Helping people with computers... one answer at a time.

Once infected knowing that you've removed a virus totally is theoretically impossible. In reality we most often assume that it can be done anyway.

How do i totally delete a virus on my computer? I have scanned and cleaned my computer when I got a trojan not long ago, but I still think it's just lurking in my computer.

It kind of depends on why you think it's still lurking. If subsequent scans still show that you're infected, that's pretty obvious, but if it's just that you're uncomfortable and don't know ... well, I'm not sure how to make you feel better.

Well, I shouldn't say that. There is, in fact, one way to make sure that you're no longer infected. In fact, to be completely honest, it's the only sure way.

But you're not going to like it.

The rule of absolute security is this: once your machine has been infected by anything, you can no longer trust it. At all. Ever.

The reason is that you have no idea what the infection did. What you do know is that the infection allowed someone with malicious intent access to your machine to do whatever they want to with it. The problem is that there is no way to be absolutely positively certain you know what they did, and thus no way to be absolutely positively certain that you've removed it. You have to assume that your machine is still "owned" by that malicious attacker.

"You have to assume that your machine is still 'owned' by that malicious attacker."

That's both scary, and annoying.

So, the only way to know that you've totally deleted a virus is either:

  • Reformat and Reinstall everything from scratch. The operating system, the applications, all patches and updates, and your data. Everything.

  • Restore from a backup that was known to have been taken before the infection occurred.

The problem is that for most folks, either of those two approaches are impractical, or simply too much effort for the risk.

But if you're serious about security and need to be 100% certain, those are your options.

The more common approach is to scan with multiple up-to-date anti-virus (and perhaps anti-spyware) products until they all report things are clean. Yes, you do take on some risk that they missed something, but from a purely pragmatic perspective, nine times out of ten you're probably just fine doing this.

Probably.

As you can see, this is why we focus so much on prevention of infection over recovery. Prevention, once in place, is significantly less costly than recovery from a problem.

Article C3396 - May 26, 2008 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

12 Comments
mat
May 26, 2008 8:28 PM

Reformat and reinstall. Next, activate Windows Firewall, WindowsDefender and virus guard. Then, updates.

Mary
May 27, 2008 5:16 AM

And one caution. Don't have two antivirus programs running real time monitoring (AKA: live scans) at the same time. They could cause your compuer to crash.

http://ask-leo.com/can_i_run_more_than_one_antivirus_program_antispyware_program_firewall_should_i.html

gladys vasquez
May 27, 2008 9:38 AM

Every time i run norton antivirus i get the following message: tracking cookies security risk 'yield manager',and other cookies that i dont remember the names, also I received one message one time only that hpasset.exe,hpdiags.exe behaved suspiciously and made modifications to windows start up.Do you think my computer is in trouble??

george mastry
May 27, 2008 10:42 AM

I have an issue with Housecall. As I'm writing this, for an hour the little red bar on lower left has been back and forth with the 'opening Trend Micro housecall.' I have tried this before with the same result, never leaves the 'opening' page. I have Vista Premium with 2G of RAM. Never leaves the status page. O.K. what am I doing wrong? George in AZ

Michael Horowitz
May 27, 2008 10:59 AM

I completely agree with Leo.

Lorne Babcock Sr.
May 27, 2008 2:00 PM

There is a only one way to be absolutely sure that you have removed a virus from your computer and that is to do a full format and reinstall.

I have been doing computer work in a small business for years and I have learned over the period of time that while the format and reinstall is tedious you will save time and money in the end. You could use Acronis and as soon as you have done your reinstall and your updates you could then backup your system using Acronis to a USB hard drive. You would then disconnect the drive and put it away somewhere until you need to do a reinstall and then and only then would you bring it back and reinstall from the drive. I have not gone to quite that extreme except that I have made backups to more than one drive on my system with the hope that if I do get something especially virulent it will not have inserted itself on the other drives and especially into the backup which as far as I know will not happen but I have always tried to error on the side of extreme caution.

When I do a format and full reinstall I always disconnect from the Internet. When the install has been done and all of the drivers have been installed I then do my backup but I do not go on the Internet to do any updates from Microsoft until I have done my backup using Acronis. I will then reconnect to the Internet and do my downloads from Microsoft. When you need to do a backup you can go ahead and do so but you should remember that you will have to go to Microsoft and get their updates because those will not be in your backup.

I always backup to more than one place just in case my first backup is corrupted. That is to say I backup my system to D. drive and to E.Drive. That way if the one backup by some unlucky chance is no good I will then have a second similar backup on another drive.

hw
May 27, 2008 3:00 PM

I just removed some Trojans that were missed by both Avira and Avast Antivirus, and Panda Online ActiveScan (couldn't maintain an online connection long enough to complete an online scan). I used SUPERAntiSpyware (free) which I had downloaded with another computer, and it seemed to be extremly thorough.

Linda
May 27, 2008 9:21 PM

I wholeheartedly agree with Michael H. His backup strategy is good. In addition to this good advice I'm going to add that I partitioned my main drive to 4 separate partitions (system, docs/pics/music, video, programs). I backup using Acronis to an external drive. That way, if I lose my pictures,video, etc I can get them back without having to re-image everything.

One more thing I might add: I have my "quick" drivers on a flash drive AND the external drive just in case, God forbid, that I have to reformat:

Chipset
SP2 with slipstreamed updates (haven't downloaded SP 3 yet)
Video driver
Audio driver
Ethernet driver

Since I'm on satellite I'm limited to 200MB per day so the SP2 slipstreamed would help tremendously.

ben
May 28, 2008 2:30 AM

just keep the smallest possible partition for the op. system with only essentials on it then spend a few minutes reinstalling so never worry about malware again tho i do use endpoint reinstalling can be a lot quicker than fully removing malware guess i am lucky tho or have a good protecton on my various computers ( famous last words} still i don't care if i do get malware easy to erase and fun to examine

fastfreddie1959
June 3, 2008 12:35 PM

Everyone here is missing 1 important thing to do
before you run your antispyware scan.
This is a must do.
*Turn off system restore first*.
Then run your antispyware or antimalware programs.
Just adding my 2cents worth.

Ojara Wolis OWA Uganda Limted
June 2, 2011 1:58 AM

I have been working in my small computer repair business here in Gulu Uganda, believe me the only way to be sure you are safe is to format and do a fresh install of all the programs and backing up thereafter!

bibs
June 19, 2012 10:12 AM

my memory card just infected by a virus, and I cant read the picture. How to recover the memory card without loosing the picture?

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.