How do I recover from a bad virus infection?

Home » Viruses and Malware

Summary: Recovering from a bad virus infection isn't always easy, but there are some easier things to try before drastic measures need to be taken.

Over the past weeks on my older Windows XP machine:

I've had frequent re-infections of some virus or Trojan that resets my IE home page, disables Task Manager, and blocks my access to System Restore.
Several times each day, I run AdAware, Spybot, and my virus program (Panda) to remove identified infections and spyware.
I read where disabling System Restore and then running a virus scan would clean out any virus strands that were inadvertently being backed-up with each shutdown/startup cycle.
My virus and spyware programs sometime identify Services.exe and Winlogon.exe as viruses. When this happens, these files are referenced as being in located in the C:\Windows\inetdata sub-directory (which is not where they should be).

Did I royally screw things up by disabling System Restore? I understand by doing this, I erased all existing restore points so that wouldn't surprise me.

First let me say this...

YIKES!

You've got a serious infection here. In all honesty, I'm not sure the patient will survive. But let's run through some options.

•

Here's how I'd proceed:

disconnect from the network
boot in safe mode
run the system file checker
run your AV and Spyware scans. Turn on any "immunize" options in the spyware checker
Reboot in normal mode.

If things work properly at this point skip the next two steps
Reinstall Windows XP. When you reinstall, you should have the option of doing a "repair" install or an install "on top of" the existing installation.
If things work properly at this point skip the next step.
If things are so bad that it's still not working properly, in your shoes I'd reformat the machine and rebuild it. Trying to coerce it into working again may just be more effort than it's worth. Be sure to save the data you care about first, of course.
Enable or get behind a firewall
Reconnect to the network.
Update your anti-virus software's database and your spyware scanner's database and run scans again.
Visit Windows Update, and do take SP2.

It concerns me a great deal that you're getting reinfected so quickly and so often. If you're not doing something silly, like opening unidentified attachments, or visiting malicious web sites, then that shouldn't be happening at that rate.

Related:

Ask Leo! - What is the System File Checker, and how do I run it?
Ask Leo! - Do I need a firewall, and if so, what kind?
Ask Leo! - How do I keep my computer safe on the internet?

More articles about: Viruses and Malware

Article Useful? Link to it from your own website; just copy/paste this HTML:
<a href="http://ask-leo.com/how_do_i_recover_from_a_bad_virus_infection.html">Ask Leo: How do I recover from a bad virus infection?</a>

Article 1839 | Posted January 30, 2005

•

Recent Comments

this isn't really about recovering but im asking how to get rid of one. the icon for microsoft will appear in the quick launch icons and then it will turn into a red circlewith a white x in it and a ballon will pop up saying "your computer has been infected" and then it will tell me about clicking it to buy an anti spyware program i dont have the money to get a new one and i can't logon to all password protected sites/accounts to anything nor can i watch any sort of movie on my computer. do you have somthing to help me?

Posted by: shaw at May 29, 2006 06:46 PM

My guess is that icon is, itself, a spyware or virus infection. These articles include links to some free scanners: http://ask-leo.com/viruses_how_do_i_keep_myself_safe_from_viruses.html and http://ask-leo.com/spyware_how_do_i_remove_and_avoid_spyware.html

Posted by: Leo at May 29, 2006 06:49 PM

Hey. I have been trying to recover from this virus for a while. It makes my mouse click a million times at once and it makes screens dissappear as soon as they appear such as IM screens or the taskmanager and it erases everything i type on a website while im online. I have try ad-aware, spybot, i have a brand new version of norton but NOTHING is working. Please help.

Posted by: Lemana at June 12, 2006 10:00 AM

Hi.
I recently got a virus from Msn messenger.
My friend sent this link and it send "hey check out these pics of us on myspace" and then had a link.
So I clicked it and now while I am on msn it opens all my contacts and writes in that same thing and I cant talk to anyone unless i sign out and back in agin. please help.
Hannah

Posted by: Hannah at June 13, 2006 02:50 AM

i know this isnt in the article above but i dont know what to do!!! i use avg and have been told that sometimes it stops my internet connection.Can i fix this without having to buy a different security program

Posted by: junelle at June 29, 2006 03:48 PM

a comment on my computer keeps sayin your computer is infected! windows have detected a spyware infection. what do i do about it please help

Posted by: charlotte at July 28, 2006 08:26 AM

hey i need help i have had 22 trojan horses and now my pc is realy slow it wont let me do anthing on it and things kep going missing i dont thinnk that the viruses have gone i use McAfee. plz help thank you

Posted by: sarah at December 22, 2006 04:57 AM

My virus/ spyware is gone! My computer goes way slower now even though my virus is gone. How do I get back to normal?

Posted by: Laura at March 24, 2007 09:32 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I don't understand what's "gone". You believe you've cleared yourself from
infection, but things are still slow? Then I'd have you read this article:
http://ask-leo.com/why_is_my_machine_slowing_down.html

Your anti-virus and anti-spyware programs are gone? Reinstall them.

Leo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)

iD8DBQFGBrZfCMEe9B/8oqERAsavAJ9RiQvdYzIiR3HZ+ubQKlS+EB1ODgCfRm84
NsgwNrPmp+YX2aNe5/M8sZQ=
=IZUQ
-----END PGP SIGNATURE-----

Posted by: Leo Notenboom at March 25, 2007 10:50 AM

My computer started shutting down on its own after about 5 minutes. I was able to download an antivirus software that I bought from office depot and when it said restart, it shut down again but now it won't come on at all. It sounds like it is running and one green light lights up but that is it. WHAT DO I DO, PLZ HELP.

Posted by: Josh at June 13, 2008 01:05 PM

See all 25 comments...

Post a comment on "How do I recover from a bad virus infection?":

Name: (Required)

Email Address: (Required)

(Email Address will not be published.)

Remember Me? YesNo

By popular demand...
my tip jar

Buy Leo a Latte!

Comments:

New!

Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored.
Comment only on this article. Use the Google search box at the top of the page if you have a question about something else.
Don't include personal information in the comment. No email addresses. No phone numbers. No physical addresses.
Don't ask me to recover lost passwords or hacked accounts. I can't, and those comments will be deleted.

I can't respond to every comment. And I can't vouch for the accuracy of others who do.
Read Why didn't you answer my question? for hints on getting an answer.
By posting a comment you agree to the Terms of Service. Don't agree? Don't post.
Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored. Yes, I'm saying this twice; you'd be amazed.

Please wait. Your comment is being processed ...