Antivirus on Infected Computer
Microsoft Security Essentials (MSE) is the free antivirus software from Microsoft that provides real-time protection against Trojans, rootkits, worms, spyware, viruses, and other types of malware; it also includes on-demand scanning and removal tool engines.
Some years ago, most antivirus programs would not install on infected computers, or installation of an antivirus program was not recommended unless the virus infection was removed first. This changed when antivirus vendors released improved security protection and removal engines. People can now use antivirus software to remove active malware in Windows.
If you bump into an infected computer that does not have an antivirus, anti-spyware or anti-malware program, you can start using the free Microsoft Security Essentials removal tool for Windows to clean-up or disinfect the system.
How to Use the Microsoft Security Essentials Removal Tool
The image at the right (click to enlarge), is an example of computer that is infected with a fake antivirus caused by a fake MSE Trojan alert, rootkit, and Trojans. End-users can remove this malware using Microsoft Security Essentials by using the method below:
Allow the antivirus software to check for updates, and run its initial quick scan on the infected computer.
While the scan is running, the real-time protection module by
. Active malware are malicious files that have loaded in Windows with or without a graphical user interface, before the antivirus program was installed.
You can stop the scan, and then proceed in removing the detected threats. It’s not required to stop the scan when the on-access scanner finds and removes active malware.
When the Microsoft Security Essentials removal tool has finished removing the risks, the active malware will be shutdown because MSE can end the task of malicious processes.
and then run a quick scan to look for any additional active malware.
The on-demand scanner will now start checking the computer for malware that is residing and actively running in Windows. And if it finds more malware, the clean-up option will be available.
Again, allow MSE to remove the detected threats and also the required system restart for removal process to succeed.
Do not stop running a scan until MSE displays a message that the computer is now clean.
It is recommended to run a full system scan when an antivirus program has found and removed malware. A full system scan using MSE checks other files and location in hard-disks for viruses and other types of malware that the quick scanner does not thoroughly check.
Note that it is not possible to install MSE in the safe mode boot option of Windows. If the malware is nasty that is preventing antivirus software to be installed or run, you should try using other antivirus or on-demand malware scanners in cleaning an infected computer.
The default actions of Microsoft Security Essentials in handing malware infection depends on the risk rating and type of infection. If it’s severe or high risk, a remove option is recommended. If the threat contains a medium or low rating, users should review the detected item (the path or the software details), and then decide which actions for MSE to take such as remove, allow, or quarantine. People can also choose to allow MSE in handling everything, and it’s not a problem since any removed threats are sent to quarantine, allowing users to restore if needed.
The only missing option in MSE is the ability to repair or disinfect legitimate files; e.g., system files that were injected by a malicious code. When MSE has removed or quarantined a system or program file, you should run a system file checker and/or re-install the affected program. Some antivirus provides an option to disinfect or repair infected legitimate files, but the integrity of the file is questionable until the user finds no problem when using the application or the system itself.
Screenshots by author courtesy of Microsoft Security Esssentials.
Malware removal using Microsoft Security Essentials is possible as long as you have the latest virus or malware definitions. Most antivirus vendors provide manual download of various detection signatures, which you can use to start scanning or cleaning a computer. It’s recommended using an on-demand or online scanner, in addition to using an antivirus scanner to verify the health status of the PC. By using on-demand or online scanners after a virus removal process, you will be able to find if any remnants of the virus still exists.