Do you think you can only find a virus and get rid of it with an antivirus? But no, no. Now I will describe to you how you can get rid of it with straight hands. We will use the program to search for files using various parameters.
First you need to understand what a virus is.
Virus is an executable file. Those. it has an exe or dll (very rare). If you think logically, such files are not created randomly while working on a computer. Of course, unless you downloaded it from the Internet installation file programs or did not copy something with such an extension. But you know and remember this, and viruses work on the sly.
All that remains is to find it. A free portable utility will help you with this. SearchMyFiles. We will not use it for its direct meaning, but only use its ability to search by date and time.
By the way, the main features of the program are searching by templates, time of creation/modification/access (created/modified/accessed), attributes, sizes, contained text or binary fragments, and others. The results can be saved to a file in text/html/csv/xml format.
To start the link:
Initially, the search window looks like this:
After installing the Russian language (just unpack it into the program folder), it changes:
I think many have already guessed what needs to be done here. If not, look at the screenshot:
So:
- indicate the folders where you should search (usually this is system disk fully).
- specify the mask for files (*.exe;*.dll).
- indicate the time of the file. If you know the time when the virus was discovered, you can indicate it. There are many different parameters there. I recommend specifying either Yesterday, or specify the interval from which to which date. You can specify both access and creation.
This method is suitable for more experienced and advanced users who know the file names.
This method of searching for viruses is also good because it does not depend on the relevance of the antivirus database.
Well, if you consider that this program does not require installation, then you can imagine how useful it is.
For example, your computer was blocked by SMS ransomware or a windows blocker. Are you loading from
Infecting your computer with viruses is not a new topic for every computer user. When loading the operating system, various information windows appear, some programs do not work correctly, the browser start page changes, and various add-ons are installed. It also happens that the computer does not turn on at all or boots for a very long time, then slows down during operation.
If you have at least one of the above symptoms, then you have definitely caught the virus. Therefore, let's figure out what ways you can remove the virus from your computer yourself.
Using antiviruses
The first thing you need to do is check your computer using the installed antivirus program. I have Avast installed, so I’m showing it on it. Find the corresponding icon in the tray and click on it with the mouse.
The main program window will open. Now make sure that you have the latest version of the virus definition installed: in “Settings” go to the “Update” tab. See when the last update was received, if necessary, click on the "Update" button.
From the drop down list select "Full Scan" and click Start. If you have another antivirus program installed, find the same item in it and enable a full scan of your computer.
Thus, we will perform a full scan of your computer for viruses. This process will take a lot of time - 11 hours, however, it all depends on how much information is stored on the computer - the larger its volume, the longer the check takes.
When the process is completely completed, try to disinfect the detected threats. If this cannot be done, then it is better to remove them.
It will be better if we scan the computer for viruses with another anti-virus program: for example, Dr.Web CureIt or AVP Tool. These programs are completely free to use at home, but not for commercial purposes. In addition, they do not require installation on a computer - there will be no conflict with the installed antivirus.
You can download Dr.Web CureIt from the official website by following the link:
https://free.drweb.ru/download+cureit+free/
AVP Tool is a utility from the Kaspersky laboratory that cures an already infected user’s computer. Download it from the official website using the link:
http://www.kaspersky.ru/antivirus-removal-tool
It is better to download programs from the official website so that they are installed Latest updates virus database.
To scan your computer with one of the utilities you have chosen, go to safe mode: When loading the operating system, press the F8 button. Now run the program and perform a full scan.
Once the process is complete, try to disinfect or remove the threats found. Please note that deleting certain files may interfere with the operation of some pirated programs.
Treating your computer for viruses using antivirus programs does not give us a 100% guarantee that it is now clean. To do this, you will need to do a few more steps.
Removing incomprehensible programs from startup
At this point you need, or those that you use extremely rarely. Press the Win+R combination and in the “Run” line write the msconfig command and click “OK”.
A window will open. Programs that run along with the operating system are ticked here. Disable the launch of all programs you do not need: uncheck the boxes next to them. Look for any unclear programs in the list, with an unclear location or manufacturer.
When finished, click Apply and OK.
If you are unsure whether to disable a certain item from the list, hover over it in the “Command” section and look at the file location. Then find it through File Explorer and take note of the date it was downloaded. If this was in those days when the computer was infected, then you can safely uncheck the box.
