Is your computer running slower than usual? Are you getting lots of pop-ups? Have you seen other weird problems crop up? If so, your PC might be infected with a virus, spyware, or other malware–even if you have an antivirus program installed on it.
Though other problems, such as hardware issues, can produce similar symptoms, it’s best to check for malware if you aren’t sure. But you don’t necessarily need to call tech support or the geek across the street to scan for malware–I’ll show you how to do it yourself.
Step 1: Enter Safe Mode
Keep your PC disconnected from the Internet, and don’t use it until you’re ready to clean your PC. This can help prevent the malware from spreading and/or leaking your private data.
If you think your PC may have a malware infection, boot your PC into Microsoft’s Safe Mode. In this mode, only the minimum required programs and services are loaded. If any malware is set to load automatically when Windows starts, entering in this mode may prevent it from doing so.
To boot into Windows Safe Mode, first shut down your PC. Locate the F8 key on your PC’s keyboard; turn the PC on; and as soon as you see anything on the screen, press the F8 key repeatedly. This should bring up the Advanced Boot Options menu; there, select Safe Mode with Networking and press Enter.
You may find that your PC runs noticeably faster in Safe Mode. This could be a sign that your system has a malware infection, or it could mean that you have a lot of legitimate programs that normally start up alongside Windows.
Step 2: Delete temporary files
Now that you’re in Safe Mode, you’ll want to run a virus scan. But before you do that, delete your temporary files. Doing this may speed up the virus scanning, free up disk space, and even get rid of some malware. To use the Disk Cleanup utility included with Windows, select Start, All Programs (or just Programs), Accessories, System Tools, Disk Cleanup.
Step 3: Download malware scanners
Now you’re ready to have a malware scanner do it’s work–and fortunately, running a scanner is enough to remove most infections. If you already had an antivirus program active on your computer, you should use a different scanner for this malware check, since your current antivirus software may have not detected the malware. Remember, no antivirus program can detect 100 per cent of the millions of malware types and variants.
There are two types of antivirus programs. You’re probably more familiar with real-time antivirus programs, which constantly watch for malware. Another option is on-demand scanners, which search for malware infections when you open the program manually and run a scan. You should have only one real-time antivirus program installed at a time, but you can keep a few on-demand scanners handy to run scans with multiple programs, thereby ensuring that you’re covered.
If you think your PC is infected, I recommend using an on-demand scanner first and then following up with a full scan by your real-time antivirus program. Among the free (and high-quality) on-demand scanners available are BitDefender Free Edition, Kaspersky Virus Removal Tool,Malwarebytes,Norman Malware Cleaner, and SuperAntiSpyware.
Step 4: Run a scan with Malwarebytes
For illustrative purposes, I’ll describe how to use the Malwarebytes on-demand scanner. To get started, download it. If you disconnected from the Internet for safety reasons when you first suspected that you might be infected, reconnect to it so you can download, install, and update Malwarebytes; then disconnect from the Internet again before you start the actual scanning. If you can’t access the Internet or you can’t download Malwarebytes on the infected computer, download it on another computer, save it to a USB flash drive, and take the flash drive to the infected computer.
After downloading Malwarebytes, run the setup file and follow the wizard to install the program. Once installed, Malwarebytes will check for updates and launch the app itself. If you get a message about the database being outdated, select Yes to download the updates and then click OK when prompted that they have been successfully installed.
Once the program opens, keep the default scan option (‘Perform quick scan’) selected and click the Scan button.
Though it offers a full-scan option, Malwarebytes recommends that you perform the quick scan first, as that scan usually finds all of the infections anyway. Depending on your computer, the quick scan can take anywhere from 5 to 20 minutes, whereas the full scan might take 30 to 60 minutes or more. While Malwarebytes is scanning, you can see how many files or objects the software has already scanned, and how many of those files it has identified either as being malware or as being infected by malware.
If Malwarebytes automatically disappears after it begins scanning and won’t reopen, you probably have a rootkit or other deep infection that automatically kills scanners to prevent them from removing it. Though you can try some tricks to get around this malicious technique, you might be better off reinstalling Windows after backing up your files (as discussed later), in view of the time and effort you may have to expend to beat the malware.
