"Help! I have a virus on my computer! I'm sure everyone who uses it is really careful so I don't know how it could have happened. Can you fix it for me?" As a computer scientist (the type of person who everyone thinks studies computer maintenance but really studies and discovers algorithms), I get asked questions like this a lot. It turns out the answer is "Yes"; I can fix it for you, but it certainly is not at the top of my list of pastimes.
A computer virus is a nasty bit of code, or set of instructions, that somehow got on your machine. On another page of mine, something you should read after this piece, you can learn how to stay virus free. This entry should help solve your virus problems, although it may require a bit of work from you.
For now I will assume that you are working with Windows XP. Viruses do get on Mac and Linux operating systems, but this is more rare. Also, I hate Macs. And if you are using Linux, well, you should know how to get rid of a virus anyway. On with the show.
Do you bank on your computer? I mean this in two ways: do you require and assume that your computer will always be available and working properly? Do you require and assume that everything you type on your computer is safe and not being read by some third party? And the second way: do you do on-line banking or any kind of monetary transaction on your computer? If you have answered "yes" to either of these types of "banking", then you should consider the "re-install" section of this document. Otherwise, you can first read the "removal" section and give those suggestions a try.
The one thing you do not want to bother doing is rushing out to buy anti-virus software. It's way to late for that: either re-install windows or get your hands dirty with the search and destroy method.
The Re-install Method
The "re-install" method of getting rid of a virus is the simplest and most reliable. The catch is that it is the most time consuming. To do a re-install in the sense I am talking about here is to re-install the operating system: Windows XP (or whatever you are using). Many people are afraid of doing this, but it is much safer and easier than trying to fiddle with the Registry or the System32 folder (and if you don't know what those are, don't bother trying to do removal).
I know what you are thinking: "If I re-install, won't I lose everything! All my documents will disappear!" That's right, so backup before you re-install.
Step 1: Backing up
I assume that you store everything on your "C:\" drive (a stupid idea, but everyone does it). The directory that you should backup are C:\Documents and Settings\<your user>\* (the "*" represents everything beyond this directory). You can back this up with Karen's Replicator (free software) or by "dragging and dropping". I suggest that you do the backup from another user account (so the files you are trying to copy won't be "in use" and unable to copy) than the one you are backing up (you can always make a new user for this operation or use the Administrator account). Karen's Replicator will keep going even after an error (so a single locked file won't break the entire transfer).
If you are feeling a little cooler than just copying files around today, you can image your drive with a super cool tool called Drive Snapshot. This will require more space but it will preserve everything you have on your drive in a "time capsule" kind of way. Email me if you would like to try Drive Snapshot.
When you backup, your copied files (or drive image) MUST go on a different hard disk (preferably physical but it is possible to use multiple partitions on one hard drive (but this is scary)). If you don't have many documents it is possible to use a DVD or other media. If you burn a DVD, burn two and test them both in your own and someone else's computer to make sure they actually contain data (I learned the hard way). You cannot substitute the "verify data after writing" option in your DVD writing software. If you copy your files to another hard drive, make sure they all got copied. I strongly recommend buying a USB hard drive ($100 or so) to do this with. Test your backups on multiple computers. It's not a backup if you haven't tested it.
Step 2: Re-Installing your Operating System
An operating system (like Windows 7) is not actually "uninstalled" like other programs are (it would be like asking a robot to disassemble itself: it would get stuck part way). You simply overwrite it.
Windows XP
Follow this video or any other video on YouTube like it (search for "install windows xp") that is similar to it to format your drive and install XP.
You can also follow the official Microsoft guide to installing XP . There is one missing detail in the Microsoft guide: in step 9 where it says "Windows XP restarts and then continues with the installation process." it should say something like "Windows XP restarts and during boot you may see the same screen from step 2 ("Press any key to boot from CD..."). This time, do not press any keys or you will have to continue from step 2 again." Also, on step 22 there is an error: it should say "On the Ready to register with Microsoft? page, click No, and then click Next." (step 23 is avoided this way) Step 24 is optional and can be done later. Oh, and if you need help with step 21, email me.
Windows 7
Follow this guide to install Windows 7 (see the "Using the Custom installation option and formatting the hard disk" section).
The search and destroy method
This is the tricky method: go try Flying Penguin's Spyware removal procedure (PDF as of 2010-04-10). Heed his warning:
"Modern malware is designed to steal your personal information to be used for identity theft, steal you user account logins, and turn your computer into a member of large "Botnet" networks of hundreds of thousands of computers controlled by organized crime syndicates and used primarily for sending SPAM and launching Denial of Service attacks.
"This Spyware removal procedure will remove most of your run-of-the-mill spyware, adware, fakeware and malware but will not work on the really hardcore organized crime-grade trojans. there's really no hope if you have the seriously hardcore stuff on your system. REMEMBER, once your system is compromised there is NO WAY to be certain if it's ever clean again unless you wipe the drive.
"If you suspect your system is still compromised after performing this procedure, I strongly recommend you backup your data (and scan that data with a virus scanner on an uncompromised computer), do a security erase of the hard drive using DBAN (single pass is enough) to eliminate any boot sector trojans (these are rare but they DO exist), and perform a clean install of your operating system."
Conclusion
Congratulations! All your viruses are gone! Now go read how to stay virus free.
Home | Up | Copyleft | Contact
Comments (0)
You don't have permission to comment on this page.