Remove a Virus

Has your computer been infected by a virus? Viruses and other malware can pose a significant security risk to your data and personal information, and can have a drastic effect on your computer's performance. They can be tricky to get rid of, since many are programmed to be extremely difficult to remove. If your computer is suffering from a nasty infection, see Step 1 below to get rid of it.

Steps

Running Scans

1. Backup your data. Before starting the virus removal process, make sure that all of your important data is backed up. This will ensure that nothing of value is lost if the computer has to be completely reformatted, and you can get back up and running with minimal time invested.
   • See this guide for detailed instructions on how to back up all of your important data.
2. Check to ensure that other factors aren't causing your problem. Oftentimes a slow computer will give the impression that it is infected with a virus, when it may be an issue with memory, storage, adware, or a number of other factors. Failing hardware, especially hard drives, can significantly slow down your computer and corrupt files.
   • Speed-Up-a-Slow-Windows-Computer-for-Free contains a variety of tips to help speed up a slow computer.
3. Gather your tools. You should already have an antivirus program installed, but if you don't there are a variety of both free and commercial products are available. Most paid programs have a trial period that will allow you to scan and remove viruses, so don't worry about cost and download the program that sounds the best to you. Popular options include Kaspersky, BitDefender, Avira, and Trend Micro. You should only have one of these installed at a time.
   • You will also need a few anti-malware programs. While lots of adware is technically legitimate, lots of it is shady as well. These programs may pick up things that your antivirus passes over. Popular options include Malwarebytes Anti-Malware and Hitman pro. Like antivirus programs, you should not have too many anti malware programs as they may slow down your PC, but unlike antivirus programs it is an option.
   • If your virus infection is preventing you from successfully downloading files, you will need to download them on another computer and transfer them via USB drive.
4. Reboot in Safe Mode. In order for a virus to do anything, it needs to be run. Most viruses run themselves by attaching to startup services that load when Windows loads. Safe Mode only loads the most essential files for Windows to run, which should stop almost all viruses from starting. This will allow you to identify and remove them.^[1]
5. Run your scans. Run a full system scan with your antivirus program. Quarantine anything that doesn't look right after the scan is complete (most antivirus programs have a quarantine function). After you are finished running the virus scan, run each of your additional anti-malware scans. Each program is capable of removing any infections it is able to find.^[2]
6. Test your computer. After the scans have all completed, reboot normally and test your computer's performance. Run your web browser and any other programs that you originally had issues with. If your infection is gone, you're done! If problems persist, read on to the next section.

Removing Viruses Manually

1. Download Autoruns. Autoruns is a program from Microsoft TechNet that allows you to see exactly what is starting up each time your computer boots. This will give you the clearest possible picture about what is currently operating on your computer.
   • After downloading, extract the program to an easy to access spot, such as C:\Autoruns.
   • Run the program before continuing to get a feel for how it is laid out, and to see how it displays the services and programs that are starting up with Windows. It's a pretty daunting display at first, but you will only need to focus on a few areas later on.
2. Adjust Autoruns' options. In order to make it easier to find infected entries, you will want to disable reporting of certain signed Microsoft services, and include locations that might not normally be checked. Click the Options menu and then select Filter Options. Check the following boxes:
   • Include empty locations
   • Verify code signatures
   • Hide signed Microsoft entries
3. Reboot into Safe Mode with Networking. Since most viruses attach themselves to startup services, deleting the service while the virus is running will allow it to recreate the entry in your registry. Safe Mode will only load essential startup services, allowing you to safely disable infected ones.
   • Rebooting into "Safe Mode with Networking" as opposed to "Safe Mode" will allow you to use the internet to look up the programs that are starting with your computer.
4. Start the Autoruns program. Once you have entered Safe Mode, start the Autoruns program. Double-check that your Filter Options are set correctly. Wait for the scan to finish, which may take a few moments.
5. Begin searching for suspicious entries. This will be the most tedious part of the process, as you'll want to look up any suspicious entry online to see if the process is legitimate or not. You will need to pay attention to both the entry's name and the file location.
   • There are a variety of process identifiers online that can tell you exactly what the process is and if it's a potential threat. Some popular databases include Process Library, Bleeping Computer, and File.net.
   • Focus on the Logon and Services tabs. There are a variety of tabs that help filter information for you, but most of the time you'll find what you're looking for in the Logon and Services tabs. You shouldn't ignore the others, though, as some viruses will be reported in other areas.
   • Take your time when investigating processes. Disabling real processes can keep Windows from loading properly, so triple-check each process before you mark it for removal.
   • Record the file location of each offending entry before you remove it. You will need to locate these files later to delete them.
6. Delete the first malware-related entry. Once you've identified entries that are infected, you can delete the first one by right-clicking on it and selecting Delete. This will remove the entry from your startup process, but doesn't delete any of the infected files.
   • Delete entries one at a time, delete the associated files, and then repeat for the next entry. This will help to ensure that you don't forget to remove files from your computer.
7. Remove the files associated with the deleted entry. Open Windows Explorer and navigate to the location that was associated with the startup entry. If you can't see the files, you may need to Find-Hidden-Files-and-Folders-in-Windows.
   • Repeat the entry and file removal steps for each entry you need to get rid of.
8. Reboot your computer normally. Once you have finished removing each of the entries and all of the infected files, you can reboot your computer normally, allowing all the remaining processes to start. This should eliminate the majority of common virus infections. If you are still infected, see the next step.
9. Consider reinstalling Windows. If you can't seem to get rid of the infection, reinstalling Windows may be your best bet. Although it seems like an extreme step, it is actually usually faster to reinstall than to continue trying to troubleshoot a stubborn infection, and much cheaper than taking your computer to a professional. Chances are you use fewer programs than you might think, making your reinstallation time even quicker.
   • Reinstalling will wipe your hard drive clean, removing virtually any virus infection.
   • Before reinstalling, make sure that you have all of your important data backed up and your Windows key handy. You may also want to put the installers of all your essential programs such as browser and antivirus onto a USB drive for easy access after the Windows reinstallation is complete.^[3]

