Helping people with computers... one answer at a time.
Once you've removed malware from an infected machine it's possible that Windows may suffer lingering side-effects. I'll look at why and what to do.
I'm facing a problem regarding my desktop. Recently it was infected with a virus but I managed to clean and disinfect all the malware which attacked my PC. After a restart, I wasn't able to see all my network adapters in network connection folder. When I refresh it always gives me a message that "The Network Connection Folder was unable to retrieve the list of network adapters on your machine. Please make sure that the Network Connection service is enabled and running". I checked my services and found out that network connection services and other services were missing. How do I fix this?
What you're experiencing is fairly common. Not the "network connections" part - I've actually never heard of that specific symptom before - but the part where, after eradicating a virus or other form of malware, Windows is left in a somewhat broken state.
They symptoms vary, but the bottom line is the same. To put it in terms of some American slang: Windows "just ain't right".
I'll look at why that might be, and what you can do about it.
I'll warn you: you probably won't like my recommendation.
Malware works a couple of different ways.
The most common way these days is where it copies files containing malicious software on to your system and then causes those files to be run by adding information to places like the registry. With that information, Windows might be instructed to automatically run the software on every reboot, or under other conditions. When cleaning your system anti-malware programs both remove the malicious files, and then remove those malicious instructions that cause the malware to run.
Another approach that malware also uses is to modify existing files. For example, malware might not copy in any additional files, but rather take an existing system file - typically an "exe" or "dll" file - and re-write it to include the malware's own code. That way, whenever the system file is used by the system the malware is run.
Anti-malware programs face a dilemma when this kind of technique is used. Where normally they might remove the infected file, since it's a system file removing it might have adverse side effects on the operation of the system. Yet, sometimes that's exactly what they do: remove or quarantine the infected system file. As we've seen in the past that can result in the system becoming unusable.
Since the specifics and the techniques vary, the side-effects of removing a virus aren't always quite so dramatic. The principle still remains: it's possible that removing a virus can actually harm your system.
And it sounds like that's exactly what's happened to you: some component of Windows networking has been compromised, either by the malware itself, or the removal of that malware.
At a minimum you'll need to somehow repair Windows. I'll get to that in a moment.
First, I need to remind you of another unpleasant fact: you don't know that your machine is actually malware free.
Once your machine has been infected, it's no longer your machine. Malware could have done anything. There is no guarantee that your anti-malware software removed everything. Not all programs detect and remove all malware.
Your machine could still be infected.
So with those two facts in mind:
My recommendations, starting with the safest possible approach:
Reinstall: Backup and reinstall Windows, all applications and your data from scratch. While this is extremely painful to do, it's really the only way to know that you've eradicated the virus and anything else it may have allowed to enter your machine. The initial backup is to preserve any data and other files that you may need to recover after everything has been reinstalled. Of course care will need to be taken to ensure that when you restore files from that backup you're not restoring infected files. Typically, that means you only restore data files and never programs from the backup. You'll need your Windows installation media for this approach, and the installation media or original downloads for all the programs on your machine.
Revert: Backup your current system, and then revert to a system backup image taken prior to the infection. Backup first so that you have copies of any data files that changed since that earlier backup was taken. This is perhaps the simplest approach of all, but does require that you've been doing periodic image backups prior to the infection, and that you can correctly identify a point in time at which your machine was not infected by the malware you removed.
Repair: A repair install of Windows uses your installation media to reinstall Windows "in place". How should I reinstall Windows? includes links to a couple of older articles on other sites on performing a "repair" install.
SFC: The System File Checker, or SFC, does exactly what its name implies: for a majority of the files that comprise Windows it checks them to make sure that they are present, and that they are the correct unmodified copies. Note that SFC does not scan data like the registry, it's simply a file checker. If files need to be repaired, you may be asked to provide your original installation media so that SFC can access the unblemished copy. Sadly, SFC can get a little confused after a service pack or two (particularly if you elect not to save backup copies when the service pack is installed). But when it works it's a fairly easy solution.
Other alternatives that people may think of include:
System Restore: System Restore does not live up to its name: it does not restore your system. Rather, I think of it as a glorified registry backup with perhaps a few other files along for the ride. When it's available (it's often not), it uses data that has been saved on your hard disk - the very same hard disk that was just infected with malware. My implication is that you simply don't know that the data used by System Restore has not itself been compromised. I warn people against relying on System Restore for many reasons. (But yes, it can be worth a try in a pinch. But you still won't know that malware has been removed.)
Recovery Partition (or Disc): The recovery disc (which is different than an installation disc) varies from manufacturer to manufacturer but typically does not include a copy of the operating system. Rather, it relies on a partition - possibly a hidden partition - from which it then restores the operating system. Once again, that partition is on the very system that was compromised, so it's possible that the data to be used in recovery is itself compromised. (And yes, also once again, it's worth a try in a pinch. But like System Restore, I warn people against relying on recovery partitions.)
The safest approach, by far, is to reinstall Windows. But given how painful that is, the alternatives that follow it are often more practical.
And hopefully this will reinforce the need for a) getting Windows installation media, and b) backing up completely and regularly.
And of course not allowing your machine to be infected with malware in the first place.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.