Dealing with a virus attack

If your computer is infected with a virus – don’t delay, remove it immediately before it can do any damage. Firstly you must identify the virus. Google the symptoms or messages you are receiving and there is likely to be other users who have experienced the same virus. You may also want to run an online scanner such as Microsoft Safety Scanner. If you are already infected, chances are that your anti-virus software hasn’t been able to deal with the virus. It may be worth running a scan, but don’t be surprised if it doesn’t help!

If you can connect to the Internet, simply go to the Microsoft Safety Scanner webpage, download the scanner and follow the instructions. If you cannot get online, try safe mode with networking enabled. To do this press the F8 key. On the Advanced Boot Options screen, highlight ‘Safe Mode with Networking’. You can then attempt to identify the virus and remove it.

Sometimes a virus needs to be removed manually. Often the virus is well cloaked. Even if you find the filename, it may be difficult to delete. Sacrificial files are used by cyber-criminals to hide the real executable files. Looks for clues about how it behaves and search online. Once you have researched the virus and found out where it may live, run msconfig and identify the exact location.

Boot into safe mode by checking the box in the ‘boot’ tab in msconfig. As you are in safe mode, the virus will not be running. Navigate to the registry and find the location of the virus and all possible mutations. If you unsure whether a file is malicious or not, right click the file and click modify. By putting a colon ‘:’ in front of the value data, the virus will be disabled on start-up and you can see the effect it has. Once you have found the virus, delete the registry entry. To be certain run CCleaner to scan the registry and fix any issues.