How To Remove Viruses – Part 1

 Posted by on May 11, 2011  viruses
May 112011
 

This series of four articles will show you how to remove the majority of viruses, spyware and other malware that may infect your computer. Most parts of this series assume that you are able to download specific software tools to help remove the viruses.

If not possible on the infected computer you will need to download on another and transfer them to the infected computer. Warning: virus removal done properly is not rocket science but nor is it for the faint hearted. It takes time, effort and knowledge.

Although these posts aim to show you how to remove viruses yourself, if you are not confident in your abilities please consider getting help from a reputable computer repair business. If you don’t have a full backup or are unable to reinstall Windows if required, we highly recommend you leave this job to the professionals to ensure it is done properly.

You should always remove virus infections as soon as possible – the worst cases we see in our computer repair business are where someone has ignored the problem or ‘had a go’ at removal without actually removing all the viruses. Just one virus left on the computer can reinfect it and the problem may return with a vengeance.

Serious longer term infections are also more likely to damage Windows itself and leave you with a computer that crashes or cannot load into Windows. In the worst case you may have to format (delete everything from) your hard drive and reinstall Windows – hopefully you already had a backup of your data to reload afterwards…

If You Can’t Open Any Programs

A common problem is when all programs cannot be opened – viruses do this to prevent you running programs to remove them. The signs are that when you try to open a program you are confronted with an ‘Open With’ window which asks you to choose which program to use – to open the program that you are trying to open… You must fix this before proceeding – see our article on how to fix program opening after virus attack.

How To Start The Removal Process?

To make it difficult to remove them, many viruses will prevent you from running antivirus scans, installing new programs or even opening existing programs (especially common with the ‘fake antivirus’ type of virus) so your first task is simply to find a way to stop the virus blocking everything you want to do.

There are 2 ways to achieve this:

Method 1. The program RKill is able to close most virus processes that stop you from running programs. Note that RKill does not delete the viruses, just close them temporarily to give you chance to get rid of them. You can download RKill from the Bleeping Computer website here.

Scroll down the page to find 7 links to the RKill program using different filenames (because some viruses will not allow any programs to run unless they have a certain filename). Download and try to run the first version of RKill – if it does not run then download the second version and try again etc until you find one that runs.

RKill can take a minute or two to complete. When finished it produces a text file of which processes it has closed – hopefully including any viruses. You can now skip to Part 2 of this series of articles – if you are unable to follow the steps in Part 2 because viruses still stop you doing anything then RKill did not manage to close all the viruses or your situation is more complex – try Method 2 below instead.

Method 2. If RKill did not work or was unable to close all the running viruses then an alternative is to start your computer in Safe Mode (disables non-essential programs from starting up, including most viruses) to give you chance to install software or open programs to remove the viruses. To access Safe Mode:

Restart your computer – you will usually see some writing scroll up the screen listing details of the hardware in your computer. At this point keep tapping the F8 key repeatedly until the Windows Advanced Options menu screen appears. If you missed it the computer will continue into your normal Windows – restart and try again, pressing F8 more quickly.

Tip: some computer manufacturers (in their stupidity) also use the F8 key to display a list of ‘boot options’ which may appear before you can get to Safe Mode – if you see a menu listing boot options, choose your hard drive from the list of options and press Enter if required to select it, then immediately start tapping F8 again to access Safe Mode. If you missed it the computer will continue into your normal Windows – restart and try again, pressing F8 more quickly.

Once you see the Safe Mode menu you can use the up and down arrow keys on the keyboard to select ‘Safe Mode with Networking’ and press the Enter key to start in Safe Mode.

Now that you have closed the open viruses or stopped them from loading up, you can now move to Part 2 of this series of articles.