What to do if a virus infection of the PC is detected? How to restore system settings in Windows. Report dangerous files where to go

Greetings to all!

I want to start this article with one simple truth: "If the antivirus does not find a single virus, it does not mean that they are not on your PC!"

In fact, quite often the following picture happens: when using web browsers (Firefox, Chrome, Opera, etc.), various advertisements appear (where they have never been before), tabs open, banners may appear on the desktop (not disagreeable content, for example, who ask to send an SMS message), the computer may slow down and freeze, etc.

All these factors (especially in aggregate) say that there is unwanted software on your computer (advertising scripts, trojans, etc.).

Moreover, the usual antivirus, even after full check computer, often writes that everything is in order, no viruses were found. And at this moment there is a feeling that something is wrong here: the computer is behaving strangely, but the antivirus is inactive ...

Actually, in this article I want to recommend a small cleaning recipe just for such cases when it is not entirely clear how to return the computer to normal work (when by all indications the computer is infected with a virus, but the usual antivirus does not see them ...).

To help!

Despite what I wrote above, I still recommend having one of the modern antiviruses (it will protect you from hundreds of other threats). About the best of them in this post:

(cleaning Windows from classic viruses, toolbars, adware, etc.)

"First aid:

1. Do not send any SMS, as some banners that pop up on the desktop require. Your computer, most likely, will not be "cured" of this infection, and you can lose money ...
2. Install modern antivirus(link to best products cited above). Note that some types of viruses block access to the websites of well-known antiviruses. (if so, try loading similar products from other software sites);
3. Back up all important data immediately, preferably on removable media (for the future: it is advisable to do it in advance);
4. If the virus has blocked access to the desktop (blocked all the tools with its banners), try loading Windows. As a last resort, use it.

STEP 1: check the system using "online" antivirus

Many famous antivirus software developers in Lately release online versions of their products. The principle of working with them is quite simple: by downloading a "relatively" -small file and running it, it will automatically check your system for viruses.

Moreover, such products do not conflict with installed antivirus in the system, work in all modern versions Windows do not require installation, and they always have an up-to-date anti-virus database.

The screenshot below shows the process of checking a PC using ESET Online Scaner (software link -)

The next screen shows the work of the curing utility from F-Secure -

The Dr.Web CureIt! Utility is also popular in our country! (direct link: ). Boot file, however, a little more than the first two (about 200 MB).

In general, no matter what product you choose, I recommend that you completely drive your system to them. Often, it is possible to find dozens of threats that the installed antivirus has missed ...

STEP 2: remove ad add-ons using AdwCleaner

I can say that recently it is not classic viruses that have become much more common, but adware and Trojans. Embedding in the most popular applications (browsers, for example) they often interfere with normal work, simply distracting by obsession, or even blocking the necessary options.

The point is that they are, as it were, "embedded" into the browser. (for example, disguised as a plugin or some kind of add-on), sometimes they add the necessary lines to the browser shortcut, change the file, etc.

Fortunately for cleaning windows from these malicious scripts - there are programs, and I will recommend one of them below. It works in parallel with your antivirus (i.e. you don't need to delete it) and is able to get rid of the "lion's" share of problems.

After launching AdwCleaner, to start scanning your computer, you just need to press one button " Scan Now " (or "Scan", depending on the translation). See screenshot below.

AdwCleaner: main window (button to start scanning "Scan Now")

Time Windows checks on an "average" computer by today's standards - it will take only 3-5 minutes. (or even faster). All potentially unwanted software that is found during the scan will be automatically removed and isolated (i.e., you don't need to know absolutely anything from the user, this, in fact, is what I like about her).

Note!

After checking your computer, it will automatically rebooted... After Windows boot you will be provided with a report on its verification.

STEP 3: check with Malwarebytes Anti-Malware

M alwarebytes Anti-Malware

Malwarebytes Anti-Malware/ Logo

One more great program to fight viruses, worms, Trojans, spyware, etc. Malwarebytes Anti-Malware complements the capabilities somewhat previous program- it implements a special "chameleon" algorithm that allows it to run even when a virus blocks the launch of any other antivirus programs!