If Malwarebytes’ quick scan doesn’t find any infections, it will show you a text file containing the scan results. If you still think that your system may have acquired some malware, consider running a full scan with Malwarebytes and trying the other scanners mentioned earlier. If Malwarebytes does find infections, it’ll bring up a dialog box warning you of the discovery. To see what suspect files the scanner detected, click the Scan Results button in the lower right. It automatically selects to remove the ones that are known to be dangerous. If you want to remove other detected items, select them as well. Then click the Remove Selected button in the lower left to get rid of the specified infections.
After removing the infections, Malwarebytes will open a text file listing the scan and removal results; skim through these results to confirm that the antivirus program successfully removed each item. Malwarebytes may also prompt you to restart your PC in order to complete the removal process, which you should do.
If your problems persist after you’ve run the quick scan and it has found and removed unwanted files, consider running a full scan with Malwarebytes and the other scanners mentioned earlier. If the malware appears to be gone, run a full scan with your real-time antivirus program to confirm that result.
Step 5: Fix your Web browser
Malware infections can damage Windows system files and other settings. One common malware trait is to modify your Web browser’s homepage and/or connection settings to reinfect the PC, display advertisements, prevent browsing, and generally annoy you.
Before launching your Web browser, check your homepage and connection settings. In Internet Explorer, click Start, Control Panel, and open Internet Options. Find the Home Page settings, and verify that it’s not some site you know nothing about.
Next, select the Connections tab and click the LAN settings button. You’ll probably want to select Automatically detect settings next, unless your work or ISP requires a proxy.
Step 6: Recover your files if Windows is corrupt
If you can’t seem to remove the malware or if Windows isn’t working properly, you may have to reinstall Windows. But before wiping your hard drive, copy all of your files to an external USB or flash drive. If you check your email with a client program (such as Outlook or Windows Mail), make sure that you export your settings and messages to save them. You should also back up your device drivers with a utility such as Double Driver, in case you don’t have the driver discs any more. Remember, you can’t save installed programs. Instead, you’ll have to reinstall the programs from discs or redownload them.
If Windows won’t start or work well enough to permit you to back up your files, you may create and use a Live CD, such as Hiren’s BootCD (HBCD), to access your files.
Once you have backed up everything, reinstall Windows either from the disc that came with your PC or by using your PC’s factory restore option, if it has one. As when accessing Safe Mode, you must press a certain key on the keyboard in order for the system restore screen to load. If you have a factory restore option, your PC should tell you what key to press in the first few seconds after you turn it on.
Keeping your PC clean
Always make sure that you have a real-time antivirus program running on your PC, and see that it stays updated. If you don’t want to spend money on yearly subscriptions, you can choose one of the many free programs that provide adequate protection, such as Avast, AVG, Comodo, and Microsoft Security Essentials. For more information on these options, read “Top 5 Free Antivirus for 2011.”
In addition to installing traditional antivirus software, you might consider using the free OpenDNS service to help block dangerous sites. And if you frequent shady sites that might infect you with malware, consider running your Web browser in sandboxing mode to prevent any downloaded malware from harming your system. Some antivirus programs, such as Comodo, offer sandboxing features, or you can obtain them through a free third-party program such as Sandboxie.
When you think that you’ve rid your PC of malware infections, double-check your online accounts, such as for your bank, email, and social networking sites. Look for suspicious activity and change your passwords–because some malware can capture your passwords.
If you have a backup system in place that automatically backs up your files or system, consider running virus scans on the backups to confirm that they didn’t inadvertently save infections. If virus scans aren’t feasible, as is the case with online systems, consider deleting your old backups and resetting the software to save new backups.
Keep Windows, other Microsoft software, and Adobe products up-to-date. Make sure that you have Windows Update turned on and enabled to download and install updates automatically. And if you receive any pop-ups messages from Microsoft or other legitimate companies to update your system’s software, do it immediately.
Eric Geier is a freelance tech writer. Become a Twitter follower to keep up with his writings. He’s also the founder and owner of NoWiresSecurity, which helps small businesses easily protect their Wi-Fi network with Enterprise-class security (WPA2 with 802.1X).