Get Rid of computer Virus or Malware Once and For All

Get Started

If your computer is showing any of these symptoms, it may be infected with malware or a virus. Follow the instructions below to remove malware and viruses from your computer and close major security holes in your operating system. If you have difficulty at any point, contact the IT Help Center.

IMPORTANT! If you suspect your University-owned computer is infected, STOP. Do not attempt to remove the virus or shut down your computer. Because this may constitute a data security incident, contact your IT Administrator or the IT Help Center immediately.

 

Step 1: Download/save all files & print this document

Before you can begin fixing your computer, you have to obtain the necessary files (below) and print this document. Your computer will not be connected to the network while you are disinfecting it, so you will not be able to access these files on the Web.

  • McAfee VirusScan Enterprise
  • Malwarebytes

Note: Even if you already have McAfee VirusScan installed, reinstall the latest version.

You can also get these instructions and software on CD from the IT Help Center by going to A109 LGRC Lowrise with your UCard. Each CD costs $3 and includes additional malware removal software and Windows updates not available directly from the UMass Amherst IT Web site. You can also download an .iso image of the CD free of charge and burn it to disc yourself:

Download a free ISO image of the IT Anti-virus CD

An ISO Image is similar to a zip file in that it groups several files into a single download that is easier to manage. When you burn this image to a CD, it produces a full copy of the IT Anti-virus CD from which you can install the software and updates you need to disinfect your computer. See Burn a CD in IT Computer Classrooms for more information.

Remember to print or save this document!

 

Step 2: Disconnect your computer from the network

Your computer should not be physically connected to a network (e.g., cable modem, DSL, wired Ethernet). Unplug the network cable from your computer and do not reconnect it until you have finished this process.

If you are connected to eduroam or another wireless network, follow these steps to disconnect your computer from wireless networks:

Disable Wireless Networking in Windows 7

  1. Go to Start > Control Panel > Network and Internet > Network and Sharing Center.
  2. In the left column, click Change adapter settings.
  3. A new screen will open with a list of network connections. Right-click Wireless Network Connection and select Disable.

 

Step 3: Disable System Restore

  1. Go to Start > Control Panel > System and Security.
  2. In the System and Security window, in the left pane, click System protection. The System Properties window will open with the System Protection tab selected.
  3. In the System Protection window, under Protection Settings (middle), select any drive where Protection is set to On, then click Configure.
  4. In the System Protection for (Disk Name) window, under Restore Settings, select Turn off system protection.
  5. Click OK. When prompted to confirm that you want to turn off system protection for this drive, click Yes.
  6. Click OK to close System Properties.

 

Step 4: Scan with Malwarebytes

Start Your Computer in Safe Mode

  1. Restart your computer. Then, while the computer is starting, press F8 repeatedly until you see the Advanced Boot Options menu. If you see the Windows startup logo, restart your computer and try again.
  2. On the Advanced Boot Options menu, select Safe Mode, then press Enter .

Install Malwarebytes

  1. Open the Malwarebytes install file mbam-setup.exe that you downloaded in Step 1 above.
  2. Follow the installation wizard instructions to install Malwarebytes’ Anti-Malware. For detailed information, see our Malwarebytes installation and scanning instructions

Scan for Malware

  1. Open Malwarebytes’ Anti-Malware and click the Scanner tab.
  2. On the Scanner tab, select Perform quick scan, then click Scan.
  3. If Malwarebytes detects a suspicious file, it will place it in quarantine. After the scan is complete, click the Quarantine tab and review the threats Malwarebytes detected.
  4. To delete a malware program, select its name and click Delete.

 

Step 5: Install Anti-Virus Software

Start Your Computer in Normal Mode and Install VirusScan 8

  1. Restart your computer. While the computer is starting, if you are prompted to select a boot option, select Start Windows Normally, and press Enter.
  2. Open vscan8x.exe and follow the prompts to install the software on your computer. For detailed information, see our VirusScan installation and scanning instructions.

