Perhaps your security software successfully identified and removed the virus yet the problem persists?
After reading this blog you have a strategy to tackle and resolve the problem manually. However this doesn’t mean you shouldn’t keep your operating system, plus application software up-to-date and your security software definitions current. I include software and hardware firewall.
What’s a firewall? Its a term taken from the building industry, as the name implies, a firewall is a barrier between two things, in this case, your computer and the Internet, which prevents destruction (or other bad news) on one side of the wall from affecting things on the other. Many users seem unaware of the fact that most routers come with firewalls built in, as do computer operating systems, such as Windows XP, Vista, 7 and Apple OS X. Make sure these are turned on and set up properly (consult the documents for your router and operating system). If you prefer a dedicated hardware device consider Microsoft ISA server for most users a properly configured router and software firewall are more than sufficient.
I’m supposing you already know what safe mode is. If you don’t try pressing the F8 key some times when you start your computer. You have to do this when your computer is about to start the first windows components. If F8 fails to present you with a list of start-up modes try F2, F10 (depends on whether your motherboard is AMD or Intel). You may be thinking why do you need to access safe mode? Safe mode launches minimal services and most viruses won’t start in this mode.
- Begin by starting your computer in safe mode.
- If you know the location of the viruses then navigate to the folder then delete the executable file.
- Open the registry and go to the keys below and add an : in front of the value of the string where you think the virus executable resides. For example if string value is “c:\virus.exe” change its value to “:c:\virus.exe”. The : before the C deactivates the value (i.e. stops the file loading). But if you are confident its the virus delete the string.
Below are a list of registry keys you may wish to view:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- The virus can start itself from some other locations such as win.ini. Locate files named win.ini and system.ini. Look for the ini extension look very carefully before disabling. If you have any doubt what ever disable the file rather than delete. Read and (I emphasis) understand the warning to be found at the bottom of this article.
- Next look through your start-up folder located in your profile directory \Start Menu\Programs\Startup alternatively if XP Start>run type MSCONFIG if Vista or Windows 7 then Start>(Files Search Box) type MSCONFIG.
- Search for executable virus files and disable.
- Lastly look through the list of services your computer runs. Services can be located under control panel – administrative tools – services. After implementing these seven steps reboot your computer in normal mode. Does your computer start and run normally? If not go back to safe mode and identify and disable other suspects. If you are successfully go back and delete the disabled entries. Off course these seven steps will not work on every virus.
Most users won’t be happy to apply the above strategy. I wouldn’t blame you if you did think twice, I certainly would. So what alternatives are there. One, try a system restore. The second use security software there are free as well as paid versions. If you choose to seek a free antivirus software package consider Microsoft Essentials real-time protection or AVG Free. Free online virus software scanner try Microsoft Essentials. If you wish to pay for security then consider Microsoft Forefront, Symantec Norton, F-secure, MacAfee or AVG. Why pay, definition updates, tools and technical support to remove viruses. If you use Windows and you have a particularly nasty problem download Microsoft Malicious Software Removal Tool (its free). The downside to deploying Microsoft Malicious Software removal Tool is, it’s very thorough in other words it takes time to complete but more often than not it does resolve the problem.
WARNING: Be careful when editing the registry you can cause serious damage to your system.