Helping people with computers... one answer at a time.
Once you've been infected with a virus or other malware, there are steps you can take to try to remove it, but only one approach is guaranteed to work.
I opened a screen saver program & was rewarded with a trojan. It attached itself to the task bar and sends pop ups which shows me a private security program I do not want or need. I have McAfee installed. What should I do.
•
I'm revisiting this question because it's another one that shows up every day. The scenarios may be different, but the problem is the same: someone's machine has been infected with a virus or other form of malware, and they're having trouble getting rid of it.
Often, as is the case above, with anti-malware software installed that "should" have taken care of it.
What to do, what to do...
•
The one thing I want you to remember from this article is simply this: prevention is much less painful than the cure. As we'll see in a moment, the steps that may be required to remove malware can be painful and time consuming. Keeping your machine and anti-malware software up to date, following internet "common sense" and generally knowing how to stay safe on the internet is much, much easier in comparison.
So, let's look at what to do when prevention has failed.
Update the Anti-Malware Database.
If you have anti-malware software installed, make sure that it's up to date. Not just the software, but the database of malware definitions. Almost all anti-malware software uses a database of definitions of current malware, which needs to be updated regularly - often daily. Most programs will do this automatically, but if for some reason they do not then the programs will not "know" about newer malware. Make sure that the database is up to date, and rescan.
Try Another Anti-Malware Tool
No anti-malware tool catches all malware. I'll say it again: there is no single tool that will catch every single piece of malware out there. None. Some are better than others, some catch more than others, but none of them catch everything.
So as you might expect, trying several different reputable tools might be a reasonable approach. While there are several free alternatives to try, there are also several good commercial products as well that have garnered a good reputation. For example Malwarebytes' Anti-Malware has garnered some attention of late for removing some nasties that other tools apparently haven't gotten around to.
I also have to stress: stick with reputable tools. There's a tendency when infected to panic and download just about anything that claims to be an anti-malware tool. Don't. Do some research before downloading anything or you may well just make the problem worse instead of better.
Research Specific Removal Instructions
If your anti-malware software at least tells you what specific malware you're dealing with, even if it can't remove it, that's good information. Search for that named malware and you're likely to find specific removal instructions at one or more of the major anti-malware vendor sites. These instructions can often be intimidating, and somewhat technical, so take your time to follow them precisely, or get a techie friend to help.
Some sites offer tools you can download to remove specific malware. Use caution. When the tools are from reputable sources, they're great, and a quick way to avoid some hassle. When the tools are really just more malware in disguise, they'll only make your problems worse. Make sure that they come from somewhere you know and trust.
Surrender
This is the only sure-fire way to remove any virus. 100%. Guaranteed.
In fact, it's the only way to know that you've removed a virus. Once infected, none of the steps above are guaranteed to remove all malware, even if they report that things are clean. Once infected, all bets are off - an infection could, in fact, fool anti-malware software into thinking that everything is fine even when it's not. There's just no way to know.
The only way to be absolutely positive that you've removed any and all viruses is:
-
Backup, if you haven't already, your data, and perhaps the entire system.
-
Reformat, erasing the entire hard disk of everything - the operating system, your programs, your data and most important of all: any and all viruses and malware.
-
Reinstall everything, from scratch. Reinstall the operating system from your original installation media. Reinstall applications from their original media or saved downloads.
-
Update everything, in particular making sure to bring Windows as completely up to date as possible for the most current protections against all known and patched vulnerabilities. Applications and particularly anti-malware software should be updates as well.
-
Restore your data by carefully copying it back from the backups you created. By "carefully" I mean taking care to only copy what you need, so as not to copy back the virus.
-
Learn from the experience.
Now, I hope, you can see why prevention is so much less painful than the cure. Taking a few extra steps to keep things up to date, avoiding those cute virus-laden downloads and attachments, and just generally learning how to stay safe is much easier than the recovery process I've just outlined.
A final note: it's not your fault, but it is your responsibility to do the basics to stay safe when you use your computer. Yes, in an ideal world we'd never have to worry about malware or "bad guys" trying to fool us into doing things we really shouldn't. This isn't an ideal world; software isn't perfect and never will be, and there will always be someone out to scam the vulnerable. Even though it's not your fault, you still need to take responsibility for becoming educated and taking steps to stay safe.
Right or wrong, it's just a practical reality.
Article C3811 - July 16, 2009
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
Forgot situations that you get your bios flashed.:) There is viruses that infect bios too.:) You can't reformat the drive for those.
Posted by: I am not Leo too at March 24, 2010 4:36 AMThe guy in the computer shop said BIOS virus infections are very rare because not many folk use floppy disks anymore.This is where most of them used to be introduced many years ago ..as I recall.
Jp
Posted by: johnpro2 at April 25, 2010 5:13 PMi am a XP user .but recently i am effacted a virus.i have allready avira its allready updated.but it cant do nothing.the did in my pc like that:- i am working but suddenly everything is close and i dont get time to save.and whan i on task manager i got JIBANU.exe.what can i do
Posted by: robin at May 1, 2010 8:18 PMWhen viri disable the Task Manager and don't allow using RegEdit, I have often had success using a third party registry editor. However, occasionally, a virus may monitor the Registry value and set it right back to disable the T M right after you change it.
Posted by: Carlos Coquet at August 28, 2010 4:47 AMLeo,
You say:
“The only way to be absolutely positive that you've removed any and all viruses is:
* Backup [...]
* Reformat [...]
* Reinstall everything, from scratch [...]
* Update everything [...]“
Fine ... ... were it not for the following:
“
* Restore your data by carefully copying it back from the backups you created. By "carefully" I mean taking care to only copy what you need, so as not to copy back the virus.“
This is the catch.
For how could one possibly “only copy what you need, so as not to copy back the virus” ???!!!
Malware could lurk inside a data file that appears legitimate. How do I know that it is not hiding inside any one among hundreds of those nice photo images that I had downloaded over the web long time ago? ... ...
Johan
31-Dec-2010
Posted by: Johan at December 30, 2010 11:37 AM