Infected? It’s hard to miss when you’ve been hit by a virus/spyware. These malicious bits of code can really wreak havoc on your machine and your day. Some symptoms to look for might be:
Pop-ups when you aren’t even browsing the web
Computer has slowed down with mysterious processes taking up resources
Unknown applications being installed on their own
My mentality for tech support is to always start with the least expensive, least drastic measures first and work your way up from there until a solution. “Every time?” Yes, every time. It doesn’t take any longer. If you already know things that aren’t going to work, just skip by them, but the fact is that you’re still starting at the least expensive, least drastic measures. I’m going to take this minimalist approach to undoing the damage of malware too.
First thing, unplug your computer from the network. This will prevent the malware from downloading any other partners in crime and uploading any of your personal information. Go ahead and shut down the infected computer as well.
Now, you’re going to want to download three different utilities. Given that you’ve just disconnected and shut down your computer, this can be tricky for some. If you have a second machine, great. Otherwise download these from work, a friend, or the public library and burn them to a cd or copy them to a USB jump drive. These applications are all free for home users. What you’re looking for is this reliable pack of three:
Once you have the installers for these applications, start up your computer and right before you normally see the Windows splash screen press F8 so that a menu pops up and gives you a bunch of options. Choose “Start up in Safe Mode” and hit Enter. Let Windows boot up and if you’re given a prompt to choose between working in Safe Mode and using System Restore, say ‘yes’ to continue working in Safe Mode. If you have to login, be sure to do so with a local administrator account.
You’re going to want to disable System Restore at this point because it most likely contains infected files in its backups and you certainly don’t want to be restoring to those at some point in the future.
- Right-click My Computer (either on the Start Menu or the Desktop)
- Click on Properties
- On the window that pops up, click on the System Restore tab.
- Click ‘Turn off System Restore’
- Hit ok.
Install Avast, the anti-virus, and enter the serial number. Get the serial by just registering on their website (still free for home users). I’ve been registered there for more than a year and have only received the serial number from them. Tell Avast to schedule a boot-time check. This is basically the same thing as when you try to do a scandisk and you’re told you can’t because the disk is in use. Once you have the boot-time check scheduled (or run a full-scan and you’ll probably get a prompt to do so anyways if it finds a virus in current working memory), reboot normally and let the virus scan do its thing. For the most part you can walk away and let it do its thing, but it all depends on what settings you chose. You can have it delete detected files automatically, prompt for confirmation, or prompt for confirmation on system files. I would recommend having it delete any infected files, but it really depends on which files. You can research any files pretty easily with a simple Google search of the file name to find out if it is crucial, a system file, or most likely malware.
Once the scan completes, reboot and get into Safe Mode again. Open up the Control Panel, Add/Remove Programs and uninstall any software that has been installed recently and could be suspiciously connected to the infection. Next install the other two tools, Spybot and Ad-Aware, and run them sequentially. It really doesn’t matter what order, but I’ve found that although they are competitors, they really work well together; whatever one might miss, the other tends to find. Let both of these scans run (not at the same time), empty the Recycle Bin, and reboot into Windows normally.
Upon this next reboot, we’re really hoping for a clean system. If everything appears to be back to normal, you’re in luck! If not, skip down a couple paragraphs for the next steps. Plug the network back in and establish a connection. First thing to do is update Avast to make sure you have the latest virus definitions and then update Spybot and Ad-Aware as well. Then run the scans again just to verify that they’ve gotten everything, including any recently developed bugs.
After those scans are run, since you’re in the business of improving your machine performance, you might as well Defrag and run a scan disk on your drive as well. Open up My Computer, right-click on your drive (C:) and go to Properties. On the resulting windows, click the Tools tab and then hit the Defrag button. Let Defrag go all the way through and then hit the button for error-checking and check both boxes for “Automatically fix file system errors” and “Scan for and attempt recovery of bad sectors.” Hit Start and it will probably tell you that it can’t while the disk is in use, but schedule a disk check for the next time the computer starts up. Go ahead and reboot and let it run the Check Disk. If you’re machine is back to running blissfully, you’re in good shape. You might consider following the next paragraphs to rebuild your machine since you can never be 100% certain that your machine is clean. If you do have faith that everything’s in the clear, still go to the bottom of this post and read some tips on preventing these sorts of things in the future.
If you’re still in dire straights with your machine after all the scans have completed and everything they recognize as malicious has been removed, you’re probably looking at rebuilding your machine. For example, I recently encountered some malware that got throughout the computer system and essentially locked the door behind it. All access to the control panel and its modules was removed. Reinstalling the OS shouldn’t be as intimidating as it sounds and periodic rebuilds anyways can really return your system to its original speedy performance.
Backup any data you want to carry over. Move it to an external drive or burn it to CD. See this previous post for important things to grab.
Make a list of applications you’ll want to re-install. From the full software to the freeware, it can be really annoying to know that you used to have an application that did one particular thing and now you can’t remember it.
Disconnect your machine from the network/internet.
Insert your Windows CD and tell it to boot off of the CD. If it doesn’t prompt with a “Press any key to boot from CD” you’ll need to get into your BIOS and change the Boot Order.
When the Setup comes up, follow the on-screen instructions to delete the current partitions on your hard drive and create a new partition with a quick format. Setup Windows on this newly created partition and let Windows do its thing.
Follow all of the on-screen instructions to complete the OS setup and wait for the machine to come up ready for use.
Install Avast first thing to protect your machine. Enter the serial again and reboot.
With Avast running in the background, connect to the internet and immediately start grabbing Windows Updates.
Scan your back-up files and if they check out clean copy them back over to the computer.
Install the applications that you listed.
You should now be in the clear, but here’s what can help you prevent this in the future:
Windows Updates – Set Windows to update automatically or at least prompt you when new Updates are available. This will keep your vulnerabilities to a minimum.
Avast – If you didn’t have antivirus before, shame on you. Now that you have Avast running, make sure it keeps up to date. By default, it grabs all the updates it needs (with entertaining robot voice to inform you of such).
Windows Firewall – Keep Windows Firewall enabled. You might have to make some exceptions for specific applications, but disabling it is quite unwise. The Windows built-in Firewall is also plenty sufficient for your average user, so there’s no need to spend money (Norton) or download more annoying applications (Kaspersky).
Firefox (with Ad-Block Plus, No-Script extensions) – Firefox is more secure or at the very least less targeted (similar to Macs claim of being more secure) so the frequency of successful intrusions is greatly decreased. The Ad-Block Plus and No-Script add-ons will remove elements from websites that you’re viewing that could contain links or scripts to downloading malware.
Education – With all the effort you’ve just put in to clean up your machine, you’ll probably be naturally educated through your experience and at least more paranoid. Individuals need to be cautious on the internet. Do some research before you download something to see if it is legitimate. Avoid downloading anything in exchange for access to sites like toolbars or plugins. Your anti-virus should be scanning downloaded files, but it doesn’t hurt to point a scan directly at downloaded files you feel suspicious about and archives as they are extracted. Also, it doesn’t hurt to read up on some of the latest big waves of viruses and spyware taking advantage of popular vulnerabilities.