Video on the topic:
Checking recently installed programs
To do this, go to “Start” - "Control Panel" – "Programs and Features".
In the next window, click on the “Installed” column and look at the latest installed programs. If among them there are ones that you did not install (incomprehensible, unknown name and content) - click on it with the mouse and click “Delete”.
To prevent utilities from leaving any traces behind, use it on your PC. This can be done manually or using special utilities.
Video on the topic:
Checking processes in task manager
Due to workload central processor Your computer's performance may be significantly reduced. If there were no problems or freezes before, but now you are experiencing this, then this may be the result of a malicious program.
Click on the “Start” button and enter in the search bar "Task Manager", then press Enter.
Here, go to the “Processes” tab and make sure that the “CPU” column does not have very large values. If you notice anything suspicious, click on this line right click mouse and select from the context menu “Open file storage location”.
The file location will open through Explorer. Look at "Change date" file. If it matches the number when you supposedly caught the virus, then delete this file and go back to "Task Manager", highlight the desired line with the mouse and click "End process".
Deleting temporary files
At this point we are in which all temporary files are stored. First you need to enable the visibility of files and folders. Go to “Start” - "Control Panel" – "Folders settings".
In the next window, go to the “View” tab and place a marker next to the item "Show hidden files, folders and drives". Click “Apply” and “OK”.
We are looking for another “Temp” folder on the computer:
C: – Users – YOUR name Account – AppData – Local – Temp
Delete all files from it too.
Video on the topic:
Checking the hosts file
Sometimes viruses can get to the hosts file. Go to the following path:
C: – Windows – System32 – drivers – etc
Right-click on the file called “hosts”, select “Open” and open it with Notepad.
For the Windows 7 operating system, the file should contain text as in the figure below.
To reduce requests to the DNS cache and DNS servers, frequently downloaded Internet pages can also be registered in the hosts file. If you notice suspicious information there, delete it.
If you went to the desired folder and did not find the hosts file there, then this may be due to a virus. Turn on visibility hidden files and folders, as described above. Then open the appeared hosts file and see that the text that should be by default is written there.
If it is changed, write everything down as it should be. If the file cannot be edited, create a new one with the extension .txt and the name hosts and write all the text, as in the figure above - for the Windows 7 operating system. For other operating systems, the text is different, so search on the Internet.
Cleaning the registry
This must be done if you removed a suspicious program via "Programs and Features", or terminated an unknown file in the processes.
To open the registry editor, press the combination Win+R. Next, in the Run window, write the command regedit and click OK.
Now on the “Edit” tab, select “Find” or press Ctrl+F. In the search bar, enter the name of the program, or part of the name that you deleted via "Programs and Features" or "Installation and removal of programms". You can also enter the name of the file whose work you completed in the processes in the search bar.
If either a registry branch or a parameter is found by name, it will need to be deleted - select the parameter or registry branch with the mouse and click Delete.
Clearing the browser cache and removing add-ons
If the virus is associated with the browser, then first we will check where the shortcuts created on the desktop lead. To do this, right-click on the browser shortcut and go to “Properties”.
Here in the “Object” field, check that the link leads to the drive and folder where the browser is installed. If the link points to a suspicious file, delete the shortcut and create it again.
To clear your browser cache, use special program eg CCleaner. Download, install and run it on your computer. Then, in the “Cleaning” section on the “Applications” tab, select the required items, click “Analysis”, then “Cleaning”.
Now go to the “Extensions” tab, if extensions are installed there that have unclear names, or you did not install them yourself, click “Delete”.
Creating a Live CD
This will be useful to you if your computer is blocked by a virus: it turns on, but the operating system does not load. How to burn a Live CD to a flash drive or disk and clean up your computer, read the article by following the link.
To do this, you will need another computer from which you can download the image, a blank disk or flash drive. You will also need to change the boot priority in the BIOS. You can also read an article about this by following the link.
When something is wrong in the system or we just want to check the effectiveness of the antivirus installed on the computer, we usually press the three treasured keys Ctrl, Alt, Del and launch the Task Manager, hoping to find a virus in the list of processes. But in it we see only a large number of programs running on a computer, each of which is represented by its own process. And where is the virus hiding here? Our article today will help you answer this question.
