How To Remove a Virus

From ASU HOWTO
Jump to: navigation, search

Contents

Tools You Will Need

There are several different programs you will need for this howto. These are the programs ResNet techs use at Computing Services, however, if you have a program you prefer you may try it instead.



Detecting Malicious Processes

Every program on your computer has a process associated with it. There are processes running that you don't even know about. Malicious software may be one of these processes. While the program is running it may evade detection by or even disable antivirus and antispyware programs. Rkill is designed to detect and stop these processes. This will allow you to more effectively scan your computer.

Note that some Malicious software may prevent all programs from running, except for the programs it wishes to run. However, there is one program most, if not all, viruses want you to run: explorer.exe. Before running Rkill it is recommended you rename the rkill file as explorer.exe. This will ensure the malicious software will allow the program to start.

Rkill.jpg


Cleaning Up Temp Files

Many viruses live in temp files and browsing cookies. Because of this it is a good idea to clean these out. Ccleaner will do this for us. When launching Ccleaner, be sure the "Cleaner" tab is selected in the upper left corner of the screen. Once this is done select the "Run Cleaner" button in the bottom right corner of the screen.

Ccleaner.jpg

The registry contains information vital to your computer. However, sometimes registry keys point to files that may have been deleted. Malicious software may use these keys to further manipulate you computer. Therefore, it is a good idea to locate and fix these keys. Once the cleaner has finished, select the registry tab on the left side of the screen. Select the "Scan for issues" button along the bottom of the screen. Once all issues have been found, select the "Fix selected issues" button. A button will appear asking if you would like to backup the registry before continuing. I have never had an issue with Ccleaner breaking the registry but I would recommend backing it up just in case just in case something goes wrong. Once you have made a backup, a window will appear that runs through each individual issue with a description of the problem. However, most of the time there are several hundred issues. If you don't want to run through each one, just click the "fix all issues" button. Many times fixing registery issues will create more. Run this scan multipe times until no other errors are found.

Ccleaner-registery.jpg

Removing Malicious Software

Now that you computer is cleaned lets remove the viruses themselves. You will now want to run Malewarebytes and SuperAntiSpyware. Here is a link to another wiki site describing how to properly run Malewarebytes. Both SuperantiSpyware and Malewarebytes run almost exactly the same. Both will update themselves as soon as they are installed. If the malicious software on your computer has disabled your internet connection, the programs will not update. Run the scan anyways to see if it will still catch the malicious software.

Regular maintenance

It is recommended you run the above scans at least once a week. This will ensure your computer says clean and free of malicious software. You do not need to run rkill every time. However, if your computer is not acting as it should it may not be a bad idea. If you do the steps above and your computer is still not acting as it should, bring your computer to Computing Services and a ResNet tech will take a look at it.

Personal tools
Categories