Follow this guide to Remove a virus safely and easily.
You may want to print this guide out to make it easier...
Most viruses today lock down your computer making it virtually impossible to take control back. The challenge when removing them is regaining enough control so as to allow you to remove the infection.
Some tools which are essential to the removal process are:
1) RKILL, Malwarebytes anti malware, windows safe mode, hijackthis and alot of patientce.
Taking back control
Firsts disconnec the computer from the internet to avoid re-infection during the virus removal. If you are lucky and the infection hasn't completely taken over you can install free malwarebytes and it will automatically remove the infection, typically this program takes 45 minutes to an hour to complete. I prefer to
run a few other tools first to ensure i can take control before i try malwarebytes.
1)RKILL this is an amazing script which when run shuts down any active viruses. By running it, you stop the viruses allowing you to take back control and remove them.
2)empty the temporary folders: viruses have a habit of saving themselves here so run a tool like ccleaner to empty the temporary folders.
3)Taskmanager: this is a part of windows it allows you to view all things running on your computer, if a virus is
visible in taskmanager you can right click on it and choose kill process tree. To use taskmanager you must understand a few basics. The computer always has things running in the background, taskmanager shows you a list of PROCESSES which are running in the background. By "killing" the processes related to a virus you give yourself more control of the computer. So what to do: pres Ctrl Alt Del, go to the processes tab of taskmanager and look at the names of the processes, a virus will have a very random name such as dgsdfgsdgf or 24123423 if you see any names similair to this in the processes right click them and kill process tree.
A more advanced process explorer (like taskmanager) you could try is sysinternals process explorer. After a bit of practice you will get to know what process to kill and what to keep active.
4)SAFEMODE: this mode of windows is activated by pressing the f8 key when the computer starts up. Safemode starts windows with the bare minimum processes to make it work. This is good for us as most viruses will not have active processes in safemode and therefore we have more control in safemode and can remove the infection.
In safemode: get a copy of malwarebytes on usb stick and install it in safemode. You will need to have the computer connected to the internet for updates. Internet connectivity in safemode is limited to direct cable connection so wireless internet will not work.
Run malwarebytes and reboot the computer.
5)Last but not least Hijackthis: Run this program to see a list of all things that start when your computer starts. You can do more harm than good if you make a mistake here so be thorough and precise. When you run hijackthis it makes a log file. Copy this logfile and upload it to www.hijackthis.de. This site will analyze it and tell you which lines in the hijack this progams can be fixed/removed. Anything that comes up as nasty must be removed using hijackthis.
6)Install another antivirus such as avast free and see if it comes up with any more infections. The nice thing about avast is it can run a boot time scan. A boot time scan is a virus scan which runs when your computer starts before windows is fully loaded. This boot time scan has more control over any possible infections as it is run before windwos fully loads. Run this scan.
7) This method is not complete however it does cover most of the basics and should allow most people to remove a stubborn infection. Another important point is re-infection, visiting bad sites will cause re-infection. I hope this was informative. If you want to learn more ask me a question and i will endeavour to answer and help you along the way.
Most viruses today lock down your computer making it virtually impossible to take control back. The challenge when removing them is regaining enough control so as to allow you to remove the infection.
Some tools which are essential to the removal process are:
1) RKILL, Malwarebytes anti malware, windows safe mode, hijackthis and alot of patientce.
Taking back control
Firsts disconnec the computer from the internet to avoid re-infection during the virus removal. If you are lucky and the infection hasn't completely taken over you can install free malwarebytes and it will automatically remove the infection, typically this program takes 45 minutes to an hour to complete. I prefer to
run a few other tools first to ensure i can take control before i try malwarebytes.
1)RKILL this is an amazing script which when run shuts down any active viruses. By running it, you stop the viruses allowing you to take back control and remove them.
2)empty the temporary folders: viruses have a habit of saving themselves here so run a tool like ccleaner to empty the temporary folders.
3)Taskmanager: this is a part of windows it allows you to view all things running on your computer, if a virus is
visible in taskmanager you can right click on it and choose kill process tree. To use taskmanager you must understand a few basics. The computer always has things running in the background, taskmanager shows you a list of PROCESSES which are running in the background. By "killing" the processes related to a virus you give yourself more control of the computer. So what to do: pres Ctrl Alt Del, go to the processes tab of taskmanager and look at the names of the processes, a virus will have a very random name such as dgsdfgsdgf or 24123423 if you see any names similair to this in the processes right click them and kill process tree.
A more advanced process explorer (like taskmanager) you could try is sysinternals process explorer. After a bit of practice you will get to know what process to kill and what to keep active.
4)SAFEMODE: this mode of windows is activated by pressing the f8 key when the computer starts up. Safemode starts windows with the bare minimum processes to make it work. This is good for us as most viruses will not have active processes in safemode and therefore we have more control in safemode and can remove the infection.
In safemode: get a copy of malwarebytes on usb stick and install it in safemode. You will need to have the computer connected to the internet for updates. Internet connectivity in safemode is limited to direct cable connection so wireless internet will not work.
Run malwarebytes and reboot the computer.
5)Last but not least Hijackthis: Run this program to see a list of all things that start when your computer starts. You can do more harm than good if you make a mistake here so be thorough and precise. When you run hijackthis it makes a log file. Copy this logfile and upload it to www.hijackthis.de. This site will analyze it and tell you which lines in the hijack this progams can be fixed/removed. Anything that comes up as nasty must be removed using hijackthis.
6)Install another antivirus such as avast free and see if it comes up with any more infections. The nice thing about avast is it can run a boot time scan. A boot time scan is a virus scan which runs when your computer starts before windows is fully loaded. This boot time scan has more control over any possible infections as it is run before windwos fully loads. Run this scan.
7) This method is not complete however it does cover most of the basics and should allow most people to remove a stubborn infection. Another important point is re-infection, visiting bad sites will cause re-infection. I hope this was informative. If you want to learn more ask me a question and i will endeavour to answer and help you along the way.
