Windows 7: When faced with malware attack in progress how do you handle it?

I really haven't seen a really good all encompassing thread on this anywhere that I can think of.

For example you go to visit what you think is a secure website, upon loading you notice that your browser starts to hiccup and freeze, perhaps you see the dreaded PHONY 2012 Security boxes pop up.

How do you handle it?

Pull the power cord IMMEDIATELY?
Try to kill browser .exe in the task manager
Turn the system off with the power button?
Other approach?

Also when you go to restart the PC what line of attack do you use after booting in safe mode?

Really like to hear from the gurus on this too.

Thanks.

I would shut down and run Malwarebytes in Safe Mode or Windows Defender in Boot mode, or one of the other free AV rescue disks.

Then after repeat disinfection comes up clean, if necessary repair System Files.

You may have to do more repairs, System Restore, or even copy out your files to quarantine and then run Factory Recovery or Clean Reinstall.

All of the above steps have tutorials collected here: Troubleshooting Windows 7 Failure to Boot - Windows 7 Forums

@gregrocker:

But what would your preferred method of shut down be?

My logic tells me that although it is not great to pull the power cord, it is the fastest way you can stop the infection..because the moment the power is lost no more damage can be done. Correct?

Usually even pressing the power button the system takes a few seconds extra to react.

You can do a hard shut down by holding the power button so no more damage can be done if it's taking forever to Shut Down.

If this is a frequent thing I'd want to know why you're getting infected. Are you using MSE with Windows Firewall keeping Updates current? Running free Malwarebytes and perhaps SuperAntiSpyware scans monthly? If that's not enough I'd add Malwarebytes Real Time paid protection, and perhaps SAS as well.

Greg:

Just to let you know, I haven't been infected YET. I just want to refresh my recollection of what to do if, and when something like I mentioned above might happen.

I actually think that because I have been so diligent and cautious about preventing infection that I've have forgotten about specifics when it might occur.

Everyone has different ways of handling a virus attacks of the type that you have described. As for me, I am paranoid about viruses. I shall do the following.

01. I shall shut down the PC any which way. Perhaps by first disconnecting it from the Net, but it is not really important.

02. As I work with back-up images, I shall reboot the PC with the imaging boot CD and restore the immediately previous image. I should be up and running in about 10 to 15 minutes with all traces of the attacking virus gone.

03. I would then avoid the web-site that did me in like the plague.

04. I shall look into the possibility of changing my Anti-Virus Program that was not able to prevent the attack in the first place. Normally all good A-V Programs should have been able to do it.

If however I had not been working with images then I would still reformat the drive and do a clean re-install of Windows 7 and immediately create am image of it. After that I shall install all my third party programs like A-V, Word Processor etc and when done create another image. This may take up to 6 hours or more depending upon how many third party programs one would have to install once again. With that done I would feel secure enough from any virus attack in the future that should most likely not have occurred if I was using a good A-V Program.

Depending on the type of attack (and you may not have the luxury of taking the time to figure it out unless it's obvious), I might be tempted to go for the network cable first. If you're on a wireless connection and are right next to the router I'd pull the power plug on that.

Most serious infections can require a Clean Reinstall, Factory Recovery or Reimaging - hopefully you have your latest data set backed up externally, since resueing it from an infected install is risky in itself.

Wanchoo has a good reminder that the modern way to do reinstalls or recovery is to keep a System image of your installation so it can be back up and running in 20 minutes - then adding in the latest data set, or having it on another HD is even better.

Backup Complete Computer - Create an Image Backup
Macrium - Image your system
System Image Recovery
User Folders - Change Default Location
Library - Include a Folder - Windows 7 Forums

Using the keystroke combination "Alt+F4" will immediately close the window that has mouse focus. The benefit of using the keystorke combo is, it will not cause any background applications to close unexpectedly while processing data. The process of pullling the plug, and forcing all applications to close without properly shutting down, can create problems of its own.

I also recommend the ALT+F4 method, it has saved me from a fake AV scan. Sometimes using the X to close a window not only won't work but will "allow" the fake scan to keep on going. Physically disconnecting from the outside world anyway you can is also a great idea.

After wards there are the previous good steps to follow, especially the scans in Safe Mode then in Windows normally.