How to clean a machine that is infected with a virus

If your machine has been infected with a virus. Please see information below to assist you to remove the virus.

1.   Make sure your antivirus software definitions are up to date.

2.   Use other third-party utility to clean the virus, trojan or worm. It is possible that your current antivirus software will not detect everything so using multiple utilities will give you peace of mind. You may download, install and update these free utilities to use for cleaning infections:

  •  VIPRE Rescue which can be downloaded here
  • Also the always reliable Spybot Search and Destroy which may be downloaded here

3.   Turn off system restore on the PC.

  • To do this right click on the My Computer icon.
  • Select Properties.
  • Click on the System restore tab and put a check next to Turn off system restore.

4.   Disconnect the network cable of the computer, which you plan to scan if connected.

5.   Reboot the computer in Safe mode. Most PCs use F8 to get to safe mode. So while the computer reboots, keep hitting on F8.

6.   You will get prompted that you are in safe mode. Click on Yes.

7.   In safe mode, go to Add/Remove Programs in the Control Panel and remove/uninstall applications you are not familiar with. At times, malicious software when installed may be listed here and may be uninstalled.

8.   Run a full scan on the PC using Vipre Rescue, Vipre and Spybot. Run each application and scan one at a time in safe mode.

9.   Still in safe mode

  • Go to Start > Run and type msconfig and hit enter.
  • Click on the Startup tab.
  • Uncheck the items listed under start up items for those applications you do not need running when starting the computer. If you are not familiar with the start up name that’s on the list, Google it. You do not want to uncheck a Windows system process that is necessary to get the system up and running. But you also want to make sure to uncheck a startup item that is associated with a worm or virus that may automatically run upon starting the computer or that triggers an automatic replication with every reboot.

10.   Take note of what you left checked and those you have unchecked (or disabled from startup). Close the window when done.

11.   You should be prompted to restart your computer. Go ahead and restart computer and this time start in normal mode.

12.   Now in normal mode, you will be prompted that configuration changes have been made. Just put a check next to do not show this again then click ok.

13.   Right-click on the taskbar and select Task Manager. Select the processes tab and compare the image names of those you took note from safe mode. End task those processes which you did not see in safe mode. Close the task manager window when done.

14.   Go to Start > Run and type msconfig and hit enter. Click on the Startup tab. Compare the startup items with those you have taken note from safe mode. Did the ones you left uncheck still remained uncheck? Was their another start up item that popped up and is now checked? If yes on the later, search that startup item in Google. If it is associated with a worm / virus, uncheck it. Close the window when done and restart again. Then repeat from step 11.

15.   In normal mode, run a full or deep scan on the PC using Vipre Rescue, Vipre and Spybot. Run each application scan one at a time. Repeat this step until the PC is 100% clean on all 3 scanning applications.

16.   Turn on system restore on the PC

  • To do this right click on the My Computer icon.
  • Select Properties.
  • Click on the System restore tab and uncheck “Turn off system restore”.

17.   Make sure your antivirus application should auto-update its virus definitions and that it provides real-time protection.

18.   Plug the network cable back and restart the computer.

Tags: