Computer viruses

Proud Sponsor of:

The Ultimate In Dust-Free Computer Enclosures

Home

Pricing

PC Dirt

Filters

Air Flow

Design

Installation

Ordering

Pay Now

Got Viruses?

You may need to clean more than dust and dirt

With the major epidemic of backdoor trojans, viruses and spyware, you now have to be vigilant in your efforts to keep your computers clean in other ways. Here are "some" of the steps we recommend in protecting your systems from the threat of viruses and for cleaning them when they get infected. And, they will get infected.

First, understand that there is always a window of about two weeks between the time that a new virus or spyware is released and the time when the anti-virus software companies issue a fix. So, we're all vulnerable to new viruses, and there is little we can do to stop them, short of not using our computers.

The best we can hope for is to limit the damage and the infections caused by people who program these backdoors, viruses and spyware. They're very intelligent people, and as soon as we've figured out how to fix one infection, or we've installed the latest protection, they've sent out a new one. Therefore, let's assume your PC is infected, your Internet connection has slowed down, you're being slammed with pop-ups, and your computer is locking up.

Hopefully, it goes without saying that you have an anti-virus program installed. It must be up-to-date and set for auto protect. If there is an automatic update feature, enable it and set it to update every day. That's because new viruses and their fixes are being released every day.

We use Symantec Anti-Virus Corporate Edition. But, there are many others, including Trend Micro, which are equally good. We're also using ClamWin, which we highly recommend - and, it's free! They also have a Vista-compatible version. SAV is good at catching most viruses, but I find it wanting when it comes to trojans. So, I use Trend Micro's House Call for an online scan which includes a scan for spyware and other malware. I also use SpyBot Search & Destroy, in addition to running Symantec's online scan, since it catches some infections that even my installed SAV misses. Though SAV won't clean infected files, it will tell you the type of infections and where they are located so you can delete them.

WARNING -- If you do not have an anti-virus program installed, you MUST clean your system before you install AV software. Installing AV software on an infected PC can crash your system, and that's even worse that trying to recover from a virus attack.

We also recommend against using Norton Internet Security. We've seen numerous instances where Norton's automatic updates have disabled network and printer connections, and seen Internet connections bogged down to a crawl by NIS' firewall. So, if you have NIS installed and are having problems with your Internet, try turning off the firewall.

Assuming you have your anti-virus program installed and updated, and that you're running autoprotect, here's what we do to clean an infected system:

If you're not familiar with editing your Registry, read the Knowledge Base article 322756 on Microsoft's web site before you take these steps. First, open Regedit and navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\CurrentVersion\Run. This is a sure way to see if your system is infected. In the right hand window, you'll see a listing of programs that run on startup. Check for .exe files in the Windows or Windows\System32 directories that are not familiar or are not associated with programs you knowingly installed. Google on those filenames and delete the entries if you find that they are viruses or other malware.

Next, download the latest virus definitions. Assuming you're running Windows XP, boot into safe mode with networking (F8 on bootup) to prevent the viruses and trojans from loading. You'll also need to turn off System Restore (Control Panel, System, System Restore). If you're running Windows 98 or other OS's that cannot boot into safe mode with networking, boot to safe mode. Now, run a full system scan with your installed AV program. For Windows 98 only, you'll have to reboot into normal mode before you can connect to the Internet and take the following steps.

Go to Trend Micro's website and run House Call. You'll have to allow it to install ActiveX Controls, then select your drives and Auto Clean. Click scan and wait until it's finished scanning your system. Any viruses will be highlighted blue, and listed as "Uncleanable". This is because they are the actual virus program. Infected Word docs can be cleaned, but not the virus, itself.

In some cases, viruses can prevent you from using online virus scans. When this happens, download and run the following programs and then run the online scans.

I recommend that you purchase Trojan Hunter. It costs $49.00, and is worth every penny. It will not only clean trojans that other AV programs miss, but it will also run in the background and protect you from future infections. Download, install and run Trojan Hunter. Update it and scan your system. You'll be amazed at what it finds.

Next, download and install SpyBot Search & Destroy. Though it's free, I recommend that you make a donation to this site. If it wasn't free, I'd still recommend buying it - it's that good. Run the update option and then immunize your system. This will protect you from future infections. Then, scan your system and let the program fix the problems it finds. In some cases, it will show warnings - like when a port is open for AOL Instant Messenger, or some other program you want. It won't "fix" that, it will just provide a warning.

You may also want to download and install AdAware from Lavasoft. This will find and delete infected cookies, spyware program files and registry entries. It's free, but the pro version is better and worth the money. Make sure you use quarantine, not delete, as you can delete files you need. If you run AdAware and you have problems with your system, you can restore the quarantined files. Then, you can run AdAware again and deselect the system files you need. And, remember to download WinSockFix.exe before you run AdAware. If you have no Internet access after running AdAware, this file should resolve the problem for you.

Now, open up Control Panel and go to Add/Remove Programs. Search for programs like 180Search, CometCursor, SideSearch, or search toolbars you didn't know you had and uninstall them. Also look for other programs you didn't install, like Alexa and others - they're usually installed when you visit freeware sites that install spyware without your knowledge.

In the worst cases of infections, every time you delete an infected file, it will be renamed and reinstalled when you boot up again. This may require that you take your hard drive out and install it as a secondary drive in another system. Then, you can scan it and clean it before you reinstall it in the original system.

I'll try to keep this page updated for you and to provide you the latest tips on keeping your systems clean. Just remember that you have to take care when cleaning or uninstalling programs from your PC. I cannot guarantee that these steps will solve all your PC problems, or that following them will not cause problems. You'll have to exercise good judgment when cleaning an infected system. If you're not sure, have someone who is experienced do this for you. It might just save you a lot of headaches.

If you have suggestions or comments, e-mail us, and we will check them out. If you point out problems or good solutions, we'll post them here.