Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Things you need to do when your pc is infected

18 May 2010   #1
Capt.Jack Sparrow

Windows 7 Ultimate - 64-bit | Windows 8 Pro - 64-bit
 
 
Things you need to do when your pc is infected

THINGS YOU NEED TO DO WHEN YOUR PC IS INFECTED




For those who are facing the challenge of malware removal, here's a basic guide on what to do when the system is infected.
But I strongly recommend posting a question for there are times when ComboFix and MalwareBytes are unable to remove the infection. For malware that patched system files we need to determine which file is patched and replace it before we can continue the cleanup process and run diagnostic tools.



" ISOLATE THE INFECTED SYSTEM:

The very first thing you should do is to isolate the infected system from the network to stop the spread of infection.
Turn off the internet connection except while you're downloading the tools to use which shouldn't take long. Or you can use another pc with internet access to download the files into a USB. Unplug the network cable, turn off wireless connections of the infected system. Do not share removable media device.



" LEAVE SYSTEM RESTORE TURNED ON:

DO NOT disable System Restore, you need to keep those restore points intact in case you need it later, you can disable it afterwards when the PC is clean and stable.
Any viruses in the System Restore (if there are any) are harmless so they pose no threat while in that folder.
For further information about viruses in System Restore check out below link --> Viruses in the System Volume Information (System Restore).



" BACKUP YOUR DATA:

As a precaution, you need to back up your important files now while you still can just in case something goes wrong during the cleanup and you have no choice but to reformat. Bear in mind that you MUST scan the backup before you start using them.



" ERUNT (Emergency Recovery Utility NT):

Some malware will turn off System Restore and other windows features to lessen the PC's functionality. If you noticed that the System Restore had already been turned off or tabs are grayed, use ERUNT to do a complete backup of the registry. Registry export is not good enough. Removing nasties requires making registry changes and if the registry is corrupted it can prevent the pc from booting. The ERUNT backup can then be restored later if needed.

Complete ERUNT tutorial:
t-online.de

If the virus has already disabled SR and you don't have ERUNT backup then the next thing you should do is run ComboFix before you run any other tools so you have a registry backup. Post a question and we'll guide you with its usage.



" DOWNLOAD THE TOOLS AND START THE CLEANUP:

Download the programs needed for the cleanup. There are many free tools out there but these ones below are among the most commonly used, they work well and they are FREE.
Usually MBAM or ComboFix alone will remove most infections but it's good to also clean temp folders.

a). ATF Cleaner or TFC
b). MalwareBytes
c). SUPERAntispyware
d). Combofix(with a Helper's guidance). Post a question if using ComboFix and attach the log file for us to analyse.



" SCAN FOR ROOTKITS:

If the problem is not resolved after scanning with reliable scanners, then scan for rootkits, I prefer using Gmer and RootRepeal. Even if the issue no longer exist it's always a good idea to scan with these tools for the reassurance that nothing is hiding.



" DISABLE SYSTEM RESTORE:

Once the problem is resolved and the system is clean, you can then disable System Restore to purge all those restore points, then turn it back On and immediately create a new and clean restore point.

How to turn Off/On System Restore:
How to turn off and turn on System Restore in Windows XP



" PREVENTION:

Prevention is better than cure so make sure that you have the 3 basic security real-time protections in-place, without doubling each one.

1. Antivirus
2. Firewall
3. Anti-malware

Make sure all your installed programs have regular updates and windows have all the critical security patches. Tighten security features in your browsers, if using Firefox use the 'no-script' add-on.
Install the latest version of java to minimize the risk of vundo threats as lower versions are very vulnerable to vundo exploits.
Use a customized Hosts file to block unwanted nasties. Browse the internet using a limited user account, even though this (LUA) is 'not useful' against the rogue family of antivirus it is still better than browsing online with an Admin account.

NOTE: the best protection is User Education.

For more in-depth info on prevention please read below links:

TonyKlein's article "So how did I get infected in the first place?
miekiemoes' "How to prevent Malware"
Simple and easy ways to keep your computer safe and secure on the Internet:

Source: THINGS YOU NEED TO DO WHEN YOUR PC IS INFECTED

Hope this helps,
Captain


My System SpecsSystem Spec
.
18 May 2010   #2
joel406

Windows 7 Ultimate x64/x86 Windows 7 Pro x64/x86 Windows 7 Home Premium x64/x86
 
 

I hope they sticky this.

Also you should have mentioned Imaging your system while its virus and problem free.

