescue Disk for Windows将协助删除勒索软件。HitmanPro.Kickstart将帮助删除勒索软件。
僵尸网络清除工具
我们已经看到了什么是僵尸网络。这些僵尸网络由远程攻击者控制,以执行诸如发送垃圾邮件或攻击其他计算机等非法任务。检测机器人的方法包括静态分析(Static Analysis)和行为分析。(Behavioral Analysis.) Botnet Removal Tools将帮助您从Windows计算机中删除Bot感染。您可能想阅读这篇关于如何知道我的计算机是否被黑客入侵(How do I know if my Computer has been Hacked)的帖子。
使用(Use)专门的恶意软件删除工具(Malware Removal Tools)
恶意代码(Code)变得越来越复杂,感染涉及的系统元素比以往任何时候都多。有时,当您的防病毒软件无法从您的计算机中删除病毒时,您可能需要下载并使用由Symantec(Symantec)、Eset、Kaspersky等知名安全公司发布的这些专门的独立免费工具之一。
删除持久性恶意软件
如果您需要删除持久或顽固的恶意软件感染和犯罪软件,请尝试免费软件Norton Power Eraser 或Emsisoft BlitzBlank。如果您的恶意软件阻止安装您的防病毒软件,或者如果已安装,则阻止其运行,请使用Malwarebytes Chameleon。
清洁计算机后,您可以执行以下操作:(Once your computer is clean, you may do the following:)
某些(Certain)类型的恶意软件的设计目的很邪恶——窃取密码、电子邮件和银行信息等个人数据。因此,建议您在清理计算机后更改所有密码。( change all your passwords)
创建一个新的 系统还原点(System Restore)。运行Windows 磁盘清理工具(Windows Disk Cleanup Tool) 以删除过去的还原点。
Microsoft发布了两个您可能感兴趣的工具。Windows 恶意软件防护工具 将帮助您加强Windows安全性,而Windows 安全疑难解答将修复 Windows 安全问题。
Remember, prevention is better than cure! Removing malware can be difficult as some of its variants are resistant to some anti-malware removal tools. So do make sure that you are taking all the precautions required to protect your Windows computer.
安全软件的有用链接:(Useful links to security software:)
- 免费 杀毒软件(Antivirus software) | 防火墙软件(Firewall software )| 适用于 Windows 的Internet 安全套件(Internet Security Suites)。
- 微软安全扫描仪(Microsoft Safety Scanner)
- Windows Defender 离线版
- Windows 恶意软件删除工具
- 卡巴斯基安全软件
- BitDefender 网络安全套件。
如果一切都失败了,删除恶意软件的唯一方法是重新格式化并重新安装 Windows。但是,当所有其他选项都失败时,您应该选择此作为最后的手段。(If all fails, the only way to remove malware is to reformat and reinstall Windows. However, you should choose this as the last resort when all other options fail.)
How to remove virus from Windows 11/10; Malware Removal Guide
Windows being the mоst popular OS in the world, malware wrіters want to target it. As a result, a lot of malware and malicious software аre written for it. This makеs people wrongly comment that Windows is not secure; when the fact іs actually otherwisе! Malware could be a virus, adware, spyware, ransomware, scarewarе, BOT, Backdoor, Exploits Trojan, Rootkit, Dialer, Trojan, Worms, Fileless malware and even Potentially Unwanted Programs.
How to remove virus from Windows 11/10
These malware typically spread through attachments in email messages or by instant messaging messages. You could even catch it while surfing dangerous websites or even reputed but compromised websites. You could end up downloading it to your computer unknowingly or even knowingly – or you could catch it if you were to connect your friend’s infected USB drive to your PC. They can be funny images, greeting cards, audio, and video files or hide in pirated software, scareware or rogue software.
The typical symptoms that your computer may have been compromised are many, and there are ways to tell if your computer has a virus.
Starting with Windows Vista, Microsoft introduced many security features in the operating system which were further improved upon in Windows 7 and Windows 8. Nevertheless, should your computer get infected with malware, there are ways to remove malware infections, and they succeed in most cases! But before trying out anything, do back up all your important data to an external device, because, in the event of system failure, you will be able to at least use that data.
Read: Windows files and folders you may exclude from Antivirus scans.
Malware Removal Guide for Windows 11/10
Make sure that your Windows OS is fully updated with the latest Windows Updates installed.
Run a Junk Cleaner to clear your PC junk and Temporary files – including your Cookies, Flash Cookies, and Java Cache folder. CCleaner is a good freeware! The Temporary Internet Files folder used to be a typical place for Trojan Downloaders and other malware downloaded from the internet. However, since the Cache is now considered as a virtual folder with low privileges – to mitigate against these threats. Removing all junk will also reduce the scan time.
