Help! My PC is infected with malware (FAQ)

Has your computer been acting funny, crashing, running slow or displaying unusual error messages? Have you been promiscuously clicking on web links and opening up attachments from strangers? You could have a malware infection.

We get questions all the time from readers and friends asking what to do when they think their computers are infected. Here's a primer that should help. It's focused on Windows-based PCs because that's where most of the malware is targeted.

(Credit: CNET)

What are the warning signs of an infection?

An infection may cause the computer to run more slowly than normal, stop responding or just crash. Applications may not work properly and disk drives may be inaccessible. There may be unusual error messages and distorted menus and dialog boxes.

If spyware or adware is on your machine, in addition to it running slower, there may be new toolbars and links in your browser; your home page, mouse pointer or search engine may be changed; you may be redirected to a different web page from the one you typed in; and there may be pop-up ads even if you are not connected to the internet.

But slow downs and other problems don't necessarily mean your computer has an infection. It could mean that there is some other problem with your system. Your disk could need defragmenting, you could need to add memory to your machine or there could be some other issue. (To deal with non-infection slow-down and other issues, there are some tools. CCleaner, is an excellent free utility for tune-ups, browser track remover and dead registry keys. IOBit Smart Defrag and Auslogics Disk Defrag are good defraggers. Windows 7 tends to not need defragmenting help the way that XP does. System Mechanic is another helpful maintenance tool.)

Typically, fake antivirus is the only malware that shows itself and that's because it's designed to trick you into thinking you have an infection so you will pay money to have it cleaned up, said David Perry, global director of education at Trend Micro. "The bad guys are building the smallest, lightest, most undetectable items they can so you don't get symptoms at all," he said. "They are entirely silent and entirely invisible."

What are the chances I'm infected?

Even if you practice safe computing and don't click on random links that lead to malicious websites or open unsolicited attachments hiding a virus or trojan, you could get infected. Searching for free stuff and using porn and pirate websites can also increase your chances of encountering malware. Legitimate web pages can be hiding malware that gets stealthily dropped on your computer in so-called drive-by downloads. More than 1 million websites were infected with malware during the second quarter of this year, many of them innocent sites whose administrators are unaware of the hidden malware, according to anti-malware service provider Dasient.

Given that an estimated 40 per cent of computers are not running antivirus software and that some malware disables security software, which opens the door to additional infections, there are many more infected computers than people realise.

How do I check for an infection?

There are a many free online antivirus scanners that can scan your computer for viruses and other malware, including Trend Micro's HouseCall and Malwarebytes. (For the Mac there's the free ClamXav virus scanner.) Every major antivirus vendor offers scanners. Trend Micro's Perry suggests getting a second opinion if the scan fails to detect an infection and running a second scanner from a different vendor. Chances are that if one scanner misses an infection the other one will catch it since they use different technologies. However, outside of scanning for a potential infection it is recommended that you use only one antivirus software for ongoing protection as running more than one may cause system slowdowns.

How do I remove an infection?

Most of the anti-malware scanners include tools for removing the problem program once it has been detected. Microsoft has its own Malicious Software Removal Tool, which is updated to detect new malware every month on Patch Tuesday, checking for specific malware on the machine. Another good resource is the Bleeping Computer forum, which specialises in free help to remove malware. It's helpful for those who are patient or on a severely tight budget. The forum is also excellent at helping users diagnose the difference between malware-caused performance problems and non-malicious ones. However, if using the removal tools doesn't do the job, or you are not computer savvy enough to dive in to your system to try to remove the malware yourself, you might have to contact tech support through your security software provider or an independent firm. Microsoft's Consumer Security Support site requires users to run the company's free anti-malware scan before an agent can help.

Getting tech help to clean up an infection can wind up costing as much as several hundred dollars for a complicated job. Support can be done over the phone and some services can reach out to your computer over an internet connection to perform the fix. In worst cases, the machine can be taken in to a shop or sent to the vendor and the hard drive will need to be wiped and the operating system reformatted and re-installed. It's always a good idea to make regular backups of your data and store it on a separate hard drive or to use an online backup service. And you should keep your operating system recovery disks in case of such an emergency.

How do I manually remove it?

The first thing you might want to do is attempt a System Restore to a known clean state. The goal is to return your system to the condition it was in before the infection. If you don't have a clean copy of your system some people suggest ignoring or even disabling System Restore so that the malware itself is not restored when you reboot. To disable System Restore click "Start", right-click "My Computer" and click on "Properties". On the System Restore Tab click the "turn off" box and "OK".

You can try looking for and uninstalling any aberrant programs under "Add/Remove Programs" in the "Control Program". Before deleting any files or programs, though, you should search for them on the web to see what other people have said about the threat. There's a good chance that others have encountered it before you. You can also submit a file to most security vendors through their websites. If you don't have access to a clean computer, it's worth the extra time to go to a public library or internet cafe and check from there. Be careful not to confuse corrupted system files with malware infections. Sometimes installing or uninstalling a program can accidentally corrupt essential system files. Always do a web search on the suspect software before assuming it's malware. If you're seeing the blue screen of death, it's unlikely to be an infection.

You can then reboot your computer in Safe Mode by restarting it and pressing "F8" until the Windows Advanced Options Menu is displayed. Select "Safe Mode" from the menu and hit "Enter". You can run the anti-malware scanners now for a more sanitised scan.

If this all fails to clean the computer, you can download the free HijackThis tool. It examines vulnerable or suspect parts of your system, such as browser helper objects and certain types of Registry keys and generates a log of items. If you can't make sense of the logs, you can post them to forums like Bleeping Computer or Geeks To Go where more knowledgeable people can take a look. Don't expect immediate answers as these are volunteers.

For an even more hands-on approach to the clean up, you can use the command prompt. Find it through the Start menu among the "Programs" under "Accessories". Then you must try to locate the virus file. If you think you got infected from an email, you can find it in the email attachments folder. Often a virus will show up in the system folder or temporary folder. You can remove the permissions with this command "attrib -r -a -s -h VIRUSNAMEHERE.vbs. To remove it from the system type "del VIRUSNAMEHERE.vbs.

If all else fails, you may have to do a clean install of the operating system and applications. Microsoft has information on how to do it safely here.

How do I prevent future infection?

Use antivirus, anti-spyware and firewall software and keep it all up-to-date. Apply the software updates for the applications you use. Programs like CNET TechTracker and Mozilla Plugin Checker can help remind you when you need to update your applications. Software like AVG LinkScanner and McAfee Site Advisor can help alert you to unsafe web pages. The NoScript Firefox plug-in is used to block malicious scripts hiding in JavaScript and Flash. Microsoft has more general tips about safe computing practices on this page. There are also free Microsoft versions of antivirus software Security Essentials and anti-spyware software Windows Defender. Meanwhile, CNET has created a Windows Security Starter Kit that has multiple recommendations on antivirus, anti-spyware, browser add-ons and other programs.

Of course, all the best software in the world can't protect you if you are reckless. Specifically, you should avoid clicking on unsolicited web links and opening dubious attachments. You can verify email addresses and web links by typing the main URL into a browser, particularly for sensitive sites like PayPal. You should also avoid inadvertently downloading malware on sites by not clicking "agree", "OK" or "I accept" in banner ads or pop-up windows. Instead, you should press "CTRL + F4" on your keyboard and if that doesn't close the window, press "ALT + F4" to close the browser.

CNET's Seth Rosenblatt contributed to this report.


Add Your Comment 5

Post comment as

Decaps posted a comment   

1 more thing, ive just tried to download malewarebytes and i was refused entry to the website from the google link to it from the infection,

basically, if you get stuck on this aswell select the CACHE'd search option and your in


Decaps posted a comment   

if your stuck with trials, try and get a torrent for the full version, they generally come with instructions, 'The pirate bay' is a good place to start looking, easiest way to search it is going onto a search engine, type what torrent you need followed by tpb (the pirate bay) and remember to read the comments from others that have previously downloaded the same torrent to make sure it has safe content, ull also need a bit torrent downloader, UTorrent is what i use and it works realy efficiently, just remember to turn it off after because it will slow your net while its' open


DiscoStu posted a comment   

How do I prevent future infection?

Well you could just get a Ma...

...ooh, I cant say it!!! ;-)


The man posted a comment   

I work in a computer store and most the stuff here is what we use and most computer stores use to clean customers conputers. There is more advanced things ou can do to get rid of the really hard ones but this is a good article.


RugbyDude98 posted a comment   

Some of these things are only Trials!!!

Sponsored Links

Recently Viewed Products