(*** Disclaimer: If you don’t feel comfortable working on your own computer, please ask someone who is familiar with computers to assist you. Sometimes it is best to seek professional assistance with this type of procedure. You will need a second computer connected to the internet for the following. Proceed at your own risk! ***)
Signs you may be infected:
- You get ‘Pop Ups’ alerting you that your computer may be infected from software you do not remember installing.
- You may have new software icons you did not have before on your desktop.
- You may find your anti-virus software alerts you of a threat, but is no longer working.
- You may not be able to get to a particular web site or not even be able to get on the internet at all.
The following is a general guideline to detecting and removing a virus from your computer. As always, have a good working backup before attempting any of these procedures.
- Isolate the suspected computer by disconnecting the network cable or turning off the wifi adapter. This will stop anything from getting on your network to infect other systems and getting to the internet to make connection with its author and/or server.
- Turn off ‘System Restore’ on all hard drives. Find a ‘My Computer’ icon and right click on it. Choose ‘Properties. Then select the tab named ’System Restore’. Select the check box ‘Turn off System Restore on all drives’ and click ‘Apply’
You now have stopped the ability to get outside of the computer and the ability to be restored from a ‘restore point’. It’s now time to get to work.
Depending on the severity of the infection, I will use either USB drives or finalized cd-r’s to install software. With the newer infections that can write across networks and to any writable media (floppy, memory card, USB drives, etc.), it's best just to grab a bunch of cd-r’’s and write all of the different software you’ll need to cd.
First thing, go over to Malwarebytes’ http://www.malwarebytes.org/ and download a copy of their Anti-Malware program. Put it on your choice of media and install on the suspected computer. Then select ‘Perform quick scan’ and click ‘Scan’.
Allow the program to take what ever actions required (which may include a reboot). Once the program has finished, let’s proceed to scan for viruses.
(***Disclaimer: Never install more than one anti-virus program on a system.***)
If you have anti-virus software, check it to find out if it is still working. A lot of infections will disable your anti-virus. If this is the case, reinstalling it may get it to work again. If this doesn’t work, you will need to uninstall it completely, so you can reinstall a new copy of the antivirus software. Once this is done do a complete scan of the system.
If you do not have any anti-virus, go over to AVG Free http://www.avgantivirus.com and download a copy. Also download the latest definition files. Put all of the files on media and install the anti-virus. Once installed, you can upgrade the definitions by selecting ‘Update from file’ when you have the program open. Then do a complete scan of the system.
(***Disclaimer: Before installing a firewall in Windows XP / Vista, disable the Windows Firewall in the Control Panel first. Also, never install more than one software firewall on a system.***)
Once you have run both Malware and an anti-virus scan on the system, you should have a good hand on the situation.
(*** If you are still having issues that you’re anti-virus and/or spyware software cannot remove, please seek professional assistance. ***)
Before attempting to reconnect the suspect system to the internet, make sure that you have a software and/or hardware firewall in place. I use both a hardware firewall behind my internet connection and software firewalls on the servers / workstations.
For more information on Free Internet Security Software, check out this blog entry:
And for a detail description of one of the worst cases of infection I have seen yet, check out this blog entry: