Getting rid of a virus usually starts with assessing the effects of the virus infection to determine the likelihood of removing it.
If the infection is new or recent, you can try using a restore point to set the computer back to the way it was before the infection set it. (Start | All Programs | Accessories | System Tools | System Restore). Select a date prior to the infection.
Can you still use the Windows Task Manager (ctrl-alt-del OR r-click on the task bar)? If the Task Manager won't start - you have a serious problem and will require additional effort.
In the Task Manager, click on the Processes tab to show the running processes. Then sort on the CPU column to bring the busiest processes to the top of the list.
Assuming that the virus has the computer so busy that you can't do anything, begin by turning off the processes that are hogging the CPU. R-click on the process and select "End Process Tree." (Obviously you can't terminate critical Windows processes like lsass, csrss, explorer, etc. and the system will tell you so).
Look for things like iexplore, Firefox, Limewire or other internet facing applications that are using up the CPU. The purpose here is to get some performance back so you can do more work on the virus removal. This may not be effective since a virus can hide their running processes.
Now, start with your antivirus scanner. Obviously the one you have didn't work and has probably been disabled by the virus infection. If you can still connect to the internet, try using one of the online scanners from the antivirus companies (Panda, Avast, Kaspersky, etc.) to scan the computer with a fresh scanner.
Then, download a new antivirus program, if you can, and install/update it. Run the scan and follow the prompts to deal with the infectious files. If the scanner doesn't find anything, then boot into Safe Mode (pressing F8 during startup) and try the scan again.
If the antivirus scanner still finds nothing, then it's time to try a more specialized scanner like MalwareBytes and Combofix. These are easily found on the internet and do a good job of finding things that traditional scanners may not find.
Try to assess the severity of the infection as soon as you can. You can spend hours trying to resolve the symptoms caused by a virus infection. Only, to find that, in the end, it couldn't be removed. The Malware Removal Guide will help you make that determination.
Don't get caught up in the symptoms, they are manifested by the infection and are often caused by modifications made to the operating system by the virus. These modifications change the same operating system functions that are used by antivirus scanners. If so, then the scanner will never find the virus.
If this is the case, then you'll need a more drastic repair than just looking for a file containing the virus. Back up your data, zero-fill the hard drive and reinstall the operating system.
If that's beyond your ability, contact your local repair shop (this is not a job for an onsite repair) and ask them if they know about rootkits and how to deal with them (not many do).
Post a Comment