Start your computer in safe mode

  1. Restart your computer. While the computer is starting, press F8 repeatedly until you see the Advanced Boot Options menu. If you see the Windows startup logo, restart your computer and try again.
  2. On the Advanced Boot Options menu, select Safe Mode and press Enter .

Scan for viruses

  1. Go to Programs > McAfee > On-Demand Scan. The VirusScan On-Demand Properties – Full Scan window will open.
  2. On the VirusScan On-Demand Scan Properties – Full Scan window, select All local drives and click Start (at right). VirusScan will begin scanning your computer for viruses and malware. This will take some time, but it is important that you make sure the viruses have been removed.
  3. Take note of the names of any viruses found during your scan. You will need to report this to the IT Help Center before you can have your Internet access re-enabled.

 

Step 6: Enable System Restore

  1. Go to Start > Control Panel > System and Security.
  2. In the System and Security window, in the left pane, click System protection. The System Properties window will open with the System Protection tab selected.
  3. In the System Protection window, under Protection Settings (middle), select the backup drive you want to enable, then click Configure.
  4. In the System Protection for (Disk Name) window, under Restore Settings, select Restore system settings and previous versions of files.
  5. Click OK twice.

 

Step 7: Reconnect your computer to the network

Connect the network cable to your computer. To reconnect to a wireless network:

  1. Go to Start > Control Panel > Network and Internet > Network and Sharing Center.
  2. In the left column, click Change adapter settings.
  3. A new screen will open with a list of network connections. Right-click Wireless Network Connection and select Connect.

 

Step 8: Automatically update Windows software

  1. Go to Start > Control Panel > System and Security > Windows Update.
  2. In the Windows Update window, click Change settings (at left). The Choose how Windows can install updates screen will open.
  3. On the Choose how Windows can install updates screen, select Install updates automatically and under Install new updates: select a schedule for installation.
  4. Click OK. You will return to the Windows Update screen; your computer is now set up to automatically download and install updates from Microsoft.

Dialers, Trojans, Viruses, and Worms Oh My!

If you use a computer, read the newspaper, or watch the news, you will know about computer viruses or other malware. These are those malicious programs that once they infect your machine will start causing havoc on your computer. What many people do not know is that there are many different types of infections that are categorized in the general category of Malware.

Malware – Malware is programming or files that are developed for the purpose of doing harm. Thus, malware includes computer viruses, worms, Trojan horses, spyware, hijackers, and certain type of adware.

This article will focus on those malware that are considered viruses, trojans, worms, and viruses, though this information can be used to remove the other types of malware as well. We will not go into specific details about any one particular infection, but rather provide a broad overview of how these infections can be removed. For the most part these instructions should allow you to remove a good deal of infections, but there are some that need special steps to be removed and these won’t be covered under this tutorial.

Before we continue it is important to understand the generic malware terms that you will be reading about.

Adware – A program that generates pop-ups on your computer or displays advertisements. It is important to note that not all adware programs are necessarily considered malware. There are many legitimate programs that are given for free that display ads in their programs in order to generate revenue. As long as this information is provided up front then they are generally not considered malware.

Backdoor – A program that allows a remote user to execute commands and tasks on your computer without your permission. These types of programs are typically used to launch attacks on other computers, distribute copyrighted software or media, or hack other computers.

Dialler – A program that typically dials a premium rate number that has per minute charges over and above the typical call charge. These calls are with the intent of gaining access to pornographic material.

Hijackers – A program that attempts to hijack certain Internet functions like redirecting your start page to the hijacker’s own start page, redirecting search queries to a undesired search engine, or replace search results from popular search engines with their own information.

Spyware – A program that monitors your activity or information on your computer and sends that information to a remote computer without your knowledge.

Trojan – A program that has been designed to appear innocent but has been intentionally designed to cause some malicious activity or to provide a backdoor to your system.

