Clean up infected computer from viruses



Possible Duplicate:
What to do if my computer is infected by a virus or a malware?

I have a computer which had AVG Free installed from day one. After several months of operation, it starts detecting viruses and trojans all the time.

Besides running a full scan, what should I do to clean the computer? Should I install another anti-virus or anti-malware tool (can it help?), or once viruses infect a system the only real solution is a clean format?

(Lately I've heard of viruses that burn themselves in the BIOS, so a clean format might not always work ... how common is this technique? Should I burn a fresh BIOS as well?)


Posted 2009-08-17T09:14:15.867

Reputation: 9 293

Question was closed 2010-04-15T09:37:44.317



once viruses infect a system the only real solution is a clean format

This. Once your system is infected, you cannot trust any program it's running not to be interfered with by the virus - including all antivirus software. Theoretically, you could boot an antivirus system from CD, but even then, you can't be sure that the virus hasn't hidden a copy of itself deep in some executable from where it can reinfect the system.

Lately I've heard of viruses that burn themselves in the BIOS, so a clean format might not always work ... how common is this technique? Should I burn a fresh BIOS as well?

Pointless, since you'd be doing so while a hypothetical BIOS-resident virus is running. The only way to be certain would be to remove the BIOS flash chip and rewrite it using dedicated flashing hardware.

But I think BIOS-resident viruses have so far occurred only as proof-of-concept implementations and not been spotted "in the wild". It sounds nasty but is not actually very attractive to virus writers, since it would have to deal with (at least) dozens of different motherboard families, each with its own proprietary BIOS flashing protocol.

Michael Borgwardt

Posted 2009-08-17T09:14:15.867

Reputation: 3 047

"Once your system is infected, you cannot trust any program it's running not to be interfered with by the virus" -> Hey, are you an advanced user? A lot of viruses does not any files because so they won't be hidden from antivirus companies. Have you heard about code signatures? If you run Process Explorer and Autoruns ( you can see the viruses in action and can certify some code signature from processes. And since I used Win XP, all infected files could be replaced with original easily. You are talking about the worst case. 90% could be fixed without formatting. – kokbira – 2010-12-07T12:06:53.540


To avoid reinstalling, simply pull your infected hard disk and disinfect it from another (known clean) PC, attaching it either with a USB/IDE/SATA converter or directly on the IDE or SATA as a second drive.

This absolutely prevents the virus from defending itself, since it isn't running anything on the new host computer. Be sure to avoid auto-run if using a USB adapter.

I've had complete success with this method with several computers. As for the BIOS virus, I'll believe it when I see it.


Posted 2009-08-17T09:14:15.867

Reputation: 4 632


I agree with Michael's answer -- clean install is the only way that really makes sense.

On a side note, don't install more than one antivirus. They have to dig deep into the operating system and they usually don't play very well with each other.

Tomas Sedovic

Posted 2009-08-17T09:14:15.867

Reputation: 1 062


Method: A

1) Change you AV(anti-virus) to Avast, Avira or some paid variant (Kapersky). Download you AV of choice before hand and put it on some media if possible.

2) Before formatting C:\ or whatever drive you XP resides on , you might want to consider the following: do you have any wedding pictures or music files that are important and need to be backed up to some external HD?

4) If so, back them up first, and then scan the external HD to make sure there is nothing on it, after backing up all the important stuff.

5) Make sure you have access to all the drivers(sound, video, etc) via online or some CD on hand, cause you will need to re-install a majority of them if XP does not pick some of them up.

6) Backup this file: wpa.dbl found in C:\windows\system32 . Wpa.dbl allows you to not have to activate your XP again or have issues activating XP, since you already did it, you just copy this file back into the same folder after re-install.

Method: B (lazyman/I don't want to formact C:\ but have some time on my hands):

1) Physically remove the HD from the infected computer, and change the jumper settings to slave.

2) Install in a working PC, preferably one that is not infected with viruses or a Linux or Unix box and mount infected drive.

3) Use a ton of standalone scanning tools for both malware and viruses to scan the infected HD.

4) When this is done, switch over to some online tools and do the same thing, scan for malware and viruses.

[Disclaimer: complete list of some tools I use for this are furnished upon request.]


Posted 2009-08-17T09:14:15.867

Reputation: 261


Thats the virus program i would recommend, that or Kaspersky one. Download the trial/buy it and do a full scan. After that id recommend using spybot to remove any doggy adware/spyware, this tools is free ( I would NOT install any of the real time protection things ).

Its true that some proof of concept virus put them self between the BIOS and OS, i have not heard of any of those in the wild so unless your the target spesfic attack ( And thats unlikly considering your running a "free" virus program).

If your computer is heavly infected then its possible you need to reinstall. I would do that after i had clean out the viruses with and spybot if the computer was still crashing / misbehaving.


Posted 2009-08-17T09:14:15.867

Reputation: 258

1"Kasprey" = "Kaspersky". Don't have enough rep to edit answers yet. – Isxek – 2009-08-17T13:02:22.010


In couple of cases I have successfully cleaned up my computer from viruses with the help of Sysinternals' "Autorun", and a good anti-virus software.

On the following pages you can find comparisons of anti-virus software:

Basically, Avira, Avast, and AVG tops the charts, and the free versions are as competent as the priced versions.


Posted 2009-08-17T09:14:15.867

Reputation: 4 243

Yeah! I love Autoruns. Use also Process Explorer to see running processes and to kill them before removing from Autoruns entries. – kokbira – 2010-12-07T12:09:03.900