In order to determine whether there is a virus in a process or not, you need to look very carefully at the list of processes. In the operating room Windows system Vista, be sure to click the “Display processes of all users” button, otherwise you won’t really see anything. First of all, pay attention to the description of the process in the “Description” column. If there is no description or it is somehow “clumsy”, this should alert you. After all, program developers have a habit of signing their creations in understandable Russian or English languages.
Having noted the processes with a suspicious description, we turn our attention to the next column - “User”. Viruses are usually launched on behalf of the user, less often in the form of services and on behalf of the system - SYSTEM, LOCAL SERVICE or NETWORK SERVICE.
So, having found a process with a suspicious description, launched on behalf of a user or on whose behalf it is unclear, right-click on it and in the appeared context menu select "Properties". A window will open with the properties of the program that launched this process. Pay special attention to the “Details” tab, where information about the developer, file version and description is indicated, as well as to the “Location” item of the “General” tab - the path to the running program is indicated here.
If the "Destination" path leads to the Temp directory, Temporary Internet Files, or some other suspicious place (for example, to the folder of a certain program in the Program Files directory, but you are sure that you did not install such a program), then POSSIBLY this process belongs to the virus. But all these are just our guesses, detailed information Of course, it’s better to turn to the Internet. There are good lists of processes on the sites what-process.com http://www.tasklist.org and http://www.processlist.com. If, after all the searches, your fears about the suspicious process are confirmed, you can rejoice - a virus, Trojan or other malware has settled on your computer, which needs to be eliminated urgently.
But the window with the properties of the file that started the process from the Task Manager may not open. Therefore, in addition to standard means Windows needs to use various useful utilities that can provide as much information as possible about the suspicious process. We have already reviewed one of these programs - Starter (http://www.yachaynik.ru/content/view/88/).
In Starter, the “Processes” tab provides comprehensive information about the selected process: a description of the program and the name of the file that launched the process, information about the developer, a list of modules (software components) involved in the process.
Thus, there is no need to delve into the properties of the file that launched the process - everything is in full view. However, this does not prevent you from right-clicking on the suspicious process and selecting “Properties” to get detailed information about the process file in a separate window.
To get to the program folder that belongs to the process, right-click on the process name and select “Explorer to process folder.”
But the most convenient option in Starter is the ability to start searching for information about the process directly from the program window. To do this, right-click on the process and select “Search Internet.”
After you receive full information about the file that launched the process, its developer, purpose and opinion about the process on the Internet, you can quite accurately determine whether it is a virus in front of you or a peaceful program-worker. The same principle applies here as in the Task Manager. Suspicious are those processes and process modules for which the developer is not specified, in the description of which there is nothing or something vague is written, the process or the modules involved by it are launched from a suspicious folder. For example, Temp, Temporary Internet Files, or from a folder in Program Files, but you definitely remember that you did not install the program listed there. And finally, if the Internet clearly states that this process belongs to a virus, rejoice - the malware did not manage to hide from you!
One of the most common misconceptions among novice dummies concerns the svchost.exe process. It is written exactly this way and in no other way: svshost.exe, scvhost.exe, cvshost.exe and other variations on this theme are viruses masquerading as a good process, which, by the way, belongs to Windows services. More precisely, one svchost.exe process can run several system services at once. Since the operating system has many services and it needs them all, there are also many svchost.exe processes.
In Windows XP, there should be no more than six svchost.exe processes. Five svchost.exe processes are normal, but seven are a 100% guarantee that malware has taken up residence on your computer. IN Windows Vista There are more than six svchost.exe processes. For example, I have fourteen of them. But there are much more system services in Windows Vista than in previous version this OS.
Another useful utility, Process Explorer, will help you find out which services are started by the svchost.exe process. You can download the latest version of Process Explorer from the official Microsoft website: technet.microsoft.com
Process Explorer will give you a description of the process, the program that launched it, the name of the developer and a lot of useful information. technical information, understandable only to programmers.
Hover your mouse over the name of the process you are interested in and you will see the path to the file that launched this process.
And for svchost.exe, Process Explorer will show a complete list of services related to the selected process. One svchost.exe process can run several services or just one.
To see the properties of the file that launched the process, right-click on the process you are interested in and select “Properties”.
To search for information about a process on the Internet using the Google search engine, simply right-click on the process name and select “Google.”
As before, suspicion should be raised by processes without a description, without the name of the developer, launched from temporary folders (Temp, Temporary Internet Files) or from the folder of a program that you did not install, and also identified on the Internet as viruses.
And remember, for the Process Explorer and Starter programs to work properly in Windows Vista, they need to be run with administrative rights: right-click on the program executable file and select “Run as administrator.”
However, I would like to disappoint you, only very stupid viruses reveal themselves in the list of processes. Modern virus writers have long learned to hide their creations not only from the eyes of users, but also from anti-virus programs. Therefore, to save you in case of infection, high-quality written malware can only be a good antivirus with fresh databases (and even that is not a fact!), the presence backup copy with all your information and a disk with the Windows distribution for reinstalling the system. Nevertheless, it is still worth periodically looking into the list of processes - you never know what scvhost or mouse.exe is lurking there.
The most common signs of the presence of the virus are:
- independent start of connection to the Internet when prohibited automatic start such connection;
- the user cannot access his own page in social network, open Post service or log in to popular sites. Login to the site is completely blocked due to an incorrect password, and friends and acquaintances complain about spam coming from the user;
- slow loading and system response to user commands: launching a program, connecting to the Internet, copying a file, anti-virus scanning, etc.;
- Previously installed programs or created documents were deleted, some programs do not start.
The occurrence of the above problems computer system indicates the presence of a virus and requires a more detailed scan of the computer.
How to detect a virus using an antivirus?
The presence of an antivirus in the system does not guarantee timely detection of a software infection. You can increase the likelihood of detecting and treating viruses using an antivirus program only by installing a more recent version of it and by constantly updating it antivirus database data. Without this, no antivirus will recognize the new virus.
The latest version of the antivirus program must be installed. The need for this is due to the constant change in methods of infection and spread of viruses. Therefore, installing an old antivirus, even one that contains the latest virus database updates, will be useless. Latest version An antivirus with an updated virus database increases the chance of detecting viruses floating in your computer system. But this is not enough to ensure maximum system protection.
The antivirus should be launched from an external third party system. For example, you can remove the hard drive and connect it to a computer without viruses. If this is not possible, then you can run the antivirus from a disk, for example, from the Kaspersky Rescue Disk. This ensures that the antivirus can be controlled completely secure system, which is definitely not controlled by any viruses. This guarantees maximum efficiency in searching for viruses in the computer system.
How to find a virus using the task manager?
To independently search for viruses, the user needs a fairly good knowledge of the operating system process. To recognize the virus, you can use the “Task Manager”. With this simple tool you can find out information about the processes that are running in this moment. The dispatcher is launched using the key combination “Ctrl + Shift + Esc” or by calling a standard window using “Ctrl + Alt + Del”.
Pay attention to processes with names similar to the names of the main ones. system processes(explorer.exe, csrss.exe, system, svchost.exe, winlogon.exe), as well as processes with a suspicious name or suspicious description. Suspicious files are checked using a database of known processes. Can also be used search engine, requesting the desired name of the suspicious process. Particular attention should be paid to those processes whose names are not mentioned anywhere.
To determine the current launch directory of a suspicious program, right-click to open the “Properties” window. Here is information about executable file and the folder where this program is located. If the .exe file being examined has the “Hidden” property, then such a file should not be trusted. The location of the file in the directory of temporary files such as Temp and Temporary Internet Files is also suspicious. Most viruses use these folders as a launch site.
The “Details” tab allows you to obtain information about the version and developer of the program. The absence of this information requires a mandatory check of the program under study for malware.
How to find a virus using startup?
Viruses are often launched from startup. To view the list of such programs, go to “Start” and open the “Run” window by typing the “msconfig” command. A list of startup programs will appear in the window that appears. A suspicious file can be disabled at startup. To do this, uncheck the box next to it. But if, after restarting the computer, the deactivated program automatically started again, then this file is worth examining in more detail.
The above tips will help the user in searching for a virus on your computer when suspicious system behavior is detected.
So, today we will talk to you about how to manually remove a virus from your computer. In addition, we will look at what Trojans can be found, how they manifest themselves and where they can be brought onto the computer. Let's quickly start studying our topic today.
Types of viruses
Well, but before you manually remove a virus from your computer, it’s worth talking to you about what kind of infection is generally found on your computer. Indeed, in most cases, this determines how treatment should be carried out. So let's get started.