Features of the program:

• - scanning of all disks in the system;
• - updating the database on a daily basis (to counteract even newly emerging viruses);
• - heuristic analysis (allows you to detect a large number malicious files which are not yet in the database);
• - all isolated files are moved to quarantine (if the program makes a mistake, you can restore any of them);
• - a list of file exclusions (which do not need to be scanned);
• - thanks to Chameleon technology, the program can run even when everything similar programs blocked by a virus;
• - Russian language support;
• - support for all popular Windows OS: Vista, 7, 8, 10.

To start scanning Windows systems- run Malwarebytes Anti-Malware, open the "Scan" (or "Check") section and click the button at the bottom of the screen - "Scan Now" (or "Start checking" if you have a Russian version, see the screen below).

By the way, from my own experience, I can say that Malwarebytes Anti-Malware does an excellent job. After scanning and cleaning it, most of the junk software will be neutralized and removed. In general, I recommend it for review!

STEP 4: restore system settings

After your computer (laptop) has been scanned (and neutralized) by the previous utilities, I recommend that you drive it away with another interesting and useful program - AVZ... I have repeatedly recommended it on the pages of the blog, now I will recommend three steps that need to be taken in it to eliminate problems (if they are still left) ...

AVZ, by the way, allows you to restore some system Windows settings, access to dispatchers, and other moments (which could spoil viruses during infection).

A VZ

This antivirus utility is designed to remove a number of malicious software (some of which, by the way, cannot be seen or detected by a regular antivirus). For example, such as:

• Trojan horses;
• Add-ons and toolbars in a web browser;
• SpyWare and AdWare modules;
• BackDoor modules;
• Network worms, etc.

What else captivates in it: to get started and scan the Windows system, you just need to download ZIP archive with the program, extract it and run it (i.e. nothing needs to be installed, configured, etc.). I will analyze the three steps below in the article, which I recommend doing in it ...

How to scan a computer in AVZ for a virus

After starting the program, select the system drive (at least it, preferably all). Usually it is always marked with a distinctive icon.

After that, on the right side of the screen, click the "Start" button to start scanning (by the way, above the "Start" button, you can immediately choose what to do with the malware, for example, delete ).

Start checking at AVZ | Clickable

Typically checking system disk with Windows, it passes quickly enough for viruses (5-10 minutes). By the way, I recommend that before such a check, for a while, turn off your main antivirus (this will speed up the scan somewhat).

How to close holes in settings in Windows

(which can lead to PC infection)

It's no secret that Windows has some parameters that are not responding. optimal requirements security. For example, among others, auto-start of inserted disks and flash drives. And, of course, some types of viruses take advantage of this ...

To exclude such settings and close such holes, in AVZ, just open the menu "File / Troubleshooter" (see screenshot below).

After scanning, you will be provided with a report with the parameters that you want to change. I recommend ticking all the lines and clicking "Fix" (by the way, AVZ independently optimizes those parameters that, in its opinion, do not correspond to security - so no manual work!) .

How to restore system settings in Windows

(which have been modified by malware)

After a computer has become infected with viruses, adware, etc. - many parameters and system settings in Windows are changed. For example, you may have some sites blocked for viewing, it is possible that there will be a ban on opening the registry editor, settings changed Internet Explorer etc.

To bring it all back to normal, in the AVZ utility there is a special tab for restoring all the most basic parameters. To open it, click: "File / System Restore" (as in the screenshot below).

Next, you will be presented with a list of what can be restored: just check the boxes that you need (you can, by the way, mark all) and press the button " Perform marked operations".

As a rule, after the performed recovery, the computer starts working normally.

If all of a sudden the above doesn't work, take a look at a few more tips in step 5 ...

1. Scan the system in safe mode

In some cases, it is unrealistic to clean your computer of viruses without Safe Mode! The fact is that in safe mode, Windows loads the most minimal set Software, without which her work is impossible (i.e. a lot of unwanted software just doesn't work in this mode!).

Thus, much of what cannot be removed in normal mode, easy to remove in a safe.

