Antivirus on a Windows PC should always be installed because it is necessary to protect the computer, but alone it may not be enough to keep away viruses and malware that are ready to take advantage of a wrong click or a distraction to hit. We have therefore seen, in another article, what are the typical problems caused by viruses and how to recognize them.
Once a virus enters the PC, here the antivirus, by itself, becomes almost ineffective and unable to clean up the computer.
We have therefore indicated the procedure to remove any malware using external programs that stop suspicious processes, detect and delete all traces of the virus.
Sometimes, however, even these programs fail, because the best designed viruses are able to recognize them and prevent them from functioning.
It may also understand that the virus is preventing the computer from loading Windows and thus starting.
Here then you have to roll up your sleeves and do it yourself, trying to eliminate the virus without antivirus, manually .
Although some of the methods explained below may not be fully successful, they are the first things to try, preliminary steps to use before scanning with the antivirus and in case the PC does not boot properly.
1) Autorun.inf: prevent the virus from starting on its own when the computer is turned on or a USB stick is inserted .
The easiest way to disable an autorun.inf virus and try to stop it from running automatically is to delete it from the boot instructions for Windows or the infected disk.
Then click on the Start button with the right button and open a command prompt as administrator (on Windows 7, search for it in the list of programs and right click on it to run it as administrator).
At the command prompt run and press Enter after the following commands:
CD\
attrib -h -r -s autorun.inf
The attrib command changes the attributes of the files to reveal them if hidden.
If present, delete the autorun file with the autorun.inf command.
This procedure can also be repeated for other external disks and drives.
2) Remove infected files from automatic execution .
If you are using Windows 8 or Windows 10, open the task manager by pressing the CTRL + Shift + ESC keys together, check, in the Startup section, if there are unknown or suspicious files and disable them.
Now open a Run window (by pressing the Windows + R keys together) and run the regedit command.
From the registry editor, navigate to the following folder:
HKEY_LOCAL_MACHINE -> Software -> Microsoft -> Windows -> Current Version -> Run
On the right section are listed the startup items that can be deleted by pressing on them with the right button.
In this case, remove all unknown .exe files and all files ending in vbs, htm, html or dll.
3) Check the processes and end them .
From the task manager you can see the processes running on the PC.
Recognizing which process is good and which is not can be a difficult job if you have no experience.
An alternative program such as Process Explorer therefore becomes useful to check if the processes are safe or harmful on Windows.
4) Check for suspicious Windows services .
Open a Run window by pressing the Windows + R keys together and run the msconfig command.
As already explained in a dedicated guide, with Msconfig you can solve PC startup problems.
In particular, it is possible to see the services started in the system automatically excluding the Microsoft ones so as to isolate the external programs among which the virus can hide.
Here too, however, it is necessary to do an eye check to deselect any service that seems suspicious or unwanted.
Even if you make the mistake of disabling a service related to a program you need, you can always restart it or reinstall that program.
To help us in steps 3 and 4 of this guide there is a very valuable tool called rKill, capable of terminating any malware or suspicious process automatically .
It is a small executable program that allows you to isolate the virus and then remove it with a scan program like Malwarebytes.
What to do if, due to the malware, you are unable to access Windows "> Hiren Boot CD, one of the emergency rescue disks to solve problems if the PC does not start (alternatively you can also use Combifix)
The Hiren download is a ZIP file to extract to a folder.
Then open the burncdcc file, insert a CD or DVD into the burner and copy the Hiren's.BootCD.iso image file onto it .
Once you have burned the Hiren CD, restart your computer and change the boot order by putting the CD DVD player first.
Restart and load the Hiren options among which move with the arrow keys.
Then open Mini XP and load a reduced version of Windows XP which, under the HBCD icon contains all the programs to eliminate viruses, including also Malwarebytes.
Run a full scan of the main drive, remove any malware found and restart your PC.
Restore the boot from hard disk and Windows should now load normally.
