So, You Think You Have a Virus?

By John Rainville

So, you think you may have a virus, Trojan or worm on your computer?  Removing a threat can be as simple as allowing your anti-virus program to quarantine or delete the threat or in worst cases; you may have to manually remove it. 

If you believe you have a virus, record the name of the virus and connect to this link for information about the virus and its removal. The list is not complete but the most popular viruses are listed.
http://www.symantec.com/enterprise/security_response/threatexplorer/threats.jsp?src=symsug_us

Keep these tips handy when attempting to remove a threat:

1. Try to restore your computer to an earlier date using System Restore. Go to your start menu and click on accessories, system tools, system restore.  Choose to restore your system to an earlier date.  If you have any restore points set, you can choose which one and follow the procedure.  If you have never created a restore point use this lesson on how to create on and after your computer is clean go back and create a restore point for the future.  Restoring to an older date does not cause you to lose your documents.  Instead, it restores Windows to that date before the virus was activated. When your computer is running well, you should create a restore point about once a week.  Once restored to the old date, re-run windows updates and make sure your anti-virus is up to date.   If you have attempted to restore and have failed, go on to the next step.

2. Turn off system restore when removing a threat that cannot be cleaned by your anti-virus by right clicking on the My Computer link on your desktop or start menu. Once you have right clicked on it, and then left click on properties.  A box should display with computer information. If you are running Windows XP, click on the system restore tab or if you are running Windows Vista, click on the system protection link under tasks on the left side.  Why turn it off?  Well, if you don’t turn it off and the threat is in the Windows system file folder, once you clean the threat and reboot the computer, the threat will return because windows will place it back in the folder.  Windows is designed to prevent you from deleting files in the Windows system folder and to protect the files. System restore is the method Windows uses and unless you turn it off, it will simply replace the threat and your virus will return.  Anyway, once you get your computer clean you should return to system restore, turn it back on, and create a restore point for the next time you have to deal with a virus.

3. Run a scan in safe mode.  Running a scan in safe mode allows the anti-virus scanner to identify and clean viruses when they are not loaded into memory.  Most viruses load when Windows starts up and by booting up into safe mode prevents them from starting.  To boot up into safe mode, press the f8 key while your computer is starting up and choose safe mode.  The screen will look a little funny and you may have to adjust windows sizes once the screen appears but it is the best mode to scan for viruses.  Once started, run your anti-virus from the program menu.

Did your anti-virus work and did you clean the virus?  If so, reboot the computer into regular mode and re-scan the computer.  After a successful rescan regular mode, turn system restore back on and create the restore point as previously discussed.  If you are unsuccessful, you may have a virus that cannot be cleaned by a regular scan and have special a removal tool created for it.  Click on the link below to see if your virus is listed and if so, download and run the fix.

http://www.symantec.com/enterprise/security_response/removaltools.jsp?src=symsug_us