The first virus is a Trojan. It is a malicious file that “settles” in operating system, and even harms her. For example, damages or destroys important documents. Now there are a lot of them.
The second fairly common type of virus is a variety of ransomware. These are files that enter the system and block it. But not by destroying, but only by encrypting documents. At the end of such a cipher, as a rule, the creator’s e-mail is left, to which a certain amount of money must be transferred in order to return the documents to their original form.
The third virus that you can pick up is, of course, various browser add-ons, or spam. As a rule, they greatly interfere with your work on the Internet. This happens due to the fact that the user’s start page may change, plus everything in the browser will be located advertising banners. When users see this picture, they think about how to find viruses on their computer manually and then remove them. Now we will try to figure this out.
Signs of infection
So, before you find viruses manually and get rid of them once and for all, let's try to figure out what may indicate to you that there is a computer infection in the system. After all, if you detect signals in time, you can avoid damage large quantity files and loss of the operating system.
The first, most obvious sign is nothing more than messages from your antivirus program. It will “swear” at some documents and files, giving you the name of the supposed virus. True, sometimes an antivirus behaves this way in relation to various cracks and “tablets” to computer games. However, this cannot be ignored.
The second scenario is that your computer starts to slow down. This is when users begin to actively think about how to remove the virus manually, especially if they do not have an antivirus. So, as soon as you notice that your system has become slow-witted, start sounding the alarm.
The next scenario is that new programs that you did not install began to appear on your computer. A fairly common move among computer infections.
In addition, advertising in the browser may also indicate that your computer is infected. Change home page without the possibility of recovery, advertising banners everywhere - all this is quite alarms. So, let's quickly see how it works from a computer manually.
Search
Well, the first thing to do is to start by looking for the places where the infection lies. Sometimes this is very difficult to do. Especially if you don't have an antivirus program. In general, let's see what can be done in this situation.
So, when you decide to defeat the virus yourself, you will have to find the folder on the computer in which it is stored. Sometimes the infection reveals itself by creating its own processes in Open it (Ctrl + Alt + Del), then go to the “processes” tab. Now find any suspicious line there (it will have a strange name, or even be signed in hieroglyphs) and click on the “show file location” button. Done, the virus has been found.
True, not everything is always so easy and simple. If you are thinking about how to manually remove a virus from your computer, then you should also know that computer infections are often well hidden. In displaying folders, check the "display and folders" checkbox. Now searching will be much easier.
Remember also that very often they “settle” in Windows folder. For example, most Trojans are found in System32. Some infection can “register” in the host file. We know the favorite places of viruses. But how to get rid of them?
Checks
The first scenario is to remove the infection automatically. More precisely, semi-automatically. We are talking about checking for viruses using an antivirus program.
To ensure reliable data protection, stock up good antivirus. Dr.Web is great. If you don't like it, you can also try Nod32. He does a pretty good job too.
Do a deep check. After the program gives you the results, try to disinfect the documents automatically. Did not work out? Then erase them. True, if you are thinking about how to manually remove a virus from your computer, then most likely antivirus scans did not help you. Let's see what else can be done.
Erase programs
The second step towards healing the system is, of course, deleting the various content that the virus has taught you. This is quite common. So, look at the “control panel”, and from there go to “add or remove programs”. Wait a moment for the content on your computer to complete checking.
When the list of programs appears in front of you, remove everything that you do not use. Pay special attention to content that you did not install. Or the fact that it appeared as a “trailer” after the installation of some other “program” was completed. Right-click on the desired line, and then select the “delete” command. Ready? Then you can think further about how to remove the virus manually from your computer.
Total scan
Now let's resort to some services and techniques that will definitely help us. If you know the name of the virus (especially if you encounter spam), then searching for infection using a computer registry is suitable for you.
To go to the required service, press the Win + R key combination, and then run the "regedit" command. See what appears in front of you. On the left side of the window there are folders with long and unclear names. It is in them that viruses often hide. But we will make our search task a little easier. Just go to “edit” and then click on “search”. Type the name of the virus and then perform the scan.
After receiving the results, all lines that appear must be erased. To do this, click on each of them in turn, and then select the required command. All is ready? Then restart your computer. Now you know how to manually remove a virus from your computer.