in this video we're going to describe a series of steps that will allow you to remove malware from a system In the vast majority of cases this will not be the process you use to actually remove malware That's because even after going through the steps in this video it is possible for malware to still be on that system You're never going to be 100% sure that you removed all of the malware from that computer The way that most organizations address a malware infection is to delete everything on that system and then reimage or replace it with known good software So if the best practice is to completely delete everything on a system and start over why are we discussing the process of removing malware and keeping everything intact that's because you will occasionally run into a system that doesn't boot properly but you still need the important documents that may be stored on that hard drive If you were to delete everything on that system you would also be deleting those files So this removal process should take you through the steps that will get your system running just well enough for you to remove those important documents Once you've been able to recover those documents it probably then would be a best practice to delete everything on that system and restore from a known good image The first step is to recognize the symptoms that could indicate that malware has been installed on your computer Sometimes this is very obvious where the message says operation did not complete successfully because the file contains a virus or potentially unwanted software or a message may come from your Windows security that says threats have been found and Microsoft Defender anti virus found some threats Click to get more details But often it's not quite this obvious It might be something as simple as the system is taking a bit longer to boot or perhaps it's running a bit more sluggish than it normally does Or perhaps you're getting a message in an application that is an unusual error message but doesn't directly tie back to any type of malware All of these could be symptoms of malware So it's always a good idea to perform some additional research and find out more about what could be causing this problem on your computer If you do believe that malware has infected a system it's time to take some action This step too would be to quarantine this infected system away from any other devices on your network Malware can find its way across the network so you should disconnect the network connections or disable those network links as soon as possible It's also very easy to move malware between systems using a USB drive or some other type of removable media And at this point many people believe that they should back up the system to be able to restore information later But if this system really is infected with malware you don't want to back up that malware just to restore it later Another useful function of Windows is the system restore capability This allows you to move your system configuration back to a previous date and time And if you're trying to remove malware from a system you would think that that would be an easy fix You simply change your system to the same configurations you had last week and that should get rid of the malware But the malware authors have already thought of that particular occasion So when they infect your system they will also infect your restore points So you can still go back in time to a previous restore point but you'll effectively be restoring the malware back to your system If you're in a corporate environment you may find that the system restore capability has already been disabled But if you're using Windows at home or you have a computer where system protection is enabled you'll want to disable that capability When you disable system restore it completely deletes all of your previous restore points And if any malware is in those restore points it will also be deleted This will be a temporary configuration and later on in the malware removal steps we'll discuss when we would want to reenable system restore Now we need to fix the malware issue that we have One of the things we can do is to remove any files that we have clearly identified as malicious Some malware can be identified by an anti-malware scanner You click a button to remove those files and the malware has been removed from your computer If the malware was identified in a real-time scan then those files were probably already deleted and moved to a special location on your system drive to quarantine the files This keeps the files available for administrators to be able to perform additional research but it doesn't allow the user access to those infected files But if you've ever done any type of malware removal you know that it very often isn't as simple as deleting a single file and rebooting Very often malware embeds itself within many different points inside the operating system making it extremely difficult to completely remove In many cases you will use anti virus or anti-malware software to identify and then remove the malware from the system In order for your anti virus software to identify the malware it needs to have the latest set of signatures You also want to make sure that you're running the latest anti virus engine so that it's up to date with the latest version of software Once you've updated both your engine and updated the signatures you can begin the process of removing this malware Often this is an automatic process You simply tell the anti-malware software to run a scan of your system and if it finds anything it will remove it from your computer On most systems these updates are performed automatically So you may find that the anti virus engine and all of the signatures are already up to date but you might find on some systems that the anti virus updates have been set to manual Very commonly anti virus signatures are updated multiple times a day So setting a system to a manual update is almost pointless considering all of the changes that occur on a daily basis And if your system is infected with malware you may find that attempting to update the signatures or update the anti virus engine will fail because the malware is blocking your system from performing those updates It may require you to manually download these files on a separate system put them on a USB drive boot the system into a recovery mode and manually copy the files and updates If the malware is affecting the bootup process of your computer you might be able to boot into a less capable mode known as safe mode This will load a barebones operating system that allows you to at least get to the Windows desktop and be able to change files or delete information from your drive On rare occasions this might also prevent the malware from running which might give you some additional options during the recovery process And if this malware has created a problem on your system you might not even be able to boot into safe mode In that case you might want to take advantage of the Windows pre-installation environment or WinP This is the environment used for the Windows recovery console where you can boot your system onto a command prompt and then be able to change the file system from there You can also create your own Windows pre-installation environment using the Windows assessment and deployment kit or ADK And if the pre-installation environment is not able to find your Windows installation then you might have to repair boot records or modify additional information in the operating system At this point you should be able to boot the system gain access to the file system and be able to transfer over any important documents At this point it's time to delete everything and start over from the beginning We often refer to this as a reimage process or a reinstall process Most organizations will have separate images for the hardware that they use and so they can delete everything apply the image to that system and in a matter of minutes have that computer back up and running This not only installs the Windows operating system but all of the appropriate drivers files applications and anything else needed for that company This is also one of the reasons that we often redirect folders or require individuals to save their documents to a network drive This way you can delete everything on a local computer and not have to worry that you're deleting important documents Now we're back up and running and we're virus free Now we need to set configuration options so that this problem doesn't occur again It's always a good idea to check if your anti virus software is running in a real time mode so it's scanning everything going through your system in real time But it's also a good idea to perform periodic scans This will check for any files that may have been added or files that you aren't directly accessing through the real time scanner Some antivirus software is a built-inuler for configuring anti virus updates to the engine and to the signatures But if your anti virus software doesn't support that feature you might need to add a task into taskuler to ensure that you're always getting the latest signatures installed onto your computer And of course it's always a good idea to check to see if your operating system update process is also configured In Windows you'll want to check Windows update and make sure that it's also configured to download and install any new patches I mentioned earlier that we had to delete all of our restore points because all of them were most likely infected with malware Now that we've completely deleted everything on our system restored from a known good image we can make sure that our system restore is enabled Again you want to check the system properties under the system protection tab and make sure that the restore settings are set to turn on system protection And since we've just turned system restore back on you might want to click the button to create a restore point right now for the drives that have system protection turned on This will ensure that you've got a good configuration that you could move back to if you ever need to go back in time with your system config Sometimes malware can get onto our systems without any type of user intervention But often it's the users that run the software that infects their systems to begin with And there are some best practices your users should know about what to click when to click it and how to notify when they think that something may have gone wrong You might want to have one-on-one training with that individual and talk to them about IT security and how they can keep this system protected going forward You might also want to have a broader campaign where you might use posters and signs You might post these right outside the elevator so that when it opens up everybody can see those posters on the wall Or it might be a message board posting in the breakroom So if you have a board in the breakroom that has information and announcements this might also be a good place to talk about anti virus and anti-malware best practices Since everyone also has to visit the login page this is also a good place to put a message of the day Sometimes this is information about systems that might be unavailable during different time frames or it might include a tip or trick on how to keep your system safe And almost every organization has an internet page This is a perfect place to keep all of your documentation information on who to contact and details about anti virus and anti-malware best practices