If you can't run the utilities that I recommended above, try running them in Safe Mode. It is quite possible that they will not only open up, but also find everything that is "hiding" from them ...

To enter safe mode- when booting the computer, press the button several times F8- in the corresponding menu that appears, select this mode.

Instructions! How to enter Safe Mode || Windows 7 ÷ 10 -

2. System recovery

if you have check Point recovery, which was created before the infection of your computer with viruses and adware, it is quite possible that, by rolling back to it, you will correct the situation ...

To help! In order not to repeat myself here, I recommend that you read my article on System Restore:

3. Reinstall Windows

In general, I am not a supporter of reinstalling the system for every "sneeze". But in some cases, it is much easier and faster to reinstall the system than to suffer from malware.

Instructions! Installing Windows 10 from a USB flash drive (all steps step by step) -

This concludes the article.

Using the tips "How to clean an infected computer" given in this article, you can remove any type of malware from your computer and return it to working condition

1. Make sure your computer is really infected

Before trying to remove any infection from your computer, you need to make sure that the computer is indeed infected. To do this, please refer to the guidelines that I give in the article "". If this really shows that your computer is infected, then continue with the steps in the next section. Make sure you follow them in the proper sequence.

2. How to clean your computer and make sure it is really clean

Please note that experienced users here you can just go to the last part on how to clean up your computer appropriately. This is the most powerful approach, but it is also one of the most time consuming. However, if necessary, you can go directly to that section and then go back to the beginning again if the infestation was not completely removed.

2.1 Cleaning your computer with CCE and TDSSKiller

Download Comodo Cleaning Essentials (CCE) from this page. Make sure to select the correct version for your operating system. If you are not sure which operating system your computer is running - 32-bit or 64-bit - see. Also, download Kaspersky TDSSKiller from this page. If you fail to download any of these programs, or if your Internet connection does not work, you will need to do it using another computer and transfer it to the infected one using a flash drive. Make sure there were no other files on the flash drive. Be careful with your flash device as malware can infect it when you insert it into your computer. Therefore, do not connect it to any other computers after transferring these programs. Also, I would like to point out that both programs are portable. This means that once you are done using them, you don’t have to uninstall them. Just delete their folders and they will be deleted.

After you have downloaded CCE, unzip the file, open the folder and double click on the file named "CCE". The main window will open Comodo programs Cleaning Essentials. If it doesn't open, hold down the Shift key and double-click the file named "CCE". After CCE opens successfully, you can release the Shift key. However, do not release it until the program is fully loaded into memory. If you release it at least during the UAC request, it will not be able to open correctly, even with a forced method. Holding Shift will help it open even on heavily infected computers. It does this by suppressing many unnecessary processes that could prevent it from starting. If that still doesn't help launch it, then download and run a program called RKill. It can be downloaded from this page. This program will stop known malicious processes... Thus, after launching it, CCE should start up perfectly.

Once it is launched, in CCE, do a Smart Scan ( Smart Scan) and quarantine whatever it finds. This program also scans systemic changes that could have been produced by malware. They will be shown in the results. I would suggest that you let the program fix that too. Restart your computer when prompted. After restarting your computer, launch Kaspersky TDSSKiller, scan and quarantine what will be found.

Also, if your internet connection did not work before, check if it works now. A valid internet connection is required to further steps of this section.

Once the CCE scan is complete and you are satisfied that your internet connection is working, open CCE again. Hopefully it will open this time, but if not, then open it while holding down the Shift key. Then from the "Tools" menu in CCE open the KillSwitch. In the KillSwitch, from the "View" menu, select the "Hide Safe Processes" option. Then click right click on all processes marked as suspicious or dangerous, and select the option to remove them. You should also right-click on any unknown processes that remain and select the "Kill Process" option. Do not delete processes marked as FLS.Unknown. Next, in CCE, from the Tools menu, launch Autorun Analyzer and select the "Hide Safe Entries" option from the "View" menu. Then disable any items owned by files that are flagged as suspicious or dangerous. You can do this by unchecking the boxes next to the items. You should also disable all items marked as FLS.Unknown, but which you think most likely belong to malware. Don't delete any items.

