Removing malware is often a complex and time-consuming task, even for security experts. But as Bitdefender has reported, sometimes, just occasionally, the most effective technique can be extremely simple.
Like, turn your PC off, and on again.
The surprising news is based on a detailed study of the banking Trojan Dridex, and the considerable efforts it makes to avoid detection.
In particular, the malware doesn’t have a permanent Registry key to launch itself when your PC starts. Instead, it waits for a system shutdown or restart, saves its code to a file and only then creates its "startup" Registry key. On launch it removes the Registry entry and there’s nothing to see.
It’s a clever technique, and worth remembering when you’re using Autoruns -- or anything else -- to examine your startup programs. You may not be seeing as much as you thought.
But this also means that if you simply pull the plug rather than shutting down/ restarting/ sleeping your system, Dridex doesn’t get a chance to save itself, and won’t launch when your PC next restarts.
This plainly isn’t a complete solution. Your PC could be compromised in other areas, and you might still have malicious code on your system. And of course this won’t work with the vast majority of malware, anyway.
Still, if you suspect you’re infected by something, but it won’t go away, then pulling the plug is simple enough to try (close any applications first, to reduce the chance of data loss or drive corruption). Just be sure you use something like Panda Antivirus or Malwarebytes Anti-Malware to clean up afterwards.