Update your anti-virus and run a full in-depth system scan. A safe-mode or a boot-time scan is always the preferred way in case of a severe malware attack. So if your anti-virus has the option to run scans at boot time, best to do so. Else try to run the scans in safe mode. It’s easier for the antivirus to catch and delete the virus in Safe Mode. To enter Safe Mode, you keep pressing the F8 key when your computer is booting.
Some antivirus may not run in Safe Mode In such a case you have no choice, but to run in normal mode. Remove all found infections when found. If your anti-virus is unable to delete the virus or infected file, use some freeware to delete the sticky infected file on reboot. This useful utility will delete the virus on the reboot before it gets a chance to load in the memory. You may need to Show hidden files via your Folder Options.
Reboot. You need to do this so that files locked for deletion on reboot, will be deleted. Now you should again run CCleaner, to clear residual Registry keys and other junk. If you need more help, then this post will show you how to check the Registry for malware and manually remove the entries.
This basic usually solves most cases of virus infections. But if it doesn’t, here are a few more additional tips for special scenarios.
Online File Scanners
If your anti-virus does not detect a file to be a virus, but you suspect that it may be so, or if you want a second opinion on whether a file is a virus, then I suggest that you get that particular file scanned with Online Malware Scanners with multiple anti-virus engines like Jotti or VirusTotal.
On-demand Scanners
Even though most of us may have antivirus software installed on our Windows computers, there may be times of doubt, where you might want a second opinion. While one can always visit online antivirus scanners from well-known security software to scan one’s PC – or get a particular file scanned with an online malware scanner using multiple antivirus engines, some prefer to have a standalone on-demand antivirus scanner installed locally. At such times you may use these on-demand antivirus scanners.
TIP: Test if Antivirus is working or not.
Check the identity of doubtful files
Malware can be named anything, and in fact, virus writers love naming them after some legitimate Microsoft processes or popular software. Check which folder it is located in. If the familiar-sounding process is located in the System32 folder – where it should be, it could be the legit MS folder. But if it is situated in some other folder, it may well be malware trying to pass itself as a Windows process. So do a search for the file, right-click on it and check its Properties and details.
Read: List of free Malware Removal Tools to remove Specific Virus.
Fix Internet issues
Some variants of malware will turn on an Internet proxy server and hijack Windows DNS cache, which can prevent you from accessing the Internet or downloading tools required for malware removal. So, download a tool that is capable of fixing issues related to the Internet. Try MiniTool Box.
Reset Proxy settings
Malicious software may change Windows Internet Explorer proxy settings, and these changes can prevent you from accessing Windows Update or any Microsoft Security sites. Reset the proxy settings back to defaults. You may also want to run the IE Troubleshooter to reset all security settings to its defaults.
Restore Windows features
If you find that your important Windows features like Task Manager, Registry Editor, Control Panel, Command Prompt, etc. have been disabled, you may use our freeware FixWin to enable them. Reset Windows Security settings to default. Reset Windows Firewall settings to default values.
Rootkits and removal
A Rootkit is a form of malware that prevents itself from getting detected by detection/removal software. So, install an effective Rootkit removal tool that is easy to use. Kaspersky TDSSKiller is reliable in this regard, but you can also try Malwarebytes AntiRootkit Tool. You can use Sticky Keys Backdoor Scanner to detect Sticky Key Backdoors.
Browser Hijacking & removal
Browser hijacking occurs when you find that your web browser’s settings have been changed without your permission. Read more here about Browser Hijacking and Free Browser Hijacker Removal Tool.
Ransomware removal
Ransomware virus locks access to a file or your computer and demands that a ransom be paid to the creator for regaining access, usually allowed via either an anonymous pre-paid cash voucher or Bitcoin. This post on how to prevent Ransomware will suggest steps to take to stay protected and offer links to free anti-ransomware tools. Here is a list of free Ransomware Decryptor Tools that can help you unlock files. And if you do get infected, then this post will show you what to do after a Ransomware attack. RanSim Ransomware Simulator will tell you if your computer is protected against ransomware.
Macro Virus removal
If the file icon for Word or Excel has changed, or you are unable to save a document, or new macros appear in your list of macros, then you may presume that your documents have been infected with a macro virus. In such a case you need to take urgent steps to remove the macro virus.
