Removing a Computer Virus
Before you can claim to be a true Virus Killer such as myself, you must know the enemy! I have successfully removed thousands of those little bad guys, and up to 68 on a single PC! Some Malware can be removed by your anti-virus software, but when you get a really nasty virus your going to have to use this. From now on we'll address virus's as MALWARE. This is a more technically correct term, because a Virus is only one type of Malware. Heres a list of the three main types of Malware
- Virus – A type of malware that replicates. It has a mission to carry out, and it's not good!
- Worm – More the less the same as a Virus, but it can spread via the network infecting other devices that are connected
- Trojan – Disguises itself as something useful, or free! Once you've installed it, it will seek to expose backdoors for hackers, or attempt to take control of of your operating system.
Malware survives on deception, if detected it will be wiped out. It must first deceive a user into installing it, then it will typically attempt to gain higher level system privilege. Once that’s achieved it informs the Anti-Virus software to leave it be, and the malicious code goes to work. Pretty sophisticated for such a small file! But the little bad guys can't hide from a true pro!
Malware can be exposed with simple commands from Command Prompt, please don't call it DOS we hate that! Jokes aside, back to work. Re-start your computer in "Safe Mode", at the BIOS screen press F8. At the menu displayed below, select "Safe Mode with Command Prompt".
Next type cd/ in the command prompt window, hit enter. Then type the command attrib then hit enter again to display the files that are using attributes on the root of your system drive. See the picture below.
The attributes are S - H - R . I've high lighted them below for your reference. My PC however has no malware, yay! I want you to look at the SHR attributes, and what they stand for.
- S - System
- H - Hidden
- R - Read Only
The files with SHR, and SH on my PC are legit files from the Operating system. Removing them would cause a nightmare! DISCLAIMER BE SURE ONLY TO REMOVE THE VIRUS! REMOVING A PIECE OF WINDOWS MAY BE CAUSE YOUR SYSTEM NOT TO BOOT.
As stated before, the malware must hide to survive. The "system" permission tells windows and your antivirus that the file is supposed to be there. The "hidden" permission keeps you from finding it. The "read only" permission keeps you from deleting it normally. The two types of files your concerned with have an EXE or INF extension following there name. See the picture below.
Notice there are some files with SHR attributes, these appear to be normal windows files. But notice the RED circled files. There is a file with an EXE and another with an INF using the SHR attributes!!! Red flags go up, but hit the pause button, don't act until your sure. First go google the names of these files on another device, be sure they are in fact a virus........ And sure enough in this example they are! Now to get them off your PC . Using the attrib -s -h -r command followed by the file name will remove the attributes, but you will still need to delete the file. Once the attributes are removed as in line B of the picture of the picture below. Simply type del followed by the file name to remove.
Example: del autorun.inf
Presto your malware is removed. Reboot your computer and you should be good to go. Stay safe on your computer with these tips below.
- Don't open emails without a subject, or if the address looks suspicious
- Pay attention to your address bar at the top of your browser, make sure your not being re-directed to an impostor site.
- Run two accounts on your PC. Use your "Admin Account" for installing programs, use your "User Account" for web browsing. If a malicious program tries to install when your in your user account, it won't be able to.
- Don't be tricked by the fictitious PC scans that pop up in websites telling you have errors or virus! This is such a scam, and they use it to trick people into installing there malware.
- Keep your system up to date!!! This is the big one, if you have Windows updates install them. A large portion of the update could be security patches.
- Perform regular anti-virus scans, and keep your antivirus up to date as well. Outdated anti-virus is useless against new threats.
- Use strong passwords. Yours should be at least 8 characters. Using numbers, letters (upper-lower case), and symbols. Example: K33p0ut2 (keep out 2. easy to remember follows the password rule)
- Change your passwords regularly, don't keep the same one for years!
Thanks for reading! If you found this useful or have a question, drop a comment below.