Saturday, March 5, 2011

Cleaning the Aftermath of a Virus Part 1

Just because you have the nasty virus out of the system does not mean that computer is clean or that everything necessary works!  I plan on making this a two part post, with the first part on making sure the computer is completely clean!
For the second post on returning your computer to working condition check here:
For the cleaning process there are a couple of utilities that I recommend:
First off, I recommend performing a full system scan of all hard drives on your computer using your anti-virus software, that is assuming it has not be permanently disabled by the virus.  If your anti-virus software is damaged I would recommend uninstalling it (or if available repair install); then reinstall the anti-virus software.  Also if you cannot get your anti-virus program to work, you can use the free Microsoft Security Essentials and perform a full system scan.
Once you have performed a full system scan with your anti-virus software and it comes out clean (you may have to perform more than one scan to accomplish this); I suggest installing Spybot Search & Destroy.  Update the program and perform a system scan.  Most likely Spybot will find a few leftovers that your anti-virus software missed.  Like with the full scan with your anti-virus software you may have to scan more than once until you get a clean system.
Next install Norton’s Power Eraser tools.  This tool is capable of doing a “deep” system scan.  I recommend using the option that requires restarting the computer to scan for Rootkits (hidden nasties of the worse kind!).
Once you are done scanning you can uninstall these programs, though keeping Spybot may be a wise decision!  Once the programs are uninstalled, I recommend running CCleaner to clean up temporary files left over from the uninstalled program as well as other unneeded files.
Now, you may be wondering if my anti-virus software says the computer is clean why all the work of installing these additional programs?  Because, most likely your anti-virus program missed something, which is common even with the best anti-virus program.  Spybot is particularly good at finding everything on a system; however, even Spybot may miss something that your anti-virus program found.
Now as a final step I recommend deleting all System Restore points.  In Windows 7 this easily accomplished by going to the Control Panel (Start >> Control Panel) >> System and Security >> System >> Advanced System Settings (it is on the left side pane).  Click the System Protection Tab >> click Configure >> and click Delete.  This will remove all previous restore points.  The reason for removing system restore points is to ensure that you do not use System Restore to restore back to a point where you had the virus!
System Protection Configuration
In Windows XP you can find the options under Control Panel (Start >> Control Panel) >> Performance and Maintenance >> System >> click the System Restore tab.  Check the box to turn off System Restore, then click Apply.  All previous restore points should be removed.  Once it is done removing system restore points simply uncheck the box to turn off system restore.
System Restore Windows XP

No comments:

Post a Comment