These programs are often called scareware or Trojan horses. If you receive any antivirus alerts, don’t click on them directly until you’ve verified them. Open your installed antivirus program via the system tray icon in the lower right corner of Windows and check the status or logs. If you don’t find any evidence of your actual antivirus program catching a virus or other malware, consider the alerts you’re getting to be bogus.
Ignore what they say, don’t click them, and certainly don’t fork over any money.
If you are getting true virus alerts from your existing antivirus software, go ahead and click to remove or quarantine any infections. You should also follow the next tips to run some scans with some additional scanners to make sure everything is caught.
Delete temporary files first – Before you run scans, you should delete the temporary files of Windows and Internet Explorer. Sometimes the malware might be located there. Furthermore, scanning these files can greatly increase the scanning time. You can remove manually or use the Disk Cleanup utility via the Start Menu: All Programs > Accessories > System Tools.
Use on-demand scanners in Windows – You should try running some on-demand scans. If you can still get into Windows and onto the Internet, that is, the job will be much easier. Here are a few programs that offer free editions: MalwareBytes, SUPERAntiSpyware, ComboFix, and Spybot Search & Destroy.
You should use at least two different programs. Remember, no one scanner can catch every single virus or malware.
If scanners won’t run, rename the file, kill virus processes, or restore extensions – Sometimes malware will block you from running the popular malware scanners. However, sometimes you can get around this by simply renaming the setup and/or program executable. If that still doesn’t help, you can try running RKill to try to kill the malware processes.
If you get errors when opening any executable (.exe) program, the malware may have removed or corrupted the file extensions. Thus you should try to restore the file extensions.
Try the advanced boot options and system recovery options – If Windows won’t load or you can’t run any on-demand scanners, you should reboot and immediately press F8. This will bring up the Advanced Boot Options. First try the Last Known Good Configuration, which can possibly revert system changes and revive Windows. If no luck, try Safe Mode with Networking and then plain old Safe Mode. If you can get into Windows, try running the on-demand scanners again.
If you’re getting blue screens that disappear too quickly or Windows automatically restarts, select the Disable Automatic Restart on System Failure option on the Advanced Boot Options menu.
Before going further with malware removal, you might want to see if you can first fix Windows.
Even if you remove the malware with the tips in the next sections, Windows still might not work properly and you’ll have to do a Windows reinstall anyways. Thus you might want to just go into Windows repair mode rather than continuing with malware removal mode to save time in the long run. If you do want to try and fix Windows, here are a couple things to try:
If using Windows XP, get into the Recovery Console via pressing F8 at boot, using Ultimate Boot CD for Windows (UBCD4Win), or the Windows Setup CD. Consider running Check Disk (chkdsk), fixboot, and fixmbr. If you can get into Windows XP via normal startup or a Safe Mode, try using System Restore to restore to a previous point before you think you were infected.
If using Windows Vista or 7, get into the System Recovery Options via pressing F8 at boot, using a Windows Recovery CD, or the Windows Setup DVD. Consider running Startup Repair and System Restore, and from the Command Prompt Check Disk (chkdsk) and System File Check (sfc).
Use bootable discs or USBs if Windows doesn’t load – If you can’t seem to get Windows working, you can still access your computer and run scans from a live CD/DVD or USB drive. See my article Antivirus Review: Bootable Discs and Bootable USBs that reviews some bootable antivirus solutions: Kaspersky Rescue Disk, BitDefender Rescue CD, F-Secure Rescue CD , and AVG Rescue CD.
Run scans from a clean PC – If you aren’t having any luck with Windows and you don’t have any blank discs or USB flash drives handy for bootable solutions, you could run virus and malware scans via a different computer.
If you have another computer with matching drive connections/cables, you could remove the infected drive and put it in the clean one as a slave drive. Then you can run scans on that particular drive with the working computer and then put back into its PC as a master drive again.
Fix damage after malware removal – If you do successfully remove the viruses and infections you still might have damage, such as missing system files, error messages, or Internet Explorer won’t work correctly. If so, try the steps mentioned in the second half of the Try the advanced boot options and system recovery options section. If Internet Explorer is the problem, verify the Home Page and Proxy settings, and at last resort reinstall it.
If all else fails
If you can’t seem to get rid of the infection or can’t repair Windows, you might want to reinstall Windows. If using Windows XP you can first try a repair installation with the Windows Setup CD, which won’t delete your personal files and documents.
Before doing a full Windows reinstall, you can back up your personal documents and files, device drivers, and product keys using a rescue disc, such as HBCD or UBCD4Win, mentioned above.
Some computers are loaded with a recovery partition and utility and might not have come with Windows discs. If so, you should see a recovery option during booting or on the Advanced Boot Options or System Recovery Options menus accessed by pressing F8 during boot. If your computer has a recovery solution or disc, use it instead of the Windows Setup disc.
Once you get everything back up, make sure you have antivirus installed and kept up-to-date. Consider free ones discussed in a previous article of mine, A Guide to Free Antivirus Software .
Eric Geier is the founder of NoWiresSecurity, which helps businesses easily protect their Wi-Fi networks with the Enterprise mode of WPA/WPA2 security. He is also a freelance tech writer. Become a Twitter follower or use the RSS feed to keep up with his writings.