MKRD.info - Thorough articles on a variety of topics, and no ads!

How to remove a computer virus

The following is an outline on how to remove a computer virus. Some professional knowledge and skills are implied.

1. The programs which are easiest for viruses to be used to get into your system are products from Adobe (such as Acrobat Reader and Adobe Flash). Because every computer uses Adobe software, virus creators target this software. Disabling or removing Adobe products, if you can, will prevent this infection path. For example, free replacement pdf viewers are available.

Watch out when an update prompt appears. Clicking "Next" or "OK" without inspecting the validity of the dialog that is presented to you is foolish. An infection on my computer with bji.exe started with a Flash update prompt out of the blue (in the middle of using the computer, and not doing anything to initiate the update). Normally, Flash, Adobe, and Java ask for updates either on computer logon, or on the first initialization of that software. If you have logged in a long time ago, and are not using this software, then suspect every update prompt that appears.

2. The second easiest infection path is with people blindly installing every piece of crap software from the internet, such as toolbars and the like, without understanding what it is they are downloading and why.

As a safeguard against virus infection, you must have an antivirus software such as Avast! installed, along with Spybot S&D (with TeaTimer enabled), and Unlocker.

DO NOT RESTART UNTIL YOU DISINFECT YOUR COMPUTER. If you simply restart, it will become much worse.

Most viruses delete all of your restore points as their first action. If your restore points were not deleted, you can of course restore to a point that is a day before or so. Restore from repair mode (with your Windows boot disc inserted).

The first step in treating the virus is to stop the process, if you can. In the case of bji.exe, I had to remove UAC protection (which the virus somehow used to prevent me from stopping the process), end the process tree. This would only last for about a minute, after which the virus would start its process again.

Then, empty all temporary files (user local temp files, windows temp files, etc), and select all items in Disk Cleanup.

Do not count on antivirus software to detect the virus. Sophisticated viruses are tested against many antivirus software packages, and tweaked until the antivirus software does not recognize it. Also, software such as Avast! is much more efficient in boot-time scan mode, but you cannot restart your computer if you have just been infected (because on logon, many additional msconfig startup entries will run, and the virus will be much harder to remove).

If you are infected, then unplug external storage and disconnect remote drives. Also disconnect yourself from the Internet.

The virus is usually found in your user folder (in Windows 7, C:\Users\xxx\AppData\Local), or in the Temp sub-folder. It is usually locked, so that you cannot delete it. Try Unlocker first to delete the file. If you cannot delete it even with Unlocker, then rename it with Unlocker instead. You might then be able to delete it without a problem.

You can create another user account, and login into it while you are disinfection your computer. Usually, the infection does not spread there. You can then use that secondary account to clean your system. You can use the another account to access the Internet and investigate / research your problem.

If you have deleted all suspicious files in your user folder, and msconfig no longer lists selected suspicious startup items (skill is required for both of these steps), then you might be safe to restart to launch an antivirus software such as Avast in boot mode scan.

Before or after the boot mode scan, it is a good idea to restart to repair mode, and use the command prompt to look for suspicious files and delete them before Windows starts.

Most viruses mess with your ability to open .exe files. If after infection you cannot open .exe files by double-clicking them, then download and apply one of the online .exe launch repair fixes.

˅˅˅ Additional valuable information is available at one of the links below: ˅˅˅