Summary: Once you've been infected with a virus or other malware, there are steps you can take to try to remove it, but only one approach is guaranteed to work.
I opened a screen saver program & was rewarded with a trojan. It attached itself to the task bar and sends pop ups which shows me a private security program I do not want or need. I have McAfee installed. What should I do.
•
I'm revisiting this question because it's another one that shows up every day. The scenarios may be different, but the problem is the same: someone's machine has been infected with a virus or other form of malware, and they're having trouble getting rid of it.
Often, as is the case above, with anti-malware software installed that "should" have taken care of it.
What to do, what to do...
•
The one thing I want you to remember from this article is simply this: prevention is much less painful than the cure. As we'll see in a moment, the steps that may be required to remove malware can be painful and time consuming. Keeping your machine and anti-malware software up to date, following internet "common sense" and generally knowing how to stay safe on the internet is much, much easier in comparison.
So, let's look at what to do when prevention has failed.
Update the Anti-Malware Database.
If you have anti-malware software installed, make sure that it's up to date. Not just the software, but the database of malware definitions. Almost all anti-malware software uses a database of definitions of current malware, which needs to be updated regularly - often daily. Most programs will do this automatically, but if for some reason they do not then the programs will not "know" about newer malware. Make sure that the database is up to date, and rescan.
Try Another Anti-Malware Tool
No anti-malware tool catches all malware. I'll say it again: there is no single tool that will catch every single piece of malware out there. None. Some are better than others, some catch more than others, but none of them catch everything.
So as you might expect, trying several different reputable tools might be a reasonable approach. While there are several free alternatives to try, there are also several good commercial products as well that have garnered a good reputation. For example Malwarebytes' Anti-Malware has garnered some attention of late for removing some nasties that other tools apparently haven't gotten around to. Problem is, of course, that it's not free.
I also have to stress: stick with reputable tools. There's a tendency when infected to panic and download just about anything that claims to be an anti-malware tool. Don't. Do some research before downloading anything or you may well just make the problem worse instead of better.
Research Specific Removal Instructions
If your anti-malware software at least tells you what specific malware you're dealing with, even if it can't remove it, that's good information. Search for that named malware and you're likely to find specific removal instructions at one or more of the major anti-malware vendor sites. These instructions can often be intimidating, and somewhat technical, so take your time to follow them precisely, or get a techie friend to help.
Some sites offer tools you can download to remove specific malware. Use caution. When the tools are from reputable sources, they're great, and a quick way to avoid some hassle. When the tools are really just more malware in disguise, they'll only make your problems worse. Make sure that they come from somewhere you know and trust.
Surrender
This is the only sure-fire way to remove any virus. 100%. Guaranteed.
In fact, it's the only way to know that you've removed a virus. Once infected, none of the steps above are guaranteed to remove all malware, even if they report that things are clean. Once infected, all bets are off - an infection could, in fact, fool anti-malware software into thinking that everything is fine even when it's not. There's just no way to know.
The only way to be absolutely positive that you've removed any and all viruses is:
-
Backup, if you haven't already, your data, and perhaps the entire system.
-
Reformat, erasing the entire hard disk of everything - the operating system, your programs, your data and most important of all: any and all viruses and malware.
-
Reinstall everything, from scratch. Reinstall the operating system from your original installation media. Reinstall applications from their original media or saved downloads.
-
Update everything, in particular making sure to bring Windows as completely up to date as possible for the most current protections against all known and patched vulnerabilities. Applications and particularly anti-malware software should be updates as well.
-
Restore your data by carefully copying it back from the backups you created. By "carefully" I mean taking care to only copy what you need, so as not to copy back the virus.
-
Learn from the experience.
Now, I hope, you can see why prevention is so much less painful than the cure. Taking a few extra steps to keep things up to date, avoiding those cute virus-laden downloads and attachments, and just generally learning how to stay safe is much easier than the recovery process I've just outlined.
A final note: it's not your fault, but it is your responsibility to do the basics to stay safe when you use your computer. Yes, in an ideal world we'd never have to worry about malware or "bad guys" trying to fool us into doing things we really shouldn't. This isn't an ideal world; software isn't perfect and never will be, and there will always be someone out to scam the vulnerable. Even though it's not your fault, you still need to take responsibility for becoming educated and taking steps to stay safe.
Right or wrong, it's just a practical reality.
Related:
-
Internet Safety: How do I keep my computer safe on the internet? Internet Safety is difficult and yet critical. Here are the seven key steps to internet safety - steps to keep your computer safe on the internet.
-
What Security Software do you Recommend? I have recommendations for specific products in various places on the site. Here's a short single page summary.
-
My anti-virus performed a virus removal but I still have a symptom, how do I get rid of it? Your anti-virus program may claim successful virus removal, but if symptoms remain then clearly the job's not really done.
Article C3811 - July 16, 2009
Malwarebytes is in fact free, and a GREAT removal program. The only things extra you get from the payed version is, real-time protection, and automatic updates. But the free version, you can just easily hit the Update button to get all the definitions, and use the On-Demand scans.
-Mike
Posted by: Michael at July 21, 2009 10:48 AMGood article, but surprised you didnt mention rolling back your XP/Vista to a system restore point before the date you noticed the pop up, its worked for me, and a lot easier task for most people than full system restore.
22-Jul-2009
Posted by: GloucesterBob at July 21, 2009 1:46 PM
I had a very bad piece of spyware/malware on my computer and went to Microsoft security update and downloaded the OneCare software online. Yep! This did the trick. It killed it. Thank you, Microsoft.
Posted by: Steve Garza at July 22, 2009 12:38 PMThe only way to truly get rid of a virus is to fully reformat the machine. I keep all my data on an external drive, and anything that I download is on my main drive first. That way, my data is never affected. Backup of course anyway though.
Posted by: Carl R. Goodwin at July 22, 2009 9:33 PMThere is another approach, one that is more reliable than using anti-malware software from inside the infected OS and less drastic than a total re-format -> scan for malware from outside the infected OS, without actually running the infected OS. I wrote a trio of articles on this which are summarized here:
Removing malware is best done from the outside
Posted by: Michael Horowitz at July 28, 2009 7:42 PMhttp://blogs.computerworld.com/removing_malware_is_best_done_from_the_outside
For the most terrible malware I have found that ComboFix does a great job.
Posted by: Tim Buckman at October 13, 2009 3:07 PMHOW DO I REMOVE UPDATER.EXE? I TRIED USING TASK MANAGER, DIDN'T WORK. I TRIED USING MALWAREBYTES, NO GOOD.
Posted by: GARY WATSON at October 21, 2009 4:01 PMBest way is to remove hard drive, put in different computer and run anti-virus on it.
Posted by: Judy at October 25, 2009 8:38 AMI have updated my antivirus and then run that in safe mode,it worked and killed it.Kasper sky works on malware too.
Posted by: vikas at October 31, 2009 3:48 AMMY external hard drive; can it be infected too? will moving material back and forth re-infect the re-programmed computer?
div class="leocomment">It is possible, yes. Some malware can, and does, spread through external and portable drives.
18-Nov-2009
Posted by: bk at November 17, 2009 6:32 PM