Helping people with computers... one answer at a time.

If your computer is not completely restored... then you haven't removed the virus! I suggest a thorough course of action.

I have Windows XP desktop. I removed the smart virus, but there are changes on my computer that the virus did and I can't fix. With the Start menu, the list of all programs is missing. Can I restore the list? Thank you for your help.

In this excerpt from Answercast #28, I look at the ramifications of having a virus on your computer and how deep you need to go to get it clean again.

Cleaning up after a virus

So, the short answer is, "You didn't remove the virus."

I mean, you removed maybe the worst part of the virus. But, you certainly haven't removed its side effects, its implications, and the things that it did to your system. So your removal is incomplete.

  • The problem is you still don't know how incomplete that removal is!

What else is left?

That may imply that there are lots of other things on your system that the virus has left behind or has broken. You don't know what they are!

My belief, and I've said this in multiple places:

  • Once your machine has been infected with a virus; it's not your machine anymore.

That virus has essentially taken over and done things to your system... that you just don't know. There's no way to know either what it's done or what you need to do to clean it up.

Restore to a backup

I do have an article, "How do I fix Windows after removing a virus?" It will go through a couple of different steps, but the bottom line is: if you want to be safe, there are exactly two approaches:

  • One is to restore to an image backup that you took before you were infected.

That's quick, it's easy. If you've got image backups, you're safe once that's done. That's a fast way to remove the virus. It's a fast way to know that you have removed not only the virus, but also any effects that it had on your system.

The problem, of course, is that most people don't back up.

Reformat and reinstall

If you don't have a backup; the only safe thing to do is:

  • Backup your system now (so that you don't lose any files that you may have on the system that you care about);

  • Reformat;

  • Reinstall Windows;

  • Reinstall all your applications;

  • Reinstall your data;

  • And get on with your life.

If that sounds like a lot of work, it is. But it's the only way to know that you have removed all traces of the virus and any side effects that thing has done.

Since it is so much work, I hope that you will learn from that and say, "You know what, maybe backups are worth the effort of setting up!"

Backups are the best way to save you from almost anything: including viruses and their aftereffects.

Article C5495 - June 20, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

2 Comments
Douglas A. Brace
June 20, 2012 3:20 PM

Leo, I enjoy your articles. I agree with you that backups are important. Backup, backup, backup...

There are ways to fix things and restoring to an image or reformatting and reinstalling isn't always an option.

I recommend browsing the BleepingComputer.com forums. Most of the the solutions that they have will recommend will include the use of ComboFix to solve a problem. Below is a basic guide on the how to use ComboFix. ComboFix is a VERY powerful utility. Just like anything else, proceed with caution.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

There are moderators and will assist a person experiencing a problem and looking for help.

BleepingComputer also has a free utility that called "unhide" that will help restore shortcuts that were deleted from the Start Menu, IF they are still in the user's "%tmp%" directory. "unhide" will also change the file attributes to your entire "C drive" in the event that everything has been makes as the hidden attribute.

There are other tools on their site that may help you.

http://www.bleepingcomputer.com/download/windows/


Another tool that I recommend if search results have been hijacked is TDSSKiller from Kaspersky.

http://support.kaspersky.com/faq/?qid=208283363

Pete Goodwin
July 24, 2012 6:27 PM

Oh, I agree on the back up indeed. What I saw on your article on Image Backups was way over my head. I would rather just buy a flash drive and copy a specific set of files, even better a folder and be done. My CD won't write and I cannot follow the directions for all of the backup suggestions, too complicated. Especially so when instructions say to go here or there and I don't encounter what the directions say I'll see. Now you instructions below this say "do not leave an email address, yet it says REQUIRED?

You need to read instructions carefully. It says No Personal Information **in the comment**. The email address field that is required is not in the comment, and will not be published.
Leo
26-Jul-2012

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.