So what do you do if you have a virus?
I work at a computer shop, you know. And it may surprise and delight you to know that everything we use to remove viruses at work is absolutely free for you to obtain and use too. Don’t worry. Virii removal is not our bread and butter, and if one were to Google it, they could very come upon these things themselves. What I’m giving here is the 90% tried and true procedure we use at my office.
Depending on the severity of your virus infection, you may need access to another computer. And if you have used these steps in the past and still have the things I’m about to tell you to download, you will need to download them again. They will have been updated since you last used them and without the new versions, they may not be able to clean out your virus.
Step 1A: Download TDSS Rootkit Killer. This is a free tool offered by Kaspersky. They know pretty much what’s what as far as virii go. This program is used to detect and remove rootkits. A rootkit is a specific part of a virus that hides itself within your computer’s code, so that when you remove the main parts of the virus, the shit that makes itself apparent to you? It runs its hidden rootkit code and that replicates all the original virus files, putting you right back at square one. So the first thing is to check for and remove rootkits. Run this program. TDSS may tell you it found something and needs to “cure” it. Let it do that, and if it says it needs to reboot, let it do that too. If you were able to do this step, skip to Step 2.
Step 1B: If your virus wouldn’t actually let you run TDSS, or any other program. Boot it into Safe Mode. Typically this is done by pressing F8 at the BIOS screen (the boring ye olde looking one with the brand of your computer when you first turn it on) until it gives you the Advanced Boot Options. From there, select Safe Mode with Networking (this will give you internet access). try running TDSS again.
Step 1C: If even then, it won’t let you run the program, you’re going to need this thing right here. It let’s you hook your hard drive up to another machine as if it were a USB device. Pull your hard drive from your infected computer, hook it up to an uninfected one and then run TDSS on that machine. It will scan the entire machine, including all attached storage (like your infected hard drive) and that will remove any rootkits.
Step 1D: If you had to follow step 1C, then go to My Computer and right click the infected hard drive. It should give you the option to Scan with [Whatever anti-virus you have installed]. Do that. this make take a while, but it’ll make the odds of being able to boot normally.
Step 1E: Once that scan is done, put your infected drive back in your machine and boot into Safe Mode. Run TDSS Killer. If you still cannot run the program, wait a day and repeat all the shit you just did. Lather, rinse, repeat until you can. Sometimes it takes a few days for the anti-virus developers to catch up to the virus ones. If you CAN run the program, proceed to Step 2.
Step 2: Download ComboFix. (You have ten minutes from the time you load that page to download the program.) This program is going to look daunting, but it really pretty much runs itself. ComboFix will remove the bulk of the virus. It may not run entirely the first time, though. A blue command line-like screen should appear after the initial black and green. If it doesn’t. Run it again. Sometimes it just does that.
Once it gets to the blue window, it make ask you to install the Windows Recovery Console. Follow the prompts (it will literally tell you to click Okay at some point). Eventually you’ll get to a part where it’ll be running “stage” tests. There’ll be 50 of them, some in two parts. After that, it’ll probably say it’s deleting things. That’s fine. It’ll probably reboot too. Just let it.
Once it comes back up, your desktop icons won’t immediately reappear. The ComboFix screen will pop back up and it’ll tell you it’s still running. It is. let it. Eventually, it’ll fill the screen with a Notepad window full of computer shit. Just close that out.
Step 3: Download and install Malwarebytes. When it gets to the last window with the Finish button, make sure to uncheck the box about trying out Malwarebytes Pro. Let it update. Then run a Quick Scan. This part of the process will remove any left over bits of virus.
That’s it. You should now be virus free. But we ain’t done yet.
So now that you’ve gotten rid of the virus, how do you keep from getting another one?