Preliminary Steps and Tips

If you get malware that puts a new icon in your system tray (in the lower right-hand corner of your screen, by the clock), don't click on it at all; don't left-click or right-click on it. Don't attempt to close it. Just leave it alone and, after you read this page, proceed with the other steps. (You could, however, carefully hover over the strange icon, without opening it, and jot down the name of the fake program/malware.)

While your system is infected, avoid shutting down or restarting your computer, because restarting can allow malware to do bad things. After an anti-malware scan, when you attempt to opt to permanently remove (from your computer) quarantined files that you know are malware, you may get a message that some quarantined files can't be removed without a restart. (By the way, that's a good sign that stubborn malware will soon be gone.) If you're given the option to remove the items upon restarting, say Yes or OK to that, but if asked if you want to restart now, say No. Instead, run all of the other anti-malware scans before restarting. Some malware will force a restart; don't worry, just proceed with the steps.

Back up your data, just in case.

If possible, jot down the date and time that your computer became infected. This may help you determine what files detected by scans are ones that you want to remove from quarantine and permanently remove from your computer.

After a scan, evaluate detected files before deleting them from quarantine and permanently removing them from your computer. Sometimes, not usually, one anti-malware program will quarantine files related to another anti-malware program. Or it may quarantine another program that you wouldn't want to remove. How do you determine, if you can't readily tell, if a file is safe to keep? You can research a given file at Google.com. It will probably help you a lot if you do a little research about the malware that you have; you can quite easily find a list of files associated with a given malware. Some such file lists are more complete than others, so check more than one source. Just now, I did a Google search for "XP Security Center" files. ("XP Security Center is the name of the first trojan I had). The very first results page had an excellent list of files associated with the trojan. If you don't have a strange icon that you can hover over (don't right-click or left-click on it) to determine the name of your malware, probably you'll be able to determine the name after you do a little research of files detected by your scans. You can also contact your computer manufacturer, your Internet service provider, or your anti-virus provider. If you're not sure whether you should permanently remove certain quarantined items, just leave them in quarantine until you're sure about them.

If an anti-malware utility detects a file that you know is safe to keep, use whatever false-positive-reporting option or setting there may be to instruct your anti-malware utility to allow/ignore that file in the future.

Start a little text file regarding files that anti-malware utilities detect but that you determine to be safe to keep on your computer. That way, if any utility ever detects those files again, you won't have to spend much time evaluating them again. Here, just for example, is what I have so far in my "safe files to allow" text file:

Related Pages
Help with Security
Steps for Removing Spyware, Trojans, and other Malware