Vulnerability & Exploit protection
A computer Vulnerability is a ‘hole’ in any software, operating system or service that can be exploited by web criminals for their own benefits. Exploits follow “vulnerabilities”. If a web criminal detects a vulnerability in any of the products on the Internet or elsewhere, she or he may attack the system containing the vulnerability to gain something or to deprive authorized users from using the product properly. SecPod Saner Free, Microsoft Baseline Security Analyzer, Protector Plus Windows Vulnerability Scanner, Malwarebytes Anti-Exploit Tool and ExploitShield are some of the better known free tools available for Windows., that can offer you protection against such threats. If you are looking for free anti-executable security software to protect your Windows PC from malware, have a look at VoodooShield.
Rogue Software and removal
These days computer users are being subjected to a lot of Rogue Software and Ransomware, which may have been downloaded by the users themselves, without realizing it. So remember, don’t be tricked into downloading just any software – and always download software and freeware from websites you know and trust. Moreover while installing, never blindly click on Next-Next. Remember to uncheck foistware and toolbars you do not want to install.
Rogue Software, also known as Rogues, Scareware, pretends to be security software and give out fake warnings to make you purchase the security software, which the pirates profit from. The downloaded software may include even a worse form of malware. Ransomware will encrypt personal user data or block your entire PC. Once you have paid the “ransom” through an anonymous service, your PC will be unblocked.
If infected, you may get to see such warnings in your system tray:
Warning! Your computer is infected! This computer is infected by spyware and adware
Also while browsing on the Internet, if you receive a message in a pop-up dialog box that resembles some warning, do not click anything inside the dialog box.
Are you sure you want to navigate from this page? Your computer is infected! They can cause data lost and file corruption and need to be treated as soon as possible. Press CANCEL to prevent it. Return to System Security and download it to secure your PC. Press OK to Continue or Cancel to stay on the current page
Instead, press ALT + F4 on your keyboard to close the dialog box. If warnings, such as these keep appearing when you try to close the dialog box, it’s a good indication that the message is malicious.
While most antivirus software will also remove Rogues, you can if you wish also do the following: Boot into Safe Mode with Networking and try to uninstall the Rogue Software and Ransomware from Control Panel\All Control Panel Items\Programs and Features. Then navigate to the System Program Folder and delete all concerned folders. Run a registry cleaner after that. The Rogue may be easier to uninstall, but the Ransomware may not be!
Use Eset Rogue Applications Remover. This free tool will help you remove rogue software or scareware. HitmanPro.Alert is a free Ransomware Protection & Browser Intrusion Detection Tool. CryptoPrevent is another handy tool that provides your computer a shield against Cryptolocker or any other kind of ransomware. Anvi Rescue Disk for Windows will assist in ransomware removal. HitmanPro.Kickstart will help remove Ransomware.
Botnet Removal Tools
We have already seen what are Botnets. These Botnets are controlled by remote attackers in order to perform such illicit tasks as sending spam or attacking other computers. The methods for detecting bots include Static Analysis and Behavioral Analysis. Botnet Removal Tools will help you remove Bot infestations from your Windows computer. You might want to read this post on How do I know if my Computer has been Hacked.
Use specialized Malware Removal Tools
Malicious Code has become increasingly complex, and infections involve more system elements than ever before. Sometimes, when your antivirus software is not able to remove the virus from your computer, you may need to download and use one of these specialized standalone free tools which are released by well-known security companies like Symantec, Eset, Kaspersky, etc.
Remove persistent malware
If you need to remove persistent or stubborn malware infections and crimeware, try freeware Norton Power Eraser or Emsisoft BlitzBlank. If your malware is blocking your antivirus software from being installed or if installed, from being run, use Malwarebytes Chameleon.
Once your computer is clean, you may do the following:
Certain types of malware are designed with a wicked purpose – Stealing personal data such as passwords, emails, and banking information. So, it is recommended you change all your passwords, once you have cleaned up your computer.
Create a new System Restore point. Run Windows Disk Cleanup Tool to remove past Restore Points.
Microsoft has released two tools that may interest you. The Windows Malware Prevention Tool will help you harden your Windows security, whereas the Windows Security Troubleshooter will fix Windows security problems.
Remember, prevention is better than cure! Removing malware can be difficult as some of its variants are resistant to some anti-malware removal tools. So do make sure that you are taking all the precautions required to protect your Windows computer.
Useful links to security software:
- Free Antivirus software | Firewall software | Internet Security Suites for Windows.
- Microsoft Safety Scanner
- Windows Defender Offline
- Windows Malicious Software Removal Tool
- Kaspersky Internet Security
- BitDefender Internet Security Suite.
If all fails, the only way to remove malware is to reformat and reinstall Windows. However, you should choose this as the last resort when all other options fail.