Virus and Malware Infections
It seems like lately I have been dealing with an enormous number of malware and virus issues ranging from fake virus scanners to debilitating trojans that are darn near impossible to remove. Although it is incredibly frustrating to deal with, I also secretly enjoy the puzzles created by these malicious software developers and can usually figure out how to remove them without having to wipe the hard drive and reinstall everything.
When your computer is infected with a virus or malware, one of the more common symptoms is that you suddenly cannot run anti spyware scans or even antivirus scans. I’ve seen malware that prevents the software from loading and even recently encountered one that uninstalled both the virus scanner and Windows Defender from the computer’s hard drive. The folders were gone and everything. The reason behind this is that the malware and virus developers (who should all burn in hell, by the way) deliberately disable your protective software so that you can’t easily remove the infection. They also disable other tools used to clean up your system, such as the Task Manager, System Restore, Regedit, and MSConfig.
If you find yourself suddenly screaming, “Help! I can’t run an antivirus spyware scan!” then here are a few possible solutions for you. I often have to try a variety of things in order to get rid of some infections, and it seems like each one is a little different than the last. Unfortunately, time constraints (as dictated by my boss) force me to format and reinstall the system, such as with the case of the one I mentioned that uninstalled the virus scanner.
The first thing you should try to do is run System Restore. If you can remember when the problem started, you can use System Restore to go back to a previously good state in your machine. I’ve been able to use this method in the past with other fake virus scanners, but it seems like recently it does not work at all. System Restore is great when it actually works, but sometimes it can become corrupted and fail even when there’s no virus or malware at all. Furthermore, some of the malware I’ve encountered in the past couple of months had actually disabled System Restore from working. You should go ahead and try it first and maybe you will get lucky.
Use Another Computer
One of the best ways to get rid of malware and viruses is to put your hard drive in another computer and then do a full scan. The reason for this is that when you try to treat an already infected computer, it’s like trying to change a flat tire on a moving vehicle. You’ll constantly be fighting with the malware or virus which, by design, is actively working to prevent its removal. By putting the hard drive in another machine and using it as a secondary drive, you can run a full scan without having to worry about all the other stuff loading because you’d be using a different operating system than the one on the infected drive.
Fake Virus Scanner Screenshots
Regedit and MSConfig
If your antivirus or spyware scanner is disabled, then chances are that Regedit and MSConfig will be disabled, too. You can try to run them, but you will likely get some kind of pop-up message saying something like the program was infected and must be closed. In some cases, if you ignore that pop-up and don’t click anything to close it, then try to run Regedit or MSConfig again, they will actually work. I recently discovered this on a couple of different machines. Once I was able to get into them, I turned off the suspect software and then it allowed me to run my scanners and fully get rid of the troublesome malware.
At my work, we use a program called Dameware to remotely log into other computers so we can see their desktop and do maintenance. The software also lets us browse the hard drive and view running processes on machines on our network. When the computer itself won’t let me view the Task Manager, I can use Dameware to look at the running processes and often be able to manually kill whatever malware or virus is running. The downside to using Dameware, or some other remote control type software, is that the computer must be within a network and that it must be connected to that network. Given the nature of viruses and their ability to spread, it’s often not wise to put an infected PC on a live network connection.
Booting into Windows Safe Mode can help diagnose problems because it loads Windows with the bare minimum of drivers and processes. To get into Safe Mode, start pressing F8 after you turn on the PC and you’ll eventually get a menu of boot options where you can select it. Virus and malware infections often carry over into Safe Mode, but you may still be able to get a little farther than you would in normal mode.
I’ve seen some malware than appears to be profile-specific, meaning that they only infect a single user’s profile at first. In a roaming profile environment, this could be a huge problem if that user logs onto more than one machine. Sometimes you can log in as a local administrator and not see the fake virus scanners and other malware that pop up when another user logs in. If this is the case, then getting rid of the virus or malware will be much easier to do. If the computer connects via a domain, be sure to change it to the local machine and log in using a local account so that you don’t risk spreading the infection to the server which hosts the profile. Likewise, if the network user’s account seems to be infected, unplug the network cable before they log off and then power off the machine so that the infected files aren’t uploaded back to the server which hosts their user profile in a roaming profile environment.
Format and Reinstall
Sometimes, you have to admit defeat. Either that or your boss tells you that spending two whole days trying to remove one virus or malware is not a good use of your time when you could format and reconfigure the machine in a couple of hours. When time is at hand, sometimes it is best to just reformat the hard drive and reinstall Windows. If you have to go that far, maybe next time you’ll be more careful what you click on when browsing the Internet.