In many cases even if your computer is infected with a virus or other malware, you have the possibility to use the operating system and perform, even if with some difficulty, the normal operations.
If this is the case then it is possible to try, with greater probability of success, the complete removal of the infection, finding it in some sensitive areas of the operating system, and using appropriate programs for disinfection.
Then we go to see where to look and which programs to use to completely eliminate a virus and malware from the Windows PC.
I phase: Where to look for the infection
The first thing to do is disconnect your computer from the internet in such a way that the malware in question terminates any activities such as downloading additional harmful files that will aggravate the infection and therefore the situation.
1. Planning utility
Even if from the Task Manager it is provided to terminate the processes in execution related to the virus, these will be performed again and automatically immediately after and all the times, as the infection is usually added as a scheduled task self-running every other time and/or under certain conditions.
So the first place to check is the Task Scheduler which is accessed by opening the Start menu, typing the word scheduler and then clicking the result “Task Scheduler”.
As in the example above, in the left hand column select the “Task Scheduler Library” section to display the scheduled operations activated on the computer in the central column.
Here we must identify those unknown and/or suspect linked to the infection, which can also be identified with the help of the “Creation date” column: for example, if the virus appeared today, all the planned operations created in today’s date are very probabilities related to infection.
Identify the guilty scheduled operations, proceeding one at a time, click on it with a mouse right click, in the context menu click the “Disable” option to disable it immediately, then click on it with another mouse click and in the context menu click “Delete” option and confirm removal.
2. Automatic start I
Another common feature of the infection is to go and place itself in the automatic Windows startup, through the system registry.
With the combination of the two Windows + R keys, call up the “Run” dialog box and type and send the regedit command to open the Registry Editor. In the Registry Editor, go to the two keys one at a time:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
and here to identify the presence of any suspicious strings, get a mouse right click on it and in the context menu click the “Delete” option and confirm the deletion.
3. Automatic start II
The next step is to check for and remove any suspicious programs in the Windows startup procedure, because if you restart the PC, they will be run again with the operating system.
In this sense, as in the example above, in Windows 8 and 10 you can use the Task Manager (which opens with the combination of the three keys Ctrl + Shift + Esc ) going to the “Startup” tab, here to identify the suspicious software, get it over a mouse right click and in the context menu click the “Disable” option.
NOTE: On Windows 7 and earlier OS, third-party software excluded, to see and disable third-party programs, you need to intervene from the “Start” tab of the “System Configuration” tool that is called by sending the msconfig command in the dialog box Run.
4. Automatic start III
Finally, to see in detail anything that starts with Windows, the best tool is the excellent free program and portable Autoruns run with administrative privileges (make a right click on its executable file and in the context menu click the option “Run as administrator“).
As you can see in the example above, the “Everything” tab shows everything that has to do with automatically starting the operating system.
The suspicious elements and/or that require attention, usually are highlighted in yellow (attention, however, because some legitimate elements of the system are highlighted), but otherwise it is easier to identify those linked to infections by referring to the “Timestamp” column ( date and time of execution), to the suspect name reported in the column “Autorun Entry” and/or to the information in the property window that is called by clicking on the item and in the context menu by clicking the “Properties” option.
Having identified the suspicious element, first deselect its selection box to remove it from the automatic start, then make a right mouse click on the element and in the context menu click the “Delete” option to delete it.
5. Running processes
To see which processes are running, in normal conditions the Windows Task Manager is OK, but since in this circumstance it is necessary to identify viruses and malware, we must rely on a more complete product such as the optimal, free and portable Process Explorer.
As you can see in the example above, with Process Explorer (which must be run as an administrator) it is possible to obtain more information about the processes being executed; but the real utility of this program is that by making a right mouse click on a process (the malicious one) and in the context menu clicking the “Properties” item, the property window will open in which the path is shown in the “Path” field on disk where the executable file of the malevolent process in question resides, reachable on the fly by clicking the “Explore” button; and in the “Autostart Location” ) where that malicious file went to position itself, reachable on the fly by clicking the “Explore” button .
The string in the registry and the file of the malicious process in question, once reached by clicking the “Explore” button can be eliminated by clicking on it with a mouse right click and in the context menu clicking the “Delete” option.
Most likely to delete some malicious files it will be noted that it is not possible to proceed because the respective process is running; in this case, terminate the corresponding process first (by clicking on it with a mouse right click and then clicking the “Kill Process Tree” option ).
In some cases, certain files can not be eliminated anyway because the virus or malware in question has self-granted special administrative privileges. That’s why you have to proceed (anyway) with the second phase, that is with the antivirus scan of the entire operating system.
Phase II: Removal of infection with anti-virus and malware programs
In this sense it is necessary to get a lot of patience, as it will take a few hours. Proceed in order as follows and using the free programs indicated below and already proposed (with attached download link and instructions) in the guide, to which I refer: Clean the PC from viruses and malware with these free programs.
- Start the complete scan of the computer using the installed antivirus (if it is a reliable program, otherwise go to step 2 ). Remove any threats found and restart the PC.
- Scan your system with Malwarebytes AdwCleaner, to find and eliminate PUP, adware, toolbar and browser hijackers from Windows operating systems. Remove any threats found and, as required, reboot your PC.
- Scan your computer completely with Malwarebytes Free, among the best free programs to find and eliminate various viruses and malware from your Windows computer, remove any threats found and restart your PC.
- Scan your computer completely with Kaspersky Virus Removal Tool (KVRT), to clean your Windows computer from viruses, Trojans, malware, adware and other malicious content, then remove any threats found and restart your PC.
- Scan at boot time with Kaspersky Rescue Disk, to detect the most difficult malware that can not be found and deleted when Windows is running, then remove any threats found and restart the PC.
That done, if everything went right, the infection should have been completely removed from the system. If you wish to confirm this further, you can perform a last scan with Malwarebytes Free, and check again for any suspicious presences in Task Scheduler, Autostart, Running Processes.