Virus – A program that when run, has the ability to self-replicate by infecting other programs and files on your computer. These programs can have many effects ranging from wiping your hard drive, displaying a joke in a small box, or doing nothing at all except to replicate itself. These types of infections tend to be localized to your computer and not have the ability to spread to another computer on their own. The word virus has incorrectly become a general term that encompasses trojans, worms, and viruses.

Worm – A program that when run, has the ability to spread to other computers on its own using either mass-mailing techniques to email addresses found on your computer or by using the Internet to infect a remote computer using known security holes.

How these infections start

Just like any program, in order for the program to work, it must be started. Malware programs are no different in this respect and must be started in some fashion in order to do what they were designed to do. For the most part these infections run by creating a configuration entry in the Windows Registry in order to make these programs start when your computer starts.

Unfortunately, though, in the Windows operating system there are many different ways to make a program start which can make it difficult for the average computer user to find manually. Luckily for us, though, there are programs that allow us to cut through this confusion and see the various programs that are automatically starting when windows boots. The program we recommend for this, because its free and detailed, is Autoruns from Sysinternals.

When you run this program it will list all the various programs that start when your computer is booted into Windows. For the most part, the majority of these programs are safe and should be left alone unless you know what you are doing or know you do not need them to run at startup.

At this point, you should download Autoruns and try it out. Just run the Autoruns.exe and look at all the programs that start automatically. Don’t uncheck or delete anything at this point. Just examine the information to see an overview of the amount of programs that are starting automatically. When you feel comfortable with what you are seeing, move on to the next section.

 

Use an anti-virus and anti-malware program to remove the infections

Make sure you are using an anti-virus program and that the anti-virus program is updated to use the latest definitions. If you do not currently have an anti-virus installed, you can select one from the following list and use it to scan and clean your computer. The list below includes both free and commercial anti-virus programs, but even the commercial ones typically have a trial period in which you can scan and clean your computer before you have to pay for it.

  • Kaspersky Anti-virus
  • ESET Nod32
  • AVG
  • Avast
  • BitDefender
  • Microsoft Security Essentials
  • Trend Micro
  • Antivir

It is also advised that you install and scan your computer with MalwareBytes’ Anti-Malware and Emsisoft Anti-Malware. Both of these are excellent programs and have a good track record at finding newer infections that the more traditional anti-virus programs miss. Guides on how to install and use these programs can be found below.

How to use Malwarebytes’ Anti-Malware to scan and remove malware from your computer
How to use Emsisoft Anti-Malware to scan and clean malware from your computer

After performing these instructions if you still are infected, you can use the instructions below to manually remove the infection.

How to remove these infections manually

We have finally arrived at the section you came here for. You are most likely reading this tutorial because you are infected with some sort of malware and want to remove it. With this knowledge that you are infected, it is also assumed that you examined the programs running on your computer and found one that does not look right. You did further research by checking that program against our Startup Database or by searching in Google and have learned that it is an infection and you now want to remove it.

If you have identified the particular program that is part of the malware, and you want to remove it, please follow these steps.

  1. Download and extract the Autoruns program by Sysinternals to C:\Autoruns
  2. Reboot into Safe Mode so that the malware is not started when you are doing these steps. Many malware monitor the keys that allow them to start and if they notice they have been removed, will automatically replace that startup key. For this reason booting into safe mode allows us to get past that defense in most cases.
  3. Navigate to the C:\Autoruns folder you created in Step 1 and double-click on autoruns.exe.
  4. When the program starts, click on the Options menu and enable the following options by clicking on them. This will place a checkmark next to each of these options.
    1. Include empty locations
    2. Verify Code Signatures
    3. Hide Signed Microsoft Entries
  5. Then press the F5 key on your keyboard to refresh the startups list using these new settings.
  6. The program shows information about your startup entries in 8 different tabs. For the most part, the filename you are looking for will be found under the Logon or the Services tabs, but you should check all the other tabs to make sure they are not loading elsewhere as well. Click on each tab and look through the list for the filename that you want to remove. The filename will be found under the Image Path column. There may be more than one entry associated with the same file as it is common for malware to create multiple startup entries. It is important to note that many malware programs disguise themselves by using the same filenames as valid Microsoft files. it is therefore important to know exactly which file, and the folder they are in, that you want to remove. You can check our Startup Database for that information or ask for help in our computer help forums.
  7. Once you find the entry that is associated with the malware, you want to delete that entry so it will not start again on the next reboot. To do that right click on the entry and select delete. This startup entry will now be removed from the Registry.
  8. Now that we made it so it will not start on boot up, you should delete the file using My Computer or Windows Explorer. If you can not see the file, it may be hidden. To allow you to see hidden files you can follow the steps for your operating system found in this tutorial:

