Virus Infection and Removal: Quick and Easy

Virus Infection: Quick and Easy

January 9, 2011 -- To most users it doesn't matter what the technical differences are between a virus, a trojan, a worm, spyware, malware, or otherwise malicious software. Most of us generally use the term "virus" to represent all of these and I will also in this article. Effectively the result is very much the same. Your computer generates pop-ups, fake warnings, unwanted advertising, runs slow, hijacks your web browser, and seems to block all reasonable efforts to stop or remove the infection. In many cases, if left unresolved, permanent damage may be done to important Windows system files that may even prevent your computer from starting.

Unfortunately, there is no 100% effective anti-virus or anti-spyware program that will block all the bad stuff. Most often, using two different products is a better defence. Unfortunately, many infections require special tools and possibly manual intervention to rid your computer of the menace. There is no set of standard rules that dictate what a cyber-criminal may program a virus to do. The motive often is to take control of your computer so you will be encouraged to click on links and hand over your credit card details. As much as you think you wouldn't do this, many fall for this extortion trap and pay for the rogue or fake Disk Defragger or Anti-Virus program in an attempt to resolve the problem. If you have paid for such a program, please contact your credit card provider and advise them that you are a victim of fraud.

The reality is that it is fairly easy these days to infect your computer with a virus. Many viruses come from so called "drive-by" infections while browsing. There are reportedly 10's of thousands of legitmate websites that have been infected. Typically a user clicks on a link that leads to a site where a script automatically, and behind the scenes, does something malicious. You may be asked to install an add-on in your browser in order to watch a video perhaps. The popular Koobface worm targets users of Facebook, Twitter, and other social networking sites. Once your computer is infected, it invites your Facebook "friends" to click on a link which in turn leads to their infection. Of course, the use of peer-to-peer and torrent sites to download files and videos helps to spread many viruses, as these files are often infected. To a lesser extent than in the past, are viruses spread by email attachments. More common is that an email apparently from a friend will contain a link to "You have to see this funny video" or something similar, and that link will lead you to ultimate infection. You may even unwittingly hand over your Facebook or Hotmail username and password when prompted, and before you know it (actually you won't), your email account may be hijacked and your entire contact list will be getting an invite too.

Virus Removal: Quick and Easy

So what about our installed Anti-Virus softare? Many viruses do get stopped by popular anti-virus software, although not always in real-time -- that is, you may have to run a full scan of your computer to remove the malicious software. However, what often happens, is that the anti-virus software may be prevented from running, or getting updates, and most often you will be prevented from visiting popular anti-malware sites to download and install new crime-fighting software. So what do you do then?

Well the quick and easy part of virus removal is to act quickly. Generally I would advise to take the following steps if you believe your computer has been infected by malicious software by whatever means.

1. The objective is to reboot into Safe Mode. Actually, your computer may be prevented from shutting down while the malicious software is running. Remember, this nasty software doesn't have to make it easy for you. If all else fails, simply hold down the power button in for 5 seconds until your computer turns off.

2. When restarting the computer, press the F8 key just before the "Starting Windows" screen. You should get a menu with Advanced Boot Options. If Windows continues to startup, then you missed the opportunity and will have to shutdown and restart again. When restarting, start pressing the F8 repeatedly at one-second intervals and that should work.

3. Select Safe Mode from the menu. If you are using a wireless keyboard, you may find that you are unable to make the selection, in which case you will need to find a regular wired keyboard, plug it in, and start again.

4. Once Windows starts in Safe Mode (you may still need to login), from the Start Menu, search for and start System Restore. In the event that System Restore cannot be found in the menu, you may be able to access it directly in Windows 7 from %SystemRoot%\system32\rstrui.exe, or in Windows XP from %SystemRoot%\system32\restore\rstrui.exe.

Basically, you want to choose a restore point from BEFORE the point your computer was infected. Normally, Windows 7 will create an automatic restore point at least every few days if your computer is turned on. Simply follow the instructions to restore your computer to an earlier point in time. The impact of this is that any programs recently installed (including viruses) will be uninstalled.

5. Restart your computer normally.

6. Using Windows Explorer, I then like to manually delete all temporary files and folders for user profiles and Windows. This is where most of the virus type files start their life. Don't click on the files -- just select all and delete. Empty your recycle bin afterwards. These files can be found in
C:\Users\{Username}\AppData\Local\Temp;
C:\Users\{username}\AppData\Local\Microsoft\Windows\Temporary Internet Files; and
C:\Windows\Temp.

7. If you don't already have it installed on your system, download, install, and run the free version of Malwarebytes - Select Full Scan.

8. Run your anti-virus program full scan also. The illustration shows Microsoft Security Essentials.

9. If both scans run clean, you should be good to go. If you still have problems, you could go back to step 2, and try selecting an earlier System Restore point. Beyond this, you will likely need some sophisticated help.

How do you protect yourself?

1. Visit only sites your trust. Be careful what you click on. Clicking on shortened URLs is an extra risk.

2. Keep your anti-virus program and Windows up to date. Run regular scans for viruses and spyware/malware.

3. Be careful about browser add-ins or plug-ins, particularly if you are prompted to install one while browsing.

4. Avoid downloading files or installing programs from unknown sites (P2P, Torrent, Warez).

5. Act immediately if you believe your computer has become infected. If you can't resolve the problem easily yourself, call a professional for help before things get worse. Once infected, malicious programs often install more virus software, making cleanup even more difficult if even possible.

6. One more thing: Absolutely don't give your kids administrator rights on your computer!

Safe browsing!

--MLJ