Thursday, August 23, 2012

How to Remove a Virus

A Few Quick Steps to Remove a Virus

Aw crap, you have a virus. That can be some nasty stuff sometimes. More often than not, actually. So, you want to get rid of it, but you don't want to pay. (Who does?) Well, I've got good news and I've got bad news... but first, lets figure out if you actually have a virus.


1. Your computer is off, you press the power button, NOTHING HAPPENS. Probably not a virus.

2. Your computer is off, you press the power button, it turns on and shuts off soon thereafter. Probably not a virus.

3. Your computer is off, you press the power button, and you see a black screen with a flashing cursor. Most likely, and hopefully, a virus.

4. Your computer is off, you press the power button, and you see a black screen with some writing about a boot disk, a PXE Rom, or something that tells you that you aren't gonna move forward. That's probably not a virus, but it CAN be, it'll be easier to test this first.

5. Your computer is on or off, you turn it on or you're just using it, you a blue screen with a lot of writing. It will either stick around till you shut if off, or it will automatically shut you down. This might be a virus, but it could be worse.

So, these four symptoms will make it a lot harder to remove, but you might still be able to do it. The next four will be much easier.

5. Your computer is on, but you can't log in for some ungodly reason. Either you forgot your password, or your User Account is screwed up. If its messed up, every once in a while it can be a virus.

6. Your computer is on, but you cannot access the internet (and you know darn well how to). Could be a virus, could be a bad anti-virus that's mad because you won't renew it.

7. Your computer is on, and - "OH NO! Some program I've never seen is telling me I have 4,000 viruses or they found child porn or the FBI is blocking this due to terrorist activity or I have to re-register all of my programs!" Ya, that is a virus, nothing there is true (or at least highly unlikely).
Note: Anything that won't let you into Windows and is asking you to buy something... is a virus, it's certainly not limited to any of those listed claims.

8. Your computer is on, and all of your stuff if gone. Black screen, no icons, can't see your programs in the start menu, no documents and whatnot. Don't worry, it is all still there. It's a virus that has hidden everything.

The Good News!

If your symptoms are something from number five through eight, this is gonna be easy. With a few simple, free tools you will be back up and running in no time. Hopefully. These are called winvarient viruses. They run once Windows boots up. 

The Bad News...

If you have one of the first five symptoms, you might not even have a virus, hopefully you do though. If you don't, it will be much harder to fix, and might require a professional. Even if it is a virus, most of these five will require you to take apart the computer and grab the drive out if it to run an external scan. These are known as rootkit viruses. They are pretty bad, and start to run as soon as the computer is turned on. 

Lets Get Rid of These!

Step 1 -  5 are a must for rootkit viruses (or symptom numbers 1 - 5), but will help with winvarients (the rest of the symtoms):

1. Open up your laptop or desktop and locate the hard drive (HDD). The HDD will be a rectangular metal box about the size of your hand, there will be a data cable and a power cable running to it. Unplug and remove the HDD.

2. Plug the HDD into another computer as a secondary drive.

3. On that computer, install Microsoft Security Essentials. MSE is a free anti-virus straight from Microsoft. Its free, lightweight, and extremely powerful. 

4. Navigate through "My Computer" and locate the HDD you have plugged in. It might be listed as "D", "E:", or "F:". Right-click on the HDD and then click "Scan with Microsoft Security Essentials...". 

5. Once the scan is completed, remove whatever it finds. If it doesn't find anything, chances are you won't be any farther ahead and you have other problems. Either way, return the HDD back to the computer it came from.

The rest of these steps will apply to ALL symptoms:

6. Boot up the computer and press F8 to boot into "Safe Mode With Networking". If it doesn't boot up, then something is screwed up and reloading Windows will most likely fix that. 

7. Once you can see your desktop, you need to download Malwarebytes, update it, and run a full scan. Once that is done, remove everything it finds. 
Note: If you have no internet connection, download the installer to a flash drive from a different computer and install it on your computer.

8. Restart the computer and load CCleaner, run through the removal, then switch to the "Registry" tab on the side and run a scan. Once the scan is done, hit fix. (You don't have to backup the data)

9. Now, download and run Combofix. This is an extremely powerful tool so don't interrupt it. It will restart your computer, which is good. Wait until there is a full screen notepad window with a bunch of computer mumbo jumbo. This is the log report, that means it is done. Now, restart your computer.

10. On your keyboard, press the Windows Button and "R" at the same time. Type "msconfig" and press enter. A little dialog box will come up. Make sure the spot that says "Normal" is marked. Not "Selective". Selective is bad in the long run.

11. Now, just make sure that you have a good anti-virus set up. I personally recommend the aforementioned Microsoft Security Essentials. It runs smoothly and doesn't use very much of your system resources just to run. Better yet, it's free.

These are optional steps, if stuff still isn't quite right, do these!

11. No internet? We've gotta reset that. This step is going to restart your computer, so be ready. You can download our IP and DNS flushing tool: here.

12. Is your stuff all gone still? Most of it should come back after Combofix runs, but if not, try using the Unhide tool. Works like a charm every time.

If you continue to have problems, there is most likely something else wrong. Take it to a pro, or use my upcoming list! Thank you all and good luck! I really hope I helped someone out.