Computer viruses are those malicious programs that once they infect your machine, they start causing havoc in your computer. What many people do not know is that there are many different types of infections that are classified into a different category. In this article, you will learn how to clean a virus off the computer.
The aim of this article is to focus on malware that is considered Trojans, worms, and viruses. Though, this information can be used to remove other types of malware as well. We will be providing a broad overview of how to clean a virus off the computer.
For the most part, these instructions should allow you to remove a good deal of infections but there are some that need special steps to be removed and these won’t be covered under this tutorial.
Before we continue it is important to understand the generic malware terms that you will be reading about.
Malware – Malware is a program or files that are developed for the purpose of causing harm. Thus, malware includes computer viruses, worms, Trojan horses, spyware, hijackers, and a certain type of adware.
Ransomware – Ransomware is programs that encrypt the files on a computer and then demand a ransom in order to decrypt them. The ransom is typically in a digital currency called Bitcoins.
Adware – A program that generates pop-ups on your computer or displays advertisements. It is important to note that not all adware programs are necessarily considered malware. There are many legitimate programs that are for free but display ads in their programs in order to generate revenue. As long as this information is provided up front then they are generally not considered malware.
Tech Support Scams – Tech Support Scams are programs that pretend to be a security alert from Microsoft or another company. These fake alerts indicate that something is wrong with your computer and that they lock you out of it until you call a listed phone number. Once you call that number, the scammers will try to sell you unnecessary remote support services and software.
Backdoor – A program that allows a remote user to execute commands and tasks on your computer without your permission. These types of programs are typically used to launch attacks on other computers, distribute copyrighted software, media or hack other computers.
Dialer – A program that typically dials a premium rate number that has per minute charges over and above the typical call charge. These calls are with the intent of gaining access to pornographic material.
Hijackers – have you ever wondered why your browser directs you to another page when you tried to open a page? A program that attempts to hijack certain Internet functions like redirecting your start page to the hijacker’s own start page, redirecting search queries to an undesired search engine or replaces search results from popular search engines with their own information is called a Hijacker. And, it is harmful to your PC at times.
Spyware – A program that monitors your activity or information on your computer and sends that information to a remote computer without your knowledge.
Trojan – A program that has been designed to appear innocent but has been intentionally designed to cause some malicious activity. It also provides a backdoor to your system.
Virus – A program that when run, has the ability to replicate itself by infecting other programs and files on your computer. These programs can have many effects ranging from wiping your hard drive, displaying a joke in a small box, or doing nothing at all except to replicate itself.
These types of infections are harmful to your computer and have the ability to spread to another computer on their own. The word virus has incorrectly become a general term that encompasses Trojans, worms, and viruses.
Worm – A program that when run, has the ability to spread to other computers on its own using either mass-mailing techniques to email addresses found on your computer or, by using the Internet to infect a remote computer using known security holes. You can be infected through browsing some websites.
How do these infections start?
Just like any program in order for the program to work, it must be started. Malware programs are no different in this respect and must be started in some fashion in order to do what they were designed to do. For the most part, these infections run by creating a configuration entry in the Windows Registry in order to make these programs start when your computer starts.
Unfortunately, in the Windows operating system, there are many different ways to make a program start which can make it difficult for the average computer user to find manually. But, there are programs that allow us to cut through this confusion and see the various programs that automatically start when windows boots.
We recommend this program to help figure out which program is running once windows start booting. It is free and detailed. You can try Autoruns from Sysinternals.
When you run this program, it will list all the various programs that start when your computer is booted into Windows. For the most part, the majority of these programs are safe and should be left alone unless you know what you are doing or you know you do not need them to run at startup.
Download Autoruns and try it out. Just run the Autoruns.exe and look at all the programs that start automatically. Don’t uncheck or delete anything at this point but Just examine the information to see an overview of the number of programs that are starting automatically. When you feel comfortable with what you are seeing, move on to the next section.
Use an anti-virus or anti-malware program to clean a virus off the computer
Make sure you are using an anti-virus program and that the anti-virus program is updated. If you do not currently have an anti-virus installed, you can select one from the following list to scan and clean your computer. The list below includes both free and commercial anti-virus programs. But, even the commercial ones typically have a trial period in which you can use now to scan and clean your computer. The listed ones are below for you.
It is also advised that you install and scan your computer with good Anti-Malware programs. Many times, these programs are quicker to update their definitions than a standard anti-virus program. So, therefore, targeting more adware and unwanted programs.
The recommended anti-malware programs are:
After performing these instructions and you are still infected, use the instructions below to manually remove the infection.
How to clean a virus off computer manually
If you have identified the particular program that is part of the malware, and you want to remove it, please follow these steps.
Download and extract the Autoruns program by Sysinternals to C:\Autoruns
Reboot into Safe Mode so that the malware is not started when you are following through these steps. Many malware monitors the keys that allow them to start. If they notice they have been removed, they will automatically replace that startup key. For this reason, booting into safe mode allows us to get past that defense in most cases.
Navigate to the C:\Autoruns folder you created in Step 1 and double-click on exe.
When the program starts, click on the Options menu and enable the following options by clicking on them which will place a checkmark next to each of the options.
- Include empty locations
- Verify Code Signatures
- Hide Signed Microsoft Entries
Then press the F5 key on your keyboard to refresh the startups’ list using these new settings.
The program shows information about your startup entries in 8 different tabs. For the most part, the filename you are looking for will be found under the Logon or the Services tabs. But, you should check all the other tabs to make sure they are not loading elsewhere as well. Click on each tab and look through the list for the filename that you want to remove.
The filename will be found under the Image Path column. There may be more than one entry associated with the same file as it is common for malware to create multiple startup entries. It is important to note that many malware programs disguise themselves by using the same filenames as valid Microsoft files. It is therefore important to know exactly which file and the folder they are in you want to remove.
Once you find the entry that is associated with the malware, you would want to delete that entry so it will not start again on the next reboot. To do that, right click on the entry and select delete. This startup entry will now be removed from the Registry.
Now, that we have identified it and you don’t want it to start on boot up, you should delete the file using “My Computer” or “Windows Explorer”. If you cannot see the file, it may be hidden. To allow you to see hidden files you can read How to search for hidden files in Windows
When you have finished removing the malware entries from the Registry and deleting the files, reboot into normal mode as you will now be clean from the infection.
How to protect yourself in the future
In order to protect yourself from this happening again, it is important that you take proper care and precautions when using your computer. Make sure you have an updated antivirus and spyware removal software running.
Now that you know how to clean a virus off the computer and remove a generic malware, it should help you stay relatively clean from infection. Though if you find it difficult to do, get more guides here Virus, Spyware, Malware Removal Guides.