Summary: Once you've been infected with a virus or other malware, there are steps you can take to try to remove it, but only one approach is guaranteed to work.
I opened a screen saver program & was rewarded with a trojan. It attached itself to the task bar and sends pop ups which shows me a private security program I do not want or need. I have McAfee installed. What should I do.
•
I'm revisiting this question because it's another one that shows up every day. The scenarios may be different, but the problem is the same: someone's machine has been infected with a virus or other form of malware, and they're having trouble getting rid of it.
Often, as is the case above, with anti-malware software installed that "should" have taken care of it.
What to do, what to do...
•
The one thing I want you to remember from this article is simply this: prevention is much less painful than the cure. As we'll see in a moment, the steps that may be required to remove malware can be painful and time consuming. Keeping your machine and anti-malware software up to date, following internet "common sense" and generally knowing how to stay safe on the internet is much, much easier in comparison.
So, let's look at what to do when prevention has failed.
Update the Anti-Malware Database.
If you have anti-malware software installed, make sure that it's up to date. Not just the software, but the database of malware definitions. Almost all anti-malware software uses a database of definitions of current malware, which needs to be updated regularly - often daily. Most programs will do this automatically, but if for some reason they do not then the programs will not "know" about newer malware. Make sure that the database is up to date, and rescan.
Try Another Anti-Malware Tool
No anti-malware tool catches all malware. I'll say it again: there is no single tool that will catch every single piece of malware out there. None. Some are better than others, some catch more than others, but none of them catch everything.
So as you might expect, trying several different reputable tools might be a reasonable approach. While there are several free alternatives to try, there are also several good commercial products as well that have garnered a good reputation. For example Malwarebytes' Anti-Malware has garnered some attention of late for removing some nasties that other tools apparently haven't gotten around to. Problem is, of course, that it's not free.
I also have to stress: stick with reputable tools. There's a tendency when infected to panic and download just about anything that claims to be an anti-malware tool. Don't. Do some research before downloading anything or you may well just make the problem worse instead of better.
Research Specific Removal Instructions
If your anti-malware software at least tells you what specific malware you're dealing with, even if it can't remove it, that's good information. Search for that named malware and you're likely to find specific removal instructions at one or more of the major anti-malware vendor sites. These instructions can often be intimidating, and somewhat technical, so take your time to follow them precisely, or get a techie friend to help.
Some sites offer tools you can download to remove specific malware. Use caution. When the tools are from reputable sources, they're great, and a quick way to avoid some hassle. When the tools are really just more malware in disguise, they'll only make your problems worse. Make sure that they come from somewhere you know and trust.
Surrender
This is the only sure-fire way to remove any virus. 100%. Guaranteed.
In fact, it's the only way to know that you've removed a virus. Once infected, none of the steps above are guaranteed to remove all malware, even if they report that things are clean. Once infected, all bets are off - an infection could, in fact, fool anti-malware software into thinking that everything is fine even when it's not. There's just no way to know.
The only way to be absolutely positive that you've removed any and all viruses is:
-
Backup, if you haven't already, your data, and perhaps the entire system.
-
Reformat, erasing the entire hard disk of everything - the operating system, your programs, your data and most important of all: any and all viruses and malware.
-
Reinstall everything, from scratch. Reinstall the operating system from your original installation media. Reinstall applications from their original media or saved downloads.
-
Update everything, in particular making sure to bring Windows as completely up to date as possible for the most current protections against all known and patched vulnerabilities. Applications and particularly anti-malware software should be updates as well.
-
Restore your data by carefully copying it back from the backups you created. By "carefully" I mean taking care to only copy what you need, so as not to copy back the virus.
-
Learn from the experience.
Now, I hope, you can see why prevention is so much less painful than the cure. Taking a few extra steps to keep things up to date, avoiding those cute virus-laden downloads and attachments, and just generally learning how to stay safe is much easier than the recovery process I've just outlined.
A final note: it's not your fault, but it is your responsibility to do the basics to stay safe when you use your computer. Yes, in an ideal world we'd never have to worry about malware or "bad guys" trying to fool us into doing things we really shouldn't. This isn't an ideal world; software isn't perfect and never will be, and there will always be someone out to scam the vulnerable. Even though it's not your fault, you still need to take responsibility for becoming educated and taking steps to stay safe.
Right or wrong, it's just a practical reality.
Article C3811 - July 16, 2009
First, I would run my anti-virus program, then choose the "check for updates" to make sure that it is, then choose "complete system scan" or "full system scan" to see if it finds anything. Then try a adware scanner. Ad-Aware has a pretty good one you can use manually for free. You do have to buy it if you want continuous automatic protection.
Posted by: Chris at January 18, 2010 7:23 AMReformatting and reinstalling often works out quicker in the long run and gives a very satisfying feeling of victory..
Posted by: johnpro2 at February 23, 2010 1:35 PMThe only weakness is any reinstalling data ..only do this for critical stuff otherwise you have a higher risk of reinfection.
Jp
I have a virus that won't allow me to do anything on the computer anymore, once it is up and running. How do I get to the point of reformatting and reinstalling. Don't I need a boot disk or something?
Posted by: Brian at March 10, 2010 8:11 AMGood article Leo, very informative. From this article can you please tell me in more detail the steps I need to take from "The only way to be absolutely positive that you've removed any and all viruses is: backing up the computer down to restoring the data." I need a step by step explanation about how to do that. cheers.
Posted by: Andrew at March 16, 2010 2:09 AMA few months ago I got an Antivirus Program pop-up and it took over my computer completely. Every single program I clicked on said it had a trojan. It recommended that I purchase their antivirus program to remove the virus (they installed!). They even sent an official-looking Microsoft screen that recommended I buy their program. After 5 hours of trial, error and tears, the easy solution was to reboot in Safe Mode and then choose "no" at one point so I could to go to System Restore while in Safe Mode. I then selected the first date and time (yesterday) when I didn't have this infection to restore my computer to. I let the computer do it's restoration and it automatically rebooted, and my computer was clean and working perfectly again. SAFE - EASY - EFFECTIVE SOLUTION! It's been fine for months now. I hope this helps others.
Posted by: Judi at March 16, 2010 11:27 AM