QUESTION: I have a new Dell and have been recently infected with viruses or spyware to the point where I had to totally restore my system. It appears as though my anti-virus was shut down and various other functions were prevented from working also. What is the best way to deal with this problem short of restoring the PC to its original state?
Ed: Restoring your PC should be done as a last resort and only after all of your data has been backed up. If the PC is fairly new it’s not as traumatic as when it’s well broken in. Now, as far as cleaning up an infected PC goes, a lot depends on the type of infection. Some of the recent malware is pretty sophisticated in that it’s not only hard to find, most of your defenses are disabled also. I’ve seen cases where the Internet is disabled making it impossible for you to do research or download any anti-spyware programs but there is a way around that as discussed below.
Removing malware not only requires the right tools but a lot of patience. Scanning your PC can take anywhere from 15 minutes to more than an hour depending on how many files need to be scanned and the speed of the PC. Here is a typical set of steps for removing malware:
- Make sure your data is backed up to an external drive
- Empty the Recycle Bin. There’s no need to have the malware remover scan all of the deleted files.
- Delete all of your temporary Internet files. Open Internet Explorer and click Tools, Options and select the Delete button under Browsing history.
- Download Malwarebytes from www.malwarebytes.org.
- Install Malwarebytes if you can. Your infected PC may not be able to.
- Re-start your PC and enter the Safe Mode with Networking. You can get to the Safe mode by tapping the F8 function key while your PC is booting up.
- Install Malwarebytes if you couldn’t do so in Step 5.
- Run Malwarebytes and select the Update option. It should be able to go online and update since you are in the Safe mode with networking.
- Malwarebytes should now scan and locate any malware. When completed you will be shown the results and be able to remove the malware. You’ll be asked to re-boot.
It’s always best to run several anti-spyware programs since no single program has a 100% detection rate. Another good program to run is Spybot Search and Destroy available at http://www.safer-networking.org/en/ . A third program is SuperAntiSpyware which is available in a portable version at http://www.superantispyware.com/portablescanner.html. Portable programs require no installation and can be run directly from the downloaded file. All of the above mentioned programs are free.
The reasoning behind the steps outlined above is that malware often prevents Internet access when booting into the normal mode but does not normally block it when booting into the safe mode. The reason that Internet access is required is that all of these malware removal tools have to have the latest malware definitions at their disposal so they can recognize the threats and remove them. Since it’s possible that some malware in the future may be able to prevent Internet access from the Safe mode, it’s a good idea to always be prepared as best you can. Here’s what I recommend as a minimum:
- Backup your data frequently to an external drive
- Always keep your anti-virus program up to date
- Download and install Malwarebytes and run it frequently
- Download the SuperAntiSpyware portable version and run it frequently
- Keep a bootable rescue disc handy – see below
These steps are not guaranteed to prevent all intrusions but will put you in good shape to recover.
For more information and instructions on preparing a bootable rescue disc, see http://bit.ly/bootcds and http://bit.ly/bootcds2. These boot CDs often provide both virus and malware removal tools and can access the Internet to update themselves to the latest threat definitions. For another Web site on bootable CDs see http://bit.ly/bootcdinfo.
I tried the boot disc from F-secure and it required approximately an hour to boot, update itself and scan my hard drive which contains 20 gigabytes of files. It was easy to use but it’s hard to say how effective it is since I haven’t tried it on an infected PC. Also, results will vary depending on the type of infections. - Ed Schwartz, NOCCC member. View his Web site at www.edwardns.com.