    How to see hidden files in Windows

  9. When you are finished removing the malware entries from the Registry and deleting the files, reboot into normal mode as you will now be clean from the infection.

How to protect yourself in the future

In order to protect yourself from this happening again it is important that take proper care and precautions when using your computer. Make sure you have updated antivirus and spyware removal software running, all the latest updates to your operating system, a firewall, and only open attachments or click on pop-ups that you know are safe. These precautions can be a tutorial unto itself, and luckily, we have one created already:

Simple and easy ways to keep your computer safe and secure on the Internet

Please read this tutorial and follow the steps listed in order to be safe on the Internet. Other tutorials that are important to read in order to protect your computer are listed below.

Understanding Spyware, Browser Hijackers, and Dialers

Understanding and Using a Firewall

Safely Connecting a Computer to the Internet

Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware

Using IE-Spyad to enhance your privacy and Security

Conclusion

Now that you know how to remove a generic malware from your computer, it should help you stay relatively clean from infection. Unfortunately there are a lot of malware that makes it very difficult to remove and these steps will not help you with those particular infections. In situations like that where you need extra help, do not hesitate to ask for help in our computer help forums. We also have a self-help section that contains detailed fixes on some of the more common infections that may be able to help.


If you believe your computer is infected with a virus, the best method of detection and removal is to run an antivirus scan on the computer. Open your antivirus scanner through the Windows notification area or through the Start Menu and run a full system scan to scan all files on your computer for a virus.

If you’re unable to boot into Windows, boot the computer into Safe Mode and run the scan from within Safe Mode.

Removing detected virus

If the antivirus program detects the virus, a prompt to either move the virus to the virus vault or delete the infected files will be given. Both options are a good way to remove the virus from the computer.

I don’t have an antivirus program installed

Tip: If you are running Windows 8 or Windows 10 on the computer you may be using Windows Defender as your antivirus.

If you do not have an antivirus or Windows Defender, but still believe a file is infected with a virus, try running an online virus scan. These websites will scan your computer hard drive for any infections. You may also consider installing a free antivirus program on the computer.

Listing of all available antivirus programs.
Note: It is not recommended to manually find and delete files on your computer that you suspect to be infected with a virus. Deleting the wrong files could result in errors on your computer, or cause the operating system to become unusable.

No virus has been detected

Unfortunately, many non-virus related issues are often blamed on computer viruses. Nine times out of ten, a computer problem is a software, driver, or hardware related issue and not a virus. If after running the antivirus, no virus is found, it’s very likely the computer is not infected. If you still believe your computer is somehow infected, you may also consider running an online virus scan and scanning the computer with a malware protection program, as mentioned below.

Malware, Spyware, and Adware detection and removal

We’d also recommend running a malware protection program on the computer, such as Malwarebytes. Malware can be the cause of computer errors and other problems as well.

How to scan the computer or get software if Internet is not working

If your Internet is not working you can download Malwarebytes or other antivirus software from another computer, copy the download to a USB flash drive, and then install the program from the flash drive on your infected compute

AAKEYY Written by:

I have always expressed myself through creative means, I specialize in writing tech-related articles about the computer industry. I enjoy writing articles about the Internet, making money online, fitness & health.

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *