It should be drilled into you by now: Use antivirus software. These programs—from free tools and paid antivirus software up to major security suites—keep tabs on your Windows PC with scans, real-time monitoring, even heuristic analysis of files and processes so new threats can be identified. It's imperative, especially with Windows, that you have antivirus installed.
However, even the best antivirus isn't 100 percent foolproof. A device already compromised by malware could get on your network, people can personally place malware on a system, and some malware lays dormant, waiting to attack. Social engineering and phishing schemes can trick people (you) into clicking on or downloading an infected link or attachment. Hell, there are even rogue scareware programs that look like antivirus or antispyware, but when you install them, you get infected! Always download from the source—avoid the third-party download sites.
Sometimes, it's hard to tell when you've been hit by a computer virus. There are plenty of signs you should keep an eye out for—incredibly slow performance where once the PC zipped along, browser pop-ups when no browser is even open, scary warnings from security programs you didn't install, even ransom demands.
If you suspect, or know with absolute certainty, that you've got a malware infection, here are the steps to take, immediately, to remove the malware.
(Note that if you do get a ransom demand, the ransomware involved may have already encrypted your files. The solutions below may eradicate the ransomware, but may not give you access back to the data. So make sure you've got a constant backup of your files, to the cloud or otherwise.)
Update Your Antivirus
First, make sure your antivirus software is fully updated with the latest virus definitions—that's how the software identifies malware, based on what has come before. Antivirus vendors are constantly renewing these lists as they encounter new viruses and Trojans in the wild and in the lab. If your software is even a day out of date, you run the risk of an infection.
If you have Windows 10, you always have a free antivirus installed in the form of Microsoft Windows Defender Security Center (formerly called simply Windows Defender). That is better than nothing, and gets updates via Windows 10's built-in updating function. But it's far from perfect. We suggest you immediately download our top-rated best free antivirus, Kaspersky Security Cloud Free, which is a stripped-down version of the full Kaspersky Security Cloud suite.
If you need to fix an infected PC for a business you or the boss should spend the money to get a full security suite. Our Editors' Choice options today are the aforementioned Kaspersky Security Cloud, as well as Kaspersky Internet Security, BitDefender Internet Security (and Bitdefender Total Security), and Norton 360 Deluxe. All of the above earned 4.5-star reviews. They range from barebones (but complete) suites, to mega-suites bursting with features, to cross-platform suites that protect all your devices—not just Windows.
With that software on board, perform a deep, thorough scan. Let it run for as long as it takes, and hope that it finds and fixes the problem. That's your best-case scenario. But if the malware is good at its job, then it probably deactivated your antivirus to get there in the first place.
Revert, Reboot, Scan, and Re-scan
If you've got System Restore points set in Windows, when malware attacks and can't be fixed, use this opportunity to reset the system. It could do the trick...but probably will not. The malware may be too smart.
You can reboot directly to the built-in Microsoft Defender that comes with Windows 10. To do that, go to Settings>Update & Security>Windows Security>Virus & threat protection. (If you are running a third-party antivirus, you'll see it here, plus an option to activate Microsoft Defender for "periodic scans" that won't interfere with the real-time work of your installed antivirus. It can't hurt.)
Once Windows Defender is activated even for just periodic scans, look for Scan Options. Click it and check the box next to Microsoft Defender Offline Scan. After a reboot, it'll do about a 15-minute scan to look for "rootkits and other highly persistent malware," according to Microsoft.
Still feeling infected? If you've got a remote access trojan (aka a RAT) aboard your PC, potentially someone is remotely accessing your PC. That's bad news. Likewise, if you've caught some ransomware, you don't want it encrypting files you back up to the cloud automatically. Take a deep breath and get off the internet. Pull the Ethernet on the PC, turn off the Wi-Fi, unplug the router if you must. Guarantee the PC is disconnected. Make sure it's not using Wi-Fi from a neighbor or nearby business to stay online on the side. Then, attempt some antivirus scans.
Didn't work? Reboot Windows again, but in a way that won't let the malware get restarted as well. Try going into the minimalized Windows 10 interface called Safe Mode (here's how). Run a scan from there and it may work.
While you're in Safe Mode, delete any temporary files. They permeate Windows even after a short time using the operating system, and could be hiding malware. At the Start menu (tap the Windows key), type in Disk Cleanup; it'll check the C: drive for what you can safely delete among all the temps.
If Windows is compromised beyond usability—it might not even let you in—get around the OS by booting directly into the antivirus software. Use a bootable program, sometimes called a "Live CD" or "rescue CD"–though these days, you'll typically boot from a USB flash drive. Kaspersky Rescue Disk 18 would probably do the trick, but you'll need a separate PC to make the disk/drive. To be safe, set it up now, while your PC is healthy.
What, you're still viral? Run an on-demand antivirus scanner: Malwarebytes Free is highly recommended; it will try to sell you the premium version for regular background protection, but it works fine for one-time deep scans. Norton Power Eraser (also free) is another option.
Malwarebytes and Norton Power Eraser are sometimes called a "second opinion malware scanner," because they are a second line of attack against the bad guys if your initial antivirus can't take care of the problem. They don't do real-time protection—you run them manually as a cleanup. Have one handy on a USB drive for the day you need it. Norton Power Eraser, for example, comes in a "portable" version that doesn't require a full Windows 10 installation procedure. It will, however, reboot your system as it roots out rootkits. There are many portable security apps you can put on a USB drive that don't require direct installation.
Want to be thorough? Try a mix! Hopefully they do the trick and your PC is back to normal after the Safe Mode scans (reboot the PC in between). Second-opinion scanners won't conflict like real-time antivirus sometimes can if you install more than one, since you should run each portable program's scan individually.
The Nuclear Option(s)
You might be a little nervous about using Norton Power Eraser, with good reason. It comes with a warning that it's as aggressive as hell when it goes after a problem, and therefore the risk of collateral damage is high. The warning says specifically, "it may mark a legitimate program for removal." Yipe.
Risking a few programs is worth it compared to running the full Windows 10 factory reset. Or performing the true "nuclear" option of reformatting your hard drive and reinstalling the operating system and all programs (you do have an image of your clean Windows 10 install backed up that you can use for restoration, right?). Doing that is less and less of a necessity, especially compared to the dark days prior to Windows 7, but it remains a viable method of resetting the system, sans malware.
Windows 10's Recovery options make it easy to reset a PC so the operating system gets a reinstall without losing any data (you'll have to reinstall programs), or do a full Fresh Start back to a pristine state. To be honest, a fresh start is a good idea every few years or so anyway.
Dealing successfully with a viral PC infection is like being at home after you've been burglarized; it takes a while to feel safe again. Take steps like you would after being robbed: enhance your security. Get the best, highest rated security suite you can afford, read up on how to avoid getting scammed/phished, and then go on a purge: uninstall any programs you're not using on a regular basis or don't trust. Be ruthless. Let's be careful out there.
0 comments:
Post a Comment