Effective virus removal guide

To begin with, I would say that the installation of anti-virus programs won’t be considered in this article. This is a basic condition, which shall be performed in any case, and antivirus must be installed on your computer at the first time, when you visit an Internet from it. So, take it for granted, that every user, who knows, what a mess can virus bring to a system, has an antiviral program installed. However, even such a program can’t provide a decent protection in 100% of cases. New viruses appear every day, and some of them escape the attention of the IT-specialists. Those viruses may flow through Internet unpunished for a few days, or even weeks, until they’ll be added to viral database. If you’ll try to use the methods, outlined in this article, on a computer that does not have an anti-virus protection – you’ll be highly surprised by the number of viruses, which you’ll see there. The manual removal of viruses is not a big deal, but when you need to remove 30-40 viruses, adware and hijackers, it becomes really terrible. You’ll spend a lot of time and effort, and any anti-virus, even the free one, will do most of the job faster and better. But if you intend to find and destroy one or two programs, that somehow bypassed your anti-virus protection, then you have come to the right place! So, the first step, in order to simplify the search and removal of unwanted programs, will be a replacement of some elements of the standard Windows interface.

The list of necessary programs and a brief guide to use them

First, you need to install such a wonderful program as Process Explorer, which can be found at this link: https://technet.microsoft.com/en-us/sysinternals/bb896653.aspx. You are not mistaken, it’s third-party software on an official Microsoft website. The very placement of this program on the above website shows how good it is, and allows you not to be afraid of any complications. Process Explorer is a great, functional replacement of standard Windows Task Manager. The main differences from its prototype are clarity and simplicity. In the main window, you can see the name of the publisher, and a folder with executable files, for every running program. Here are a few tips about every column:

  1. The «Company Name» column contains the name of the software manufacturer. Naturally, there are Microsoft Corporation, Mozilla, Asus, Samsung Electronics and similar titles. If you see there the names, which are not related to the manufacturer of your PC, antivirus, operating system, browser or other used programs - that may be the desired virus. It may also be one of the useless utilities, which are distributed with a variety of useful devices or programs. Frequently, this sort of programs just consume a free space on hard drive, and never will be used. In both cases, the discovered program must be investigated and removed.
  2. The «Description» column shows, as you already understood, a brief description of the program. For any self-respecting program, there will be more or less intelligible description of the functions of the program. The absence of records in this column, or nonsensical description, are the reasons to check the program closely.
  3. Finally, the most important: the folders with executable files. To view the folder, right-click on the program list. All programs must be in folders such as:
    • C:Windows
    • C:Program Files
    • C:Program Files (x86)
  4. Programs that have exe. files in other locations, must be checked, and deleted, if they’re dangerous.

The next wanted program in our case is Autoruns that comes from the same developer, and can be found on the same site: https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx. Functionality of the program is somewhat wider than that of Process Explorer, and some of their functions are duplicated, but you’ll need both programs for convenience. Let’s learn more about the main menu items:

  1. Logon – contains the programs that run when the user logs into the system. This group must be checked on the same criteria: whether you use the program at all, the name of the developer, and the place of location.
  2. Explorer – contains a desktop extension. This group is most often used by annoying menus, which pop-up when you click on the desktop. They hinder the access to the needed labels on the desktop.
  3. Scheduled Tasks. This category is very attractive for viruses and other malicious and unwanted software. The task can be configured to perform after a particular action, such as to install a cached copy of the virus immediately after removing it from the root folder. Most often, the viruses, which magically recover after a first computer reboot, use this service. This tab you need to check very carefully and track all tasks. If you accidentally delete something important, there is always the possibility of recovery.
  4. Services - this tab corresponds to a "service" in the standard Windows interface.
  5. Boot Executable – you, probably, won’t need this tab. It displays the processes that are performed before the system loads. This tab should be blank, except when you have set such a task.
  6. Image Hijacks - tab, which displays the image of the program, substituted by other programs in the same way as you have replaced the Task Manager with Process Explorer. This folder must also be empty.

Now you have the basic tools to detect and remove viruses manually, it remains to give some advice on the removal process itself.

How to remove viruses properly

If you found an explicit virus in Process Explorer, the first thing you must understand is - do not try to close it! Of course, most of the viruses that infect ordinary users, does not show the wonders of intelligence, but they can easily perform some pre-commands, under certain actions. If you stop this process, it will, at least, start again immediately, and in the worst case - will begin to create copies of itself with random filenames, and you'll have to search again from the very beginning. To avoid this, right-click on the process, and select «Suspend». Thus, the virus will be nominally running, but will not take any action. So, you will avoid the performance of the programmed action in the event of removal. Next, open the properties with the right mouse click, look for the root file. Then, through the “Image” tab, learn, on whose behalf the process was started, and then in the “TCP / IP” tab look, to which websites virus connects on the web. When you have this information, you need to disable the access to virus’s favorite sites, and only then begin to remove the files from its root folder. If the virus is not installed in the folders with random names, you do not need to remove the folder. Clean virus from a folder with all the content and set "Read Only" in its properties. Next, remember, what the user had launched a virus, and completely prohibit any actions with the folder for that user (both recording and reading) in the settings of access rights to the folder. It is advisable to leave the right of access for yourself, just in case. If you did everything right, then the virus will be unable to access the desired folder and won’t install after removing. In this way you can beat almost any virus.

Good luck with using these programs, we hope that they will help you to clean up your PC. If you have any questions about removing unwanted software - you can always look at our website and find advice on the desired program.








Share your feedback to help other people
1 1 1 1 1 1 1 1 1 1 Rating 5.00 [1 Vote]

Add comment

Security code



Acronis suggestion to CrashPlans users

Around a month ago, there was an accident with CrashPlans backup software.

What is MicTrayDebugger and is it dangerous

This is a brief entry about MicTrayDebugger: what is it, how it appeared in the system, is it dangerous and how to get rid of it.

What is HoeflerText and is it dangerous?


This article is dedicated to the fraud scheme that is called HoeflerText font wasn't found. We will explain you what is this scheme and how to avoid it.

What is Wpad.dat virus and how it is used

The topic of our today's article is a script that had been unjustly called a virus. It’s Wpad.dat, and it is not a virus. We will explain what is Wpad.dat and how to prevent fraudsters to deceive yourself with its help.


Cancer virus trollware

This is an article about crazy Cancer virus and the madness that it brings to victim's computer.

This website uses cookies to improve your experience