Removal of viruses using SAFE MODE
Windows has a useful feature called Safe Mode. This is used to start your computer in emergencies, when it otherwise will not start. Safe Mode can also be used for troubleshooting, and for removing viruses.
Safe Mode is a viable option for removal of a lot of advanced infections. Some of these are very hard to remove when the virus is running, but the virus will not be running in Safe Mode. Simply boot Windows into Safe Mode, instead of normal Windows mode. When finished, restart the computer as normal and let it load up normal Windows mode.
To get to Safe Mode, follow these instructions
1) Restart your computer. After the first screen(s) of information, but BEFORE Windows starts to load, press F8. This might take you a few tries, and depending on the manufacturer, you may need to start pressing F8 quickly as soon as the PC starts up. Most computers will take a few seconds before showing a black screen, and then Windows starts to load. Start pressing F8 at this black screen.
2) When you see the STARTUP MENU, choose the option SAFE MODE. There will be additional Safe Mode options, such as Safe Mode with Networking. If you are an advanced user this could help, but for most just ignore these options and choose the SAFE MODE option.
3) Windows loads slower in this mode, give it some time and it will load up. If asked if you are sure you want to use Safe Mode, choose YES.
4) Now you are in Windows Safe Mode. Run your antivirus scanner and delete any detected malware. If you have the virus filename from previous steps, you can delete the file manually. This is only recommended if you are sure, most scanners will run in Safe Mode and can be used to make sure everything gets deleted properly.
Free and easy virus removal tips
This page is a general guide to removing viruses, trojans, spyware and lots of other nasties. It's very common for someone with an antivirus scanner to have problems removing something the scanner detected. Even without a scanner, quite often the removal can be achieved very easily, and without buying another software program! This guide is very general, however the information outlined here is nearly always enough to remove a pesky malware. The first thing of course is to try your virus scanner. In some cases it won't work, you may get a generic error like "access denied" or just something like "unable to delete file". Here's what you need to know, and where to start!
Note - beware of false positives. False alarms DO occur, so before proceeding try to get a second opinion by scanning the file online. If you are unsure, email the file to the scanner's support team to verify an infection.
FILENAME
1) Determine the full filename and location. Either use your antivirus scanner alarm window, or any DETAILS or INFO buttons to find what the virus is called. The full filename and location may be presented like this
c:\Windows\System32\virus.exe
or
File- virus.exe Location- C:\Windows\System32
Both mean the same thing. In the "C" drive there is a folder called Windows. In the "Windows" folder there is a folder called System32. In this "System32" folder, is a file called virus.exe. This is the infected object.
Special case - archives
If the file is located inside an archive, some virus scanners will simply not delete the file. Some common archive types include ZIP, RAR, or CAB files, but you may encounter others like DBX mailboxes. Usually scanner logs will use forward slashes to indicate a compound object like an archive, so in the first example imagine the file virus.exe is in a CAB file called virus.cab. Scanners would likely show the object in this way
c:\Windows\System32\virus.cab/virus.exe
In archive file situations, you have two options - delete the entire archive, or extract any needed files first, then delete it. For example a ZIP file could have a few legitmate files in it, plus one virus. You could check if some more files were in the zip, unzip them, and delete the ZIP file. Then zip up only the clean files for storage reasons.
REMOVAL
2) Now we know the filename, we can go about manual or otherwise removing the file. At this stage, simply deleting the file is not going to work if you already tried with the antivirus "clean", "delete" or "quarantine" options. The file must be "in use". When a file is being used, it cannot be deleted. In the case of an EXE file, it is either running or some program has protected the file from being deleted.
First, check these possibilities..
Is the file in a folder called System Volume Information (WinXP) or _RESTORE (WinME) ?
These are easy to remove ! See Removing viruses from System Restore
Try deleting the file in Safe Mode. Be sure to update your antivirus databases and any other scanners first!
See this link removing viruses from Safe Mode
Try killing the program with a Task List program (like Task Manager).
Does the virus show up as a running file ? In our example, it would show as "virus.exe" in Task Manager, without the location - so be careful of getting the wrong file! Try our tool APT - Advanced Process Termination. Terminate any Windows program!
With APT, the full path is shown - so the example would show as C:\Windows\System32\virus.exe
Start the computer but don't allow the file to run, then delete it!
ProcessGuard users can try blocking the file from running, then reboot and just delete the file.
See this ProcessGuard article for detailed info. If it can't start, it can nearly always be deleted!!
SUPPORT
3) Contacting your software vendor for support should be the next course of action. The virus or spyware scanner you are using could have problems with a particular virus or type of file, and sometimes specialist removal tools could be available just for that virus
No comments:
Post a Comment