Now restart your computer. After restarting, check your computer again using the advice I give in the "" article. If all is well, then you can skip to the "" section. Remember, disabled registry entries are not dangerous. In addition, please note that even if your computer is clean of active infections, there may still be pieces of malware on it. They are not dangerous, but don't be surprised if a scan in another program still finds malware on your computer. These are the dormant remnants of what you just deleted. If you are not satisfied with the presence of these leftovers on your computer, then you can remove the vast majority of them by scanning in the programs mentioned in the next section.

However, if your computer has not yet been cleared of active infections, but at least one of the programs was able to start, go through the steps described in this section again and see if this will remove the infestations. But, if none of the programs were able to start, please go to next section... In addition, even if repeating the instructions in this section is not enough to clean your computer, you will need to move on to the next section.

2.2 If the computer is still not clean, scan with HitmanPro, Malwarebytes and Emsisoft Anti-Malware

If the above steps did not completely eliminate the infection, then you need to download HitmanPro from this page. Install the program and run "Default Scan". If it doesn't install, go to the next paragraph and install Malwarebytes. When prompted during HitmanPro installation, I recommend that you select the run only option. one-time check computer. This should be fine for most users. Also if malware interferes with it correct launch then open the program by holding down the CTRL key until it loads into memory. Quarantine any infection she finds. Keep in mind that this program will only be able to remove infections for 30 days after installation. During uninstallation, you will be asked to activate a trial license.

As soon as HitmanPro has removed all detected infection, or if Hitman pro could not install, you need to download free version Malwarebytes is from this page. Note that it has chameleon technology that should help it install even on heavily infected computers. I recommend that you uncheck the "Enable free trial of Malwarebytes Anti-Malware Pro" checkbox during installation. Make sure the program is fully updated and then run quick scan... Quarantine any infection she finds. If any program asks to restart your computer, be sure to restart it.

Then download the Emsisoft Emergency Kit from this page. Once it's finished downloading, extract the contents of the zip file. Then double-click the file named "start" and open the "Emergency Kit Scanner". When prompted, let the program update the database. Once it's updated, return to the Security menu. Then go to "Check" and select "Quick", then click "Check". Once the scan is complete, quarantine all found items. Restart your computer whenever required.

After scanning your computer with these programs, you must restart it. Then check your computer again using the advice I give in the "" article. If all is well then you can skip to the "" section. Remember, disabled registry entries are not dangerous. However, if your computer is still not cleaned, then go through the steps in this section again and see if it helps remove infections. If the programs in section 2.1 were not previously able to work correctly, then you should go back and try to start them again. If none of the above programs were able to start, boot into Safe Mode with network support and try scanning from there. However, if they were able to start correctly and the threats still remain even after following the advice in this section again, then you can skip to the next section.

2.3 Try these slower methods if necessary

If the aforementioned measures did not completely remove the infection, then some very unresponsive malware is likely living in your machine. Thus, the techniques discussed in this section are much more powerful, but will take more time. The first thing I advise you to do is to scan your computer with another anti-rootkit scanner called GMER. It can be downloaded from this page. Delete anything shaded in red. Be sure to click the Scan button right after the program finishes its quick system analysis. In addition, if you are running a 32-bit operating system, you must download a program to find and remove the ZeroAccess rootkit. Information about this rootkit and a link to a program to remove it from 32-bit systems can be found here at. AntiZeroAccess can be downloaded from the link in the second paragraph.

After scanning in the above programs, next you should open CCE, go to settings and select the option "Scan for suspicious MBR modification". Then click "OK". Now in CCE do a full scan. Reboot when required and quarantine whatever is found. Note that this option can be relatively dangerous as it can identify problems where they are not. Use it with care and make sure you have backed up anything important. Please note that on rare occasions, scanning with these options may render the system unbootable. This rarely happens, but even if it does, it is fixable. If your computer stops starting after performing this scan, use your Windows installation disc to restore your system. This should help get your computer to start up again.

Once CCE is completely finished, reopen CCE while holding SHIFT keys... