Ask Leo: How do I recover from a bad virus infection?

askleo

By Leo Notenboom

Over the past weeks on my machine:

I’ve had frequent re-infections of some virus or Trojan that resets my IE home page, disables Task Manager, and blocks my access to System Restore.

Several times each day, I run AdAware, Spybot, and my virus program (Panda) to remove identified infections and spyware.

I read where disabling System Restore and then running a virus scan would clean out any virus strands that were inadvertently being backed-up with each shutdown/startup cycle.

My virus and spyware programs sometime identify Services.exe and Winlogon.exe as viruses. When this happens, these files are referenced as being in located in the C:Windowsinetdata sub-directory (which is not where they should be).

Did I royally screw things up by disabling System Restore? I understand by doing this, I erased all existing restore points so that wouldn’t surprise me.

First, let me say this…

YIKES!

You’ve got a serious infection here that some of us would technically characterize as a “mess”.

In all honesty, I’m not sure that the patient will survive.

Before we bring out the big guns, let’s run through the steps that I’d consider using to try and recover without just giving up and starting over.

Then, after all that, I’ll explain why starting over might well be the most pragmatic, safest thing to do.

Here’s how I’d proceed:

This post is excerpted with Leo’s permission from his blog.

FaceBook URL: Leo’s Facebook

Twitter URL: http://twitter.com/askleo

47 total views, 1 views today

(Visited 4 times, 1 visits today)

3 thoughts on “Ask Leo: How do I recover from a bad virus infection?

  1. This is all well and good but what do you do when the virus has affected anything that is executable, and you can’t open anything? I am at the point of full recovery..

  2. in our daily work in the IT trenches we often find the virus or malware has written itself in the boot sector and the reinfection propogates from here. Also we see another virus, a variant of the much earlier vundo variants and infection into the router itself, causes redirects and other behaviours.

  3. I have been a T-shirt Graphic Artist for many years. I cannot have my computer screwed up with Trojans and Virus’s that my virus protection cannot detect. All I got from the internet was a bunch of BS for the Trojans I had. I have had to reload the operating system several times to cure the problems. Reloading everything is a laborious task and takes away from my productive time on my computer.

    After reloading the last time, I loaded another copy of the operating system onto Drive D, as a backup so that I would not lose any production time. I then went into the Drive D version and copied Windows, Program Files and Documents and Settings from Drive C, and made them zip files of each and stored them on Drive E for safety. I also moved my Documents to Drive E so that I will not lose them again. I also made a shortcut to this file onto my Desktop.

    This Trojan and Virus problem had risen, again, to where it knocked out my operating system. In this case, I just restarted in Drive D, erased Windows on Drive C and reloaded Windows onto Drive C from my zip file. PROBLEM SOLVED. This operation only took an hour to perform on my computer.

    If you want to do this, the first thing you have to do is to open the Control Panel, open System. On the Systems panel, go to the Advanced tab and click Settings under Startup and Recovery. Under System Startup, press Edit. You will get a Note Pad telling you what system you are opening on when you start your computer. You will see a line of text that reads: WINDOWS=”Microsoft Windows XP Professional”. Change this to read: WINDOWS=”Microsoft Windows XP Professional-C Drive”. When this is done, just press Save on the Note Pad.

    Just remember if you add any new programs to your system, you have to make a fresh zip file of your Drive C.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.