Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

My anti-virus performed a virus removal but I still have a symptom, how do I get rid of it?

Question:

My machine was recently infected by a worm called _____. My
anti-virus removed it, but I am still getting _____. How do I fix that
last left-over symptom?

That’s a composite question since I get many variations of it on a
regular basis.

The scenario is simple: you’ve been infected with a virus of some
sort, and your anti-virus program reports, much to your great relief,
that it has cleaned it out for you. And yet, there’s some nagging
leftover specific symptom.

The solution isn’t nearly as simple as the scenario.

]]>

If you have left over symptoms, of any sort, then it’s clear that the virus has not been eradicated from your system.

That, at least, seems fairly obvious. Here’s the non-obvious version:

Even if you don’t have leftover symptoms then the virus still may not have been eradicated from your system.

Read that last sentence again, because I want to make sure you understand what it implies.

“How do you know – I mean really know – that the virus has been completely removed?”

You get a virus. You clean it up. Your anti-virus program says it’s gone. Your computer behaves normally. Nothing would appear to be amiss.

And yet …

How do you know – I mean really know – that the virus has been completely removed?

Answer: you don’t.

So my answer to your question is this: you can spend a lot of time and effort attempting to track down that last symptom or whatever it is your experiencing, but even if you’re successful at getting rid of it, you’ve proved nothing. Your system may still be infected.

In fact, the fact that there’s a leftover symptom proves that your anti-virus program or whatever other technique you used failed to remove everything.

The rule is this:

Once your machine is infected, it’s not your machine anymore.

I’ve discussed this before, but the fact is that once you’ve become infected there is simply no way to completely remove the virus, and know that you’ve removed all traces of a virus. There are exactly two approaches that work:

  • restore from your most recent complete backup prior to the infection.

  • reformat your hard disk and reinstall the operating system from scratch.

If you haven’t been backing up, then really you have only one option.

Yes, that’s painful. Very painful.

That’s why prevention – through appropriate tools, technologies and behaviors – is so much easier and cheaper than the cure.

OK, so I know that you don’t want to follow my advice. You were infected, you have a symptom, and you’re not about to reformat your machine just to get rid of it, even though I’m telling you that you should.

Here are some things to try:

Google the specific symptom – be as specific as you can be when you search. The problem is that each of these leftover issues will likely have its own unique set of removal instructions. And there are probably thousands of different little issues like this – there no single place you’re going to find all the answers.

Use System Restore – I don’t recommend it as a solution by itself but it’s possible that it may help in certain situations with certain symptoms.

Try a repair install of Windows – as part of a longer series of steps a repair install may re-install enough of the system or its settings so as to get rid of the symptom you’re experiencing.

Moving forward I’d also want you to learn from this lesson and take some steps to protect yourself more completely in the future so you don’t have to travel this path again.

Start backing up! Regular backups are the closest thing to a silver bullet that can save you from just about any kind of problem.

Learn to use the internet safely! You don’t have to get infected – ever – if you follow some simple rules, and use some simple tools.

But for today’s scenario, for today’s infection, and for today’s left-over symptom I have to repeat myself: the only sure solution is a reformat and reinstall.

Sorry.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

8 comments on “My anti-virus performed a virus removal but I still have a symptom, how do I get rid of it?”

  1. How do I remove Rapid Antivirus? Norton 360 v2.0 will not unless I pay extra an extra $100 on top of what the program itself cost.

    Reply
  2. i like the answers you are giving and you are so right the only way to get rid and i do mean totally rid a virus or anything that slows your computor down is to fdisk and reformat and download windows again. , which alot of people just dont know how to do this. maybe you could run an article on this procedure, it would save people alot of headaches if they knew how to. i’m a self taught person and i learned alot from mostly library books but also from your site keep up the super work. p.s. free antivirus is available at avast go to c/net downloads for free. you might want to pass this on. thanks for being. john.

    Reply
  3. G’day Leo. I agree with John, perhaps an article on backing up would be a good one for the new year. i have had computers for about 8 years and have never done a back-up, as i don’t know how!
    Happy New Year, Al.

    Reply
  4. This is my personal instructions on virus removal.
    Ive passed it along to hundreds of people
    and it works every time.
    And i use both programs..and have been
    attacked by the xp-2008-2009 trojan
    and it has not entered my computer.
    I use this everyday helping someone.
    This must be done first……
    Steps to turn off System Restore
    1. Click Start, right-click My Computer, and then click Properties.
    2. In the System Properties dialog box, click the System Restore tab.
    3. Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
    4. Click OK.
    5. When you receive the following message, click Yes to confirm that you want to turn off System Restore:

    Then download this but don’t buy it…just
    use it to get rid of the trojan…
    http://www.malwarebytes.org/rogueremover.php
    Once the trojans are removed then you
    need these 2 programs for better protection..

    http://www.personalfirewall.comodo.com/download_firewall.html

    http://www.comodo.com/boclean/CBO_download.html

    Firewall comes with a Toolbar-you don’t need it.
    Just Uncheck the box for it.

    Reply
  5. There is one further point to make, and it is this: even if you have been backing up and have a complete image of the system that you can roll back to, you cannot be sure it was made prior to the infection unless it was made immediately after installing the operating system, and before connecting the computer to a network (local network or the Internet). So, for truly paranoid people like myself, reformatting and reinstalling is still required. The backup therefore just gives you the ability to selectively restore data you’ve created, as long as proper precautions are taken.

    Furthermore, there are any number of possible infections that are not obvious, or even apparent to even the most technical users (I’m thinking spambot trojans, which survive longer if they can hide from the computer operator). It’s a truly terrifying world out there for us paranoid people.

    Reply
  6. I just spent a couple of days trying to clear a rogue program called WiniGuard off my neighbour’s computer. I tried two different virus programs, Avira and AVG. Neither one would update and WiniGuard alerts keep popping up.

    The problem other than updating the antivirus was trying to research on an hijacked browser. I kept getting sent to other web pages.

    I finaly did get what I thought was enough data to get rid of it;The program folder, reg entries, and a few extra ones in the System32 folder (baloon.exe and cfrog.exe).

    Still, the browser was hijacked and the antivirus (AVG) was un-updated. I downloaded the updates from my computer burned them on a CD and used the option in AVG to update manually from folder.

    Updated successful, but scanner didn’t seem to be scanning anything. So I restarted in Safe Mode, and ran their scanner there. It removed a few items one being a file called autorun.inf (from another virus program). Did some more resaerch, checked for associated files…luckily found none.

    Everything seemed to be clean but then every time Internet Explorer started up AVG would complain about an infected file called msqpdxiveoypff.dll with Trojan horse Generic 12.AH1J.

    Using Hijackthis I was able to delete this threat but still no updates. A day later I tried again and found some WiniGuard traces had reappeared. Deleated them as before, finally I was able to get eniugh control of the browser to download Malewarebytes and update it. It SEEMS to have taken care of the rest.

    AVG is now updating normally. Formating and reinstalling Windows from scratch is not an option when you don’t have a CD and don’t have the finances to buy one.

    Reply
  7. i would like to know how to get this off my comp i wasnt home my boyfriend was i am not sure what happened and i cant even get into remove programs its called secutity tool number is 500625

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.