Being attacked by many viruses in the recent times, I thought why not make people learn from my experience. Having faced about a dozen of different viruses in past 2 weeks, I have experience enough to write this guide. I faced trojans, trojan downloaders, rootkits and what not. So here’s my little guide which will help you get rid of your virus.
We’ve got a huge amount of viruses floating over the internet. New viruses are being made by evil programmers daily. Due to this innocent computer users are being infected and suffering from infected system which results in compromising of private data, destruction of data, unusability of computer etc. For non techy people virus removal is a tough task. Fortunately, for tech-savvy people its not so difficult.
I am writing this guide so as to help people from removal of viruses from their computer.
A brief introduction about viruses. A virus is generally a malicious software which tries to steal personal information from your computer or uses your computer for other malicious activities like spamming, used as proxy from illegal activities, spreading malware etc.
Computer can be infected from virus through many means. You can get infected from a mail you opened from unknown person, some software installation, a friends pen-drive which you just inserted in your computer etc.
Until now, only Microsoft Windows have been known to be infected by viruses. Linux and Mac OS remains unaffected. There are only few known viruses for them. Windows on other hand has thousands of viruses with new viruses being produced everyday.
To protect yourself from viruses you will need to have good combination of security tools.
Tools required:
1. Sysinternals Process Explorer.
2. Good anti-virus software (preferably Kaspersky, NOD32, or Norton).
3. Malwarebytes Anti-Malware
4. Registry Fix.
5. Task Manager Fix.
6. UnHackMe.
7. Lavasoft Ad-Aware latest 2009 version. (Older version has many drawbacks)
8. HijackThis
9. Spybot S&D. (Optional)
Most of the viruses won’t let you know when they install themselves on your computer. You won’t even notice them unless they do something noticable like use internet extensively which draws your attention etc.
When you get infected by a virus and you are sure about it:
You know that you have been infected by a virus and you don’t know what to do. Just bear with me and you will find quick solutions to your answers.
To check if virus is using the internet:
1. First of all check if it is using internet. Go to Start Menu-> Run -> Type “cmd” without quotes and enter.
2. Then type “netstat -b” without quotes in the console and press enter.
3. On the left hand side, you will see a list of executables and right to that, you will see the sites it is connecting to. If you see any unknown executable connecting to any unknown site. It means that it is using your internet. In this case, I recommend disconnecting from internet to protect yourself.
Checking if the virus is running as a process:
1. Download the Process Explorer from Sysinternals from here.
2. Run it and see under the Explorer.exe. If you find some unknown executable running there, it means the virus is running as a process. Double click it and check the TCP/IP tab. This way you can confirm if it is using the internet. Click OK to exit the properties.
3. Right the process and click “Kill Process Tree”. Click yes when asked for confirmation.
Warning: Do not kill any process under “System”. It may crash your system.
Scanning for Malware using Malwarebytes:
1. Download Malwarebytes Anti-Malware from here.
2. Run the setup and install it.
3. Run the software and update its database.
4. Do a quick scan and delete all the entries which it finds. After quick scanning, do a full scan. I believe quick scan will remove majority of the malware and full scan will remove any leftovers. Restart if it asks you to.
Scanning for viruses using your anti-virus software
1. Whichever AV you are using. Install it and update it.
2. Perform a scan and delete/quarantine all infected files.
3. Restart if it asks you to.
Scanning using Lavasoft Ad-Aware:
1. Download the latest Ad-Aware version from here. Its free.
2. Install and update. Restart after installation.
3. Run a full scan and delete all the files it detects.
You may also use Spybot S&D to scan your computer, though it is not advised as its reliability and accuracy has gone very bad.
Re-enabling your taskmanager and registry editor in case they have been disabled.
1. If you see an error on pressing CTRL+ALT+DEL saying that “It has been disabled by Administrator”, it means that virus has disabled it.
2. Similarly regedit may also have been disabled by the virus.
3. To fix these, download:
Download – Taskmanager fix
Download – Registry fix.
Some viruses also modify the existing windows installed files. To restore them:
1. Start Menu -> Run -> Type “Sfc /scannow”.
2. Note that you will need Windows XP cd for this. It will check all the system files and will replace them if they have been tampered.
You must’ve your system cleansed thoroughly by now. There is no security application which gives you complete security. You have to use them together to protect your computer. That is why so many scans are required.
Ad-aware which had gone bad in the past few years have made a come back with their latest AE edition which provides very good security. Recommended to everyone.
For removing rootkits
1. Rootkits are probably the worst kind of infection anyone could have. They go undetectable by every other tool mentioned above. Those tools simply fail to discover it. Rootkits hide themselves under critical system files, run as hidden processes and are undetectable by any means.
2. Its impossible to detect their presence. You will only know that they are on your system if you see some weird behaviour like internet being used by itself etc.
3. To remove rootkits, install UnHackMe from here.
4. Install the software and follow the instructions. You will need to restart your computer for making this program check for rootkits. It will check the boot process for infected files.
5. Delete the files which you think are rootkits and are not part of any legit software.
6. Restart to make the changes.
Note: Please install security programs from their vendor’s site. Do not use warez or torrents to download as they themselves mostly contain viruses.
If you are still unable to remove the virus, please repeat all the above steps in safe mode.
If still, you are unable to get rid of it, please post a hijackthis log on this board. I’ll try to help you get rid of it.
Download it from here .
Scan and save the log and post it on this board for us to examine it.
Disclaimer: I am not responsible for any damages caused if you fail to follow the instructions carefully.
This guide may not be published/reproduced without my permission.
This is my tutorial originally posted on my forum here: http://www.techmindz.com/index.php?topic=361.0