Removing Mac Viruses

1. Install a Mac-specific antivirus program. The days of not needing an antivirus program for Mac computers are over. As the operating system has gained popularity, so has the frequency of virus infections. Virus makers now see Macs as valid targets, and ensuring you are protected is the best way to prevent viruses. Antivirus scanners are also the easiest way to get rid of existing viruses.
   • Popular Mac antivirus programs include Sophos, ClamXav, Intego VirusBarrier, as well as paid products from the big names, including Norton, McAfee and Kaspersky.
   • Make sure you only have one anti-virus program installed at a time.
2. Scan for viruses. Use your newly-installed scanner to check your computer for viruses. Ensure that you are scanning any connected external hard drives or USB drives as well.
   • Macs can transmit PC viruses as well, even if they aren't susceptible to them.
   • Remove any offending results from your antivirus scan. Mac viruses are typically much easier to remove using a virus scanner than PC viruses.
3. Scan with a second program. After scanning with your first antivirus program, uninstall it and install a second program. You can use two different free programs for this, or one free and one paid. Running a second scan will help catch malware that slipped through the cracks of the first scan.
4. Reinstall OS X. If you have a virus infection that scans simply won't get rid of, reinstalling your operating system may be your best bet. If you already have your data backed up, it actually won't even take that long, and may improve your system's performance as well.
   • See Reinstall OS X Lion for detailed instructions on reinstalling OS X.
5. Remove the Flashback virus. This virus was one of the first big virus scares for OS X users. Apple has since patched OS X to fix the security exploit and remove the malware from OS X systems, but if you haven't Update-Mac-OS-X-Snow-Leopard you may not have this fix.
   • There are several programs that you can download that will remove Flashback, including F-Secure's Flashback Removal Tool.
6. Remove the FBI Mac OS X virus (MoneyPak). This piece of malware hijacks your browser, forcing you to a page that claims your computer has been shut down by the FBI. The site claims that by paying a large sum of money, your computer can be unlocked. You can remove this virus by resetting Safari's settings.
   • Open Safari and click the Safari menu in the menubar.
   • Click "Reset Safari..."
   • Make sure every item in the list is checked.
   • Click the Reset button.

Warnings

• Removing malware often takes hours, days, or even weeks. Be sure you have plenty of time available.
• If you have sensitive files on the computer that is infected that could allow for identity theft you should consider disconcerting the computer from the internet and look closely at your credit card bills and bank statements for the next month to make sure that nothing suspicious is occurring.
• If their is a message on your computer asking for payment in exchange for your files then you have ransomware, DO NOT PAY, their is no guarantee that you will get your files back and you are encouraging the hackers to make more of these viruses, instead seek help on forums, like the Microsoft community

Related Articles

• Avoid Getting a Computer Virus or Worm
• Be Safe on the Internet
• Do Computer Maintenance and Reduce Computer Problems
• Install and Setup Avast! Free Antivirus 2014
• Keep Your Computer Running Smoothly

Sources and Citations