Monday, March 19, 2012

TIPS - How to Clean Virus from an Infected PC

Sadly, even with an antivirus software installed, virus infection is possible and even commonplace among Windows PCs. This could be caused by an out-dated antivirus software, detection engine, pattern file, or even a weakness of the antivirus software itself.

If your PC is unfortunately being infected, here's an outline of steps to clean your system.

First, remember that in most cases it will be a waste of time trying to use your already installed antivirus software to clean the virus. The very fact that it can't stop your computer from infection reveals its ineffectiveness against the virus.

A fast and simple approach, use Windows system restore. If you haven't disable this Windows built-in feature, probably you'll be able to restore your system files and state to an earlier time, probably a time when your system is not yet compromised.

Next, you should boot your PC in Safe Mode. Reset your computer, before entering Windows and the Windows Logo appears, press F8. Choose Safe Mode. You will not want to use "Safe Mode with Network", if ever possible. Holding Shift key when Windows startup will also bypass startup programs, which is a good way to stop malicious programs from loading at startup.

Once you can successfully enter Windows, go to Start, Run, type msconfig, press ENTER. Go to the Startup tab, uncheck any programs that are suspicious. If you are not sure, find another clean PC to search for more information about these programs, then decide which ones should be loaded and which ones shouldn't.

Now, you need to do a full scan of your computer. A very good tool I like to use is Trend Micro's sysclean. On a clean PC, download these files to a folder, extract zip files and put all files in one folder.

Sysclean with Engine: http://downloadcenter.trendmicro.com/index.php?regs=APAC&clk=latest&clkval=353&lang_loc=3

Pattern File: http://downloadcenter.trendmicro.com/index.php?clk=tab_pattern&clkval=33&regs=APAC&lang_loc=3

You need to copy these files to the hard disk of the infected PC and start a full scan. DO NOT USE A THUMB DRIVE WITHOUT A WRITE LOCK. Any USB thumb drive or flash memory (without lock) you have may have already been infected. Make sure that you're using a clean or new flash memory (like a SD Card with a write lock, this will protect your memory card from infection) to copy files. Another way, burn the files to a CD-R.

Copy all the needed files in one folder, run the sysclean program on the infected PC.

After full scan, reboot your computer.

Scan all your memory cards, USB thumb drives, external HDD, etc., that may have a chance to be infected because they've been plug into the infected PC. To do so, I like to keep a Linux PC or laptop to do the work. Format them before use.

What antivirus software is most effective and should be installed?
I don't believe there's any antivirus solution which is 100% effective. What you can try, is to install your favorite antivirus with the cloud-based antivirus software - clamav. Clamav has a solid user-cloud, which keeps it very efficient in responding to new virues and security threats. In most cases, it won't conflict with other brands' antivirus. Moreover, it's very light weight, won't significantly slow down your PC. The current version works even without the cloud, when no network connection.

What are some good practices to avoid virus infection and network attacks?
Most effective - your awareness! So many times, a system was infected not because of the antivirus solution ineffective, but the user is too careless, too lazy to check any message that pops up and prompt and warn the user. They are simply being ignored by the user!!

Some other good practices - same old stories - regular Windows updates, apply any service packs available. Do not visit, download, nor install any software from websites that you do not really know. Understand and evaluate the risks before you install any software.

Windows XP platforms are too vulunerable to virues to be used. Migrate your system to Windows 7 or higher. Another effective measure is to stop the Autorun feature, when thumb drives are pluggin.

Do not stop your Windows firewall just for your own convenience, but simply make your system easier for hackers and virus attacks.

Set strong passwords to your user and administrator accounts.

If you're using a router to share Internet, you should make sure that the router is probably set, especially when Wifi in enabled. Stop using WEP. Use WPA or WPA-2, with keys not easily cracked. Most routers will prompt you for security concerns when the key is not strong, don't just ignore it.

Final words, precaution is always better than cure. When a system is infected and compromised, often it's hard to assess the damage. Recovery is never 100%. Any serious IT professionals will tell you, there is no other option, but reformat, reinstall everything...

No comments:

Post a Comment