Virus Removal/Recovery Procedure
The following is a general procedure to follow when you suspect a PC has a virus.
Step 1 - STOP USING YOUR PC IMMEDIATELY
It is imperative that you stop using your PC immediately. The longer you use your PC, the more time a virus has to infect other files or damage your computer further.
Step 2 - ASSESS WHAT VIRUSES ARE PRESENT
To assess what viruses are present on your PC you must boot from a "clean" (uninfected) CD or diskette that contains your anti-virus software. Both McAfee Antivirus and Norton Antivirus software come with bootable CDs which can be used to scan your hard drives for viruses.
Do not use any antivirus software previously installed on your hard disk, as some viruses actually can disable or infect the antivirus software itself. You must use a diskette or CD which is known to be uninfected.
If you do not have a PC which can boot from a CD (some PCs need to have their BIOS settings adjusted to boot from a CD drive before attempting a boot from the hard disk), you need to create bootable diskettes from the antivirus CD using an uninfected computer. Do not use any diskette that has previously been inserted into a computer that is suspected of a being infected, since such diskette is likely infected too (unless it was physically locked against writing).
The antivirus software should scan all hard drives on your PC for infections. Be patient, this may take a long time, but is absolutely necessary in order to assess what viruses have infected your computer.
Take note of which viruses are being reported, which files have been infected, and what your antivirus software has done with the infected files. Antivirus software can repair, remove (delete), quarantine, or ignore (skip) infected files. Even when a file is reported as repaired, it may no longer be functional as it was previously (the repair removed the virus but made the infected file unusable in the repair process). Quarantined and deleted files will need to be replaced, especially if they were part of the Windows operating software (most DLLs and EXEs).
Step 3 - REMOVE OR NEUTRALIZE INFECTED FILES
If your virus scan reported files that were infected but not repaired or removed, then your hard drive still contains files that are infected by viruses and you will have to manually delete or repair these files. This is more art than science, especially if you are not familiar with what the specific files' purpose is in the first place. Even one missing Windows system DLL can cause Windows to become unbootable, unusable, freeze or crash.
Step 4 - ASSESS DAMAGE DONE
Viruses can not only infect other files but can also do collateral damage. The worst ones can delete entire hard drives, or folders, or files. Some viruses embed themselves into your Windows software during startup.
Use a registry scan uility to check your registry for errors.
Check your Device Manager window to ensure all software drivers for your PC hardware are working properly.
Step 5 - REPAIR DAMAGE
Use the MSCONFIG utility to see what is starting up when you boot your machine. Remove any entries which you do not recognize, being careful not to delete any entries that are necessary for proper operation of software you previously installed.
If the deleted files were installed as part of some software package, uninstalling and reinstalling the software package may be able to repair the damage. If the deleted files were data files, you better have a recent backup of the file to restore it. Even then you may have lost all changes or updates you made since the file was last backed up.
Reinstall software drivers for any hardware that is not working properly.
If all else fails, and Windows still will not operate properly, you may have to restore your hard disk from the Recovery CD provided by the PC vendor (HP, Compaq, Dell, Gateway, IBM) or you may have to reformat the hard disk (losing all your files even uninfected ones!) and reinstall your Windows operatign system from the original installation CD. This process can be logn and costly, as you will have to also reinstall every software package you had previously installed, and reconfigure each one to the state you had configured it previously. Depending on the number of software packages, this could many hours to accomplish, and is prone to error.
questions, problems or suggestions on this web site please contact our webmaster