Many(myself included) keep current images of our systems incase of attack, infection or general windows blunders.

It is the fastest way to get back on your feet.
My System SpecsSystem Spec
19 May 2010   #3
swarfega

Windows 7 Professional 64-bit
 
 

Very useful information, thanks.
My System SpecsSystem Spec
.

19 May 2010   #4
Dinesh

Windows® 8 Pro (64-bit)
 
 

Very nice Bhai.
My System SpecsSystem Spec
19 May 2010   #5
Capt.Jack Sparrow

Windows 7 Ultimate - 64-bit | Windows 8 Pro - 64-bit
 
 

Thanks !! Glad that you find it helpful !!
My System SpecsSystem Spec
19 May 2010   #6
Corrine

Windows 7 & Windows Vista Ultimate
 
 

Notes:

ERUNT compatibility: Registry Backup and Restore for Windows NT/2000/2003/XP. For Windows Vista, it is necessary to turn off System Restore.

ComboFix: Strong advisory to not use unless requested by a trained member of the security community.

Tony Klein's article, "So how did I get infected in the first place?": Coincidentally, I a lot of time yesterday updating the sites where I "maintain" that article. Updated version: "So how did I get infected in the first place?" © Tony Klein.
My System SpecsSystem Spec
19 May 2010   #7
CarlTR6

Windows 7 Ultimate 32 bit
 
 

Captain, this should be a tutorial. Very good job.
My System SpecsSystem Spec
19 May 2010   #8
Capt.Jack Sparrow

Windows 7 Ultimate - 64-bit | Windows 8 Pro - 64-bit
 
 

Quote   Quote: Originally Posted by Corrine View Post
Notes:

ERUNT compatibility: Registry Backup and Restore for Windows NT/2000/2003/XP. For Windows Vista, it is necessary to turn off System Restore.

ComboFix: Strong advisory to not use unless requested by a trained member of the security community.

Tony Klein's article, "So how did I get infected in the first place?": Coincidentally, I a lot of time yesterday updating the sites where I "maintain" that article. Updated version: "So how did I get infected in the first place?" © Tony Klein.
Thanks for the additional Tips Corrine !!
My System SpecsSystem Spec
19 May 2010   #9
Capt.Jack Sparrow

Windows 7 Ultimate - 64-bit | Windows 8 Pro - 64-bit
 
 

Quote   Quote: Originally Posted by CarlTR6 View Post
Captain, this should be a tutorial. Very good job.
Thanks Carls !!
My System SpecsSystem Spec
19 May 2010   #10
metalmania31

Windows 7 Pro 64bit build 7601 SP1
 
 

You should add to run those programs in safe mode too. That way the malicious program won't run.
My System SpecsSystem Spec
Reply

 Things you need to do when your pc is infected




Thread Tools




Similar help and support threads
Thread Forum
I am infected.
I was looking for info on a new korean game called tree of saviour and i found a webpage siliconera.com which apparently had a good image of the game classes so i tried to go into the page and suddenly a windows want to execute cmd something came up and i went full retard and put yes my laptop...
System Security
What things i should keep in mind when buying 2nd hand things???
Guys,I am going to build a gaming pc which components will used items.Can u tell me which things should i recall in my mind while buying used HDD,GPU,PROCESSOR,MOTHERBOARD,RAM,DVD DRIVE,PSU etc What i figure out what ever i buy it must have warranty.Any advice is very...
Hardware & Devices
Am I infected?
Hello to all, Thank you for any response. Yesterday while running Malwarebytes Antimalware a scan on W7 Ultimate 64 bit it seemed to freeze up, now to be honest on certain cab or manifest files it can take a long time. But the clock was over 5 minutes slow, cursor immovable, and Task Manager...
General Discussion
Have you ever been infected?
Yes. During the years of IE6 we used Norton. It was regularly finding viruses/malware until we switched to Firefox. We switched to AVG. It found at least one threat my dad had downloaded. We tried ESET and I downloaded a program that 1000s had downloaded and a few said it was clean. It seemed to...
System Security
Does this look infected? LOL but seriously..
I just did a netstat and saw a few foreign things but I am not sure what windows uses. Proto Local Address Foreign Address State TCP 127.0.0.1:49272 Tino-Laptop:49271 TIME_WAIT TCP 192.168.1.6:445 Tino-Media-PC:50399 ESTABLISHED TCP ...
Network & Sharing


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 10:06.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App