Checking for viruses and cleaning your computer.
What makes you think you have a virus?
If your computer starts behaving in unexpected ways its a good sign its infected. However, many viruses, rootkits and worms try very hard to escape notice. Any of the following could indicate your computer is infected.
- Failure to update
- Anti-virus not working
- programs starting or closing automatically
- printer, scanner, webcam or drive not working
- Strange pop-ups
- unexpected messages
- Strange search results
- browser windows opening or not closing
- running slower than usual or freezing
- downloaded files in wrong place
- downloads not completed correctly
- missing or unexpected files
Before you do anything else you should:
- back up important files to CD or DVD. These will need to be scanned for viruses before reinstallation.
- Be aware removal of malware can leave other problems behind - such as bad shortcuts, unable to connect to the internet, lost emails, and in extreme cases you may lose your operating system and all programs. (see "residual damage" below)
- Read the disclaimer.
Check your regular anti-virus is properly updated and fully operational. Then run scans as follows:
(you may need to consult the information on your own particular anti-virus to do these steps)
- run updates first to the anti-virus program and then to the virus definitions files.
- schedule a boot-time scan and restart your PC.
- when this has completed run a full scan, and allow the anti-virus to clean or delete infected files.
Usually this is successful and you will not need to proceed further.
If your PC is still showing signs of infection, you may wish to carry on as follows
Online virus Check
In your browser go to http://www.f-secure.com/en/web/home_global/online-scanner
Install and run the download program. Hopefully the check will not show any viruses and you can relax. However, if it DOES show viruses you need to remove them. At this point you may wish to call us for help.
Check your router/firewall for vulnerability
You could also check your router is secure by visiting the "Shields Up" website at https://www.grc.com/intro.htm and follow the links to the "UPnP exposure test". You can also check other vulnerabilities by clicking on the links below that button.
If the scan DOES show problems you will need at least some of the following programs (all free for domestic use) - so create a directory (folder) for them and download them now, saving them into your new folder. A newly formatted USB stick can be useful for this.
- Malwarebytes - probably the best free malware detect and removal tool.
- AdwCleaner - great for removing adware.
- Junkware removal tool remove PUPs (potentialy unwanted programs - such as browser toolbars)
- EasyCleaner- clean the registry
- Roguekiller - remove malware and repair MBR etc
- A NEW download of your chosen anti-virus program. (I recommend AVAST free edition)
Detect and remove
Now you have all the software you need you should
- DELETE any old backups (not the new one you have just made!) and system restore points. You dont want to restore a virus!
- Turn off your router or remove the connection to your computer so it is isolated from the web, and protected from new viruses.
- Turn off or disable your anti-virus program as if left on it will conflict with the cleaning process.
- Run Malware bytes and clean malware
- Run AdwCleaner and choose "clean"
- Run Junkware removal tool.
- Create a new restore point
- Remove any external (USB) drives or memory sticks.
- As a last resort, run Roguekiller ( caution - experienced users only, computer MUST be backed up.) and allow it to delete rogue processes.
Then, when its clean:
- Restart your system
- Run EasyCleaner to remove bad entries from the registry
- Restart your system (yes, again)
- Install the new copy of your anti-virus
- Reconnect and turn on your router, and allow the anti-virus to load new signatures; then IMMEDIATELY
- Visit the AMTSO website: Choose "security features check" and run the appropriate tests (for desktop or android machines) to check your anti-virus is giving you protection. You can also use the microsoft test site at https://demo.smartscreen.msft.net/
- Create another restore point.
- Use Malwarebytes or Junkware removal tool to scan ALL removable media (and the backups you created above) to make sure there is no virus on them.
- Now uninstall or delete all the above programs and delete the folder. You will need new updated ones next time.
- Make new backups of your important files onto cd or dvd. Do a full system backup.
- In Windows explorer right click on the drive (s) and choose cleanup.
- Run a boot-time disk check, and
- Defragment your drive(s)
- Change all your passwords.
Malware can prejudice the security of your passwords. So you should immediately change any where security might be an issue. Particularly Bank, Ebay, PAYPAL, EMail etc.
When your system is infected by malware it can make changes to the way your system operates. For example, the virus may intercept the communication between the PC and internet, so it can record bank details etc. and send them elsewhere. Normal messages are simply "forwarded" by the virus to the intended recipient. When the virus is removed it can no longer do this - so your connection to the internet is lost.
Removal of certain types of virus will ALWAYS carry the risk of leaving such residual damage; and often the only way to repair this may be by a "nuke and pave" - a clean reinstall of your operating system, leaving your computer in an "as new" condition - with none of your user applications and data.
skillbank.co.uk provides this information in good faith as a free service. We make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, or suitability of the information contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website.