How to Clean / Remove and Recover from a Virus From Your PC

This is the complete virus cleaning guide.  There are many ways to clean a virus from your computer and I will list them in from the easiest to the most complex.  Contrary to commonly held beliefs, there are MANY nasty virus’ for Apple Mac’s, iPhones, Linux and Unix, however this document is only intended to be used by Windows machines.

By Ian Matthews, Up & Running Technologies Inc, Feb 10, 2010
NOTICE: This information is provided without warrenty or guarentee; use at your own risk!

NOTE: Once you clean your virus, make sure you review the last two sections on
this page:
Post-AntiVirus Clean Up and  Quality (and free) Antivirus Programs,

_______________________________________________________________________________________

Clean Up The Places Virus’ Like To Hide:

You likely won’t be able to kill the virus in this step but you will make your scanning one Hell of a lot faster.

  1. Delete your temporary files:
    – Go to C:\WINDOWS\TEMP and delete EVERYTHING.  Thats right, EVERYTHING in this folder is garbage.    – Launch your browser and delete all your Temporary Files
    – in Internet Explorer 6,7 and 8, simply click the TOOLS menu, select INTERNET OPTIONS and DELETE button    – Turn on your HIDDEN FILES (see THIS video for Win XP and THIS instruction for Vista / 7) and dump your temp!
    – In Vista / 7 and newer go to C:\USERS\<YourName>\APPDATA\LOCAL\TEMP and delete EVERYTHING
    – In XP and older, go to C:\DOCUMENTS AND SETTINGS\<YourName>\APPLICATION DATA\LOCAL\TEMP and delete it ALL
  2. Empty your RECYCLE BIN
  3. Do the same thing for each profile on your PC
  4. From a friends computer (almost every virus blocks access to AntiVirus sites) download a free AntiVirus like THIS one or THIS one and try to load it on your computer.

If You Can Connect To The Internet:

  1. Download the (free from Microsoft) Malicious Software Removal Tool, which will clear the most common 40+ virus/malware from your system.  Click HERE for the 32bit version (most Vista and older installs will use this) or click HERE for the 64bit version (most Windows 7 and new installs will use this).  Note that this is updated at least once a month.
  2. If you can not download the MRT, you can try to use the one on your computer already by clicking the START button and typing MRT.EXE into the RUN or SEARCH line.  Even though it is likely a month or so old, it is free and fast… so why not!
  3. Try to connect to a free on-line AntiVirus cleaner like housecall.trendmicro.com .  Just follow the prompts and stick to the free product.
  4. Run Windows Update and accept ALL updates / patches.  In Vista / 7 and newer click the START button and type WINDOWS UPDATE then follow the prompts.  Most virus’ will block you from getting to Windows Update, but it is worth a try.

If You Cannot Connect To The Internet or Your Machine is Just Screwed!

  1. Go to a friends computer and download Kaspersky’s free Emergency Rescue AntiVurs Boot CD HERE.�
    – You will likely need to do this on a different PC than the one with the virus.
    – Power up your computer to boot from the Kaspersky DVD (you may have to change your BIOS’ boot order)
    – When the sofware is running, make sure you perform an UPDATE (yes, this will take about 3 minutes)
    – Start the scan and wait the several hours required for it to complete
    – Click HERE for more details if you are confused
  2. Go to a friends computer and download BitDefender’s free Emergency Bootable AntiVirus CD HERE.
    – You will likely need to do this on a different PC than the one with the virus.
    – Power up your computer to boot from the Kaspersky DVD (you may have to change your BIOS’ boot order)
    – When the sofware is running, make sure you perform an UPDATE (yes, this will take about 3 minutes)
    – Start the scan and wait the several hours required for it to complete
    – Click HERE for more details if you are confused
  3. If you need to delete files from your PC (as per the instructions at the top of this page), you can use BitDefenders boot disk.
  4. If you need more bootable AntiVirus disks, click HERE.

 

ComboFix:

If you still can not get your machine working, try ComboFix.  Read it all about it HERE.

Automatic Log Off:

If you cannot log into your PC after cleaning a Virus’ because it automatically logs you off, you likely need to replace a damaged UserInit.EXE file.  You will need to boot your system using something other than the operating system installed on the drive, such as the Windows Recovery Console, a boot floppy / USB stick, or the BitDefender Boot Disk (from step 2 above).

  1. If you have Windows XP download THIS file.�
    If you have Windows 7 download THIS file.�
    If you have Windows Vista, copy userinit.exe from a buddies computer, ’cause I don’t have a copy.
  2. Rename c:\windows\system32\userinit.exe to userinit.old
  3. Copy the new file to c:\windows\system32\
  4. Run REGEDIT and confirm that:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    is pointing to
    c:\windows\system32\userinit.exe
  5. Boot your machine and see if it works.

If you have questions about this process read THIS and THIS and THIS article.

Post-AntiVirus Clean Up:

After you have removed your virus, your machine still might have problems with networking or surfing.  The following scripts will likely fix your issue:

  1. Click the START button, and in RUN or SEARCH type CMD, click and press ENTER.  Type (I would copy paste these) each of the following commands one at a time and press the ENTER key after each:
    • netsh int ip reset c:\resetlog.txt
    • netsh winsock reset all
    • netsh interface reset
      Then reboot your PC
  2. From Internet Explorer 7 or 8, click TOOLS, OPTIONS, ADVANCED and then click the RESET button at the bottom of the page.
  3. If you are having any problems, reinstall the most recent Windows Service Pack
  4. If you are still having problems, run the System File Checker built into every version of windows:
    – click the START button and type sfc /scannow (and press ENTER) in the RUN or SEARCH bar.
  5. If you are running an old version of Internet Explorer (like IE6 or IE7), go to a friends computer download the most current version of Internet Explorer, then install it on your machine.
  6. Click HERE to run Windows Update and install ALL patches.

Quality (and free) Antivirus Programs:

You can download several free, high quality AntiVirus programs:

  1.  I MUCH prefer the new Microsoft Security Essentials because it is soooo very light.  It will not slow your PC down or bug you with popups or sales messages.  It just shuts up and works without configuration.  Oh ya… it also scores highly on effectiveness tests.
  2. AVG Free Edition is also excellent but it will periodically ask you questions, requires some minor setup prompts and will tell you that you need to buy the new version about every year.  As you might have figured out from my tone, you do NOT have to buy the new version; you can simply download a new free version.
  3. Avast Free Edition is a popular choice.  I do not use it but I do hear good things.

I use McAfee and Norton (Symantec) in several corporate offices because of the management tools.  However, both products have an enormous performance hit and I would strongly suggest you remove both of them.

You should spend two minutes and review the graphs in THIS short benchmark test.  Yes, I know the test show software from 2007 but it matches my experiences today.

Questions or Comments?