Archive

Posts Tagged ‘virus/malware’

Beginner's Guide to Removing Viruses

December 29, 2009 2 comments

We’ve all been there. Surfing online, minding our own business (or maybe not…), when you realize all too late that you clicked on the wrong link or popup. Bam! You’ve got a virus.*
If you’re lucky, your antivirus software (you are running up-to-date antivirus software on your computer, right?) will catch the mistake and eliminate the infection before it manages to take root on your system. All to often, however, the virus will manage to get in under the radar and wreak havoc before you’ve even realized its there. At this point, a simple scan of your antivirus software is often not enough to completely remove the infection. In this article, I’ve outlined several basic steps that can be taken to remove an infection.**

1. Prepare the Infected System

Before trying to remove a virus from your system, there are a few important things to do. First, avoid using your computer for any task where sensitive or private information will be used. It is not uncommon for some infections to steal passwords, financial information, or anything typed on your keyboard. If possible, you should disconnect your system from the Internet and not use it until you are certain that the infection is removed.
Second, it is important to know that the process of removing viruses from your system can be a very involved and time-consuming task, ranging from hours to a couple of days depending on how bad the infection is. Once you start the process of removing a virus, you should see it through to the end. Otherwise you run the risk of having the virus come back again.
Third, turn off System Restore (some viruses will use System Restore as a way to reinstall themselves after being removed) and clean out all temporary files (I recommend using CCleaner to do this, although Windows Cleanup can be used instead). In addition to helping with the removal of the virus infection, this will help speed up your virus scans.
Fourth, it is always a good idea to back up any important data before attempting to remove a virus. While these steps are fairly straight forward and shouldn’t result in any data loss or harm to your system, the only way to ensure your data is protected is by backing it up! Its tedious, I know, you should still do it. Also, don’t copy, run, or open any files from your backup without first scanning it with a working and up-to-date virus/adware/spyware scanner. After all, you don’t want to reinfect yourself or another clean system with the same virus.

2. Download Virus Removal Tools

The first rule of dealing with an infected system is to not trust any of the programs that are on that system. Therefore, you are going to need to download a few standard tools in order to deal with your virus problem. The first tool I would recommend is a good antivirus rescue live CD.*** The benefit of using a live CD is you can guarantee that your tools will be completely unaffected by the virus infection. There are several free live CD’s available for this purpose (a list with reviews can be found here). I would recommend using one or more of the following: Avira AntiVir Rescue System, BitDefender Rescue CD, and/or Dr. Web Live CD (it doesn’t hurt to use several different live CDs in succession to be thorough since different antivirus tools will sometimes detect and remove different viruses more efficiently). You will also want some other tools that are specifically designed for removing adware/spyware. I recommend using Malwarebytes, Spybot, and/or Ad-Aware (each has a free version available for home use). Be sure to run the update tool on each of the programs you’ve installed before using them.

3. Run the Live CD(s)

This seems fairly obvious, but at this point, go ahead and boot into a live CD and run the antivirus tools. Some live CDs allow you to update the virus definitions before running them (you will likely need a network connection via an Ethernet cable to perform the updates). Other live CDs will automatically have a set of fairly recent virus definitions already built in. After you’ve updated the virus definitions (if the option is available), start the virus scan and then go watch TV or read a book for a while because it will take some time (I’ve found that most virus scans take between 1 to 3 hours to run depending on the number of files on your system). Once its done, make sure to tell the CD to remove any infections it found and restart the computer with a different live CD if you are planning on running multiple scans. Rinse, lather, repeat! If there are any viruses found that the live CD is unable to remove, write down its name and do some research online (from another computer if possible). Sometimes antivirus companies, such as McAfee or Symantec, often have special tools and detailed instructions on removing some of the more difficult infections.

4. Start Windows in Safe Mode

Once you’ve finished running the live CDs that you’ve chosen to run, you’ll want to boot into Safe Mode in Windows to finish cleaning up the system. To do this, press the F8 key repeatedly while the computer is starting up. For detailed instructions on how to do this, click here. Once you’ve booted into Safe Mode log into an account (make sure the account has administrative privileges) and run a scan with each of your antivirus/antispyware programs (ie. Malwarebytes, Spybot, Ad-Aware, etc.) in turn. Again, these scans will take some time, but its the only way to make sure that your system is free of viruses. Have these tools clean/repair or quarantine any infections they find, and be sure to write down any infections that cannot be treated so you can do some specific research on how to remove those particularly stubborn infections. It also doesn’t hurt to run each scan again after you’ve cleaned off all the infections, just to ensure that none of them have re-spawned themselves after removing them.

5. Final Cleanup

After you’ve finished running your various scans and have achieved a clean bill of health, restart your computer and let it start up normally. Hopefully, your system should now be free of infections and as good as new. If everything seems fine and you don’t see any signs of the previous infection, go ahead and turn System Restore back on and (if you suspect that your current antivirus was compromised by the virus and no longer working properly), uninstall and then reinstall your antivirus software. Be sure that you update the antivirus and make sure that its working correctly. Finally, you can verify that all is well by running a free online scan of your computer from Panda or BitDefender.**** If everything checks out, your system is clean as a whistle and ready to go. If not, then you likely have a virus that will require some additional (and more invasive) steps to get it off of your system. If this is the case, you’ll probably need to seek additional help from someone with experience dealing with these kinds of infections.


* Since this article is meant to be a beginner’s guide, I will be using the term “virus” interchangeably with the term “malware.” While such a generalization is not technically accurate, I have done so in order to avoid confusing some of our less technical readers. Technically, a virus is defined as a malicious program capable of self replication (often without the permission of the user), while malware (which is short for “malicious software”) is a general term that includes a wide variety of infections (viruses, worms, trojans, rootkits, adware/spyware, etc.).

** While following these steps should not cause you to loose any of your data or cause problems with your system, you should know that attempting a virus removal is not completely without risk. You should always take precautions to back up your data in order to ensure that it isn’t lost. I am not responsible to any harm caused to your system or data by using this information. This article is for instructional purposes only and is not to be seen as a definitive guide to malware removal.

*** A live CD is a CD that you can boot into instead of your usual operating system (such as Windows). You can usually download an ISO file and burn it to a physical CD (the Avira CD actually has a program that you download and run to burn the CD for you). I would recommend downloading the file and burning the disk as close to when you plan on doing the virus removal so that it is the most recent version. Also, you may have to change your BIOS settings to allow you to boot into a live CD. If you don’t know how to do this, you can get more information here.

**** There are a lot of websites out there that claim to offer free malware removal tools but will actually further infect your system with viruses. Only trust tools from reputable sources, such as well-known antivirus companies (Norton, McAfee, Panda, BitDefender, etc.). If you don’t know whether a tool is legitimate or not, do some research before you act. Remember, the first rule of online security is to never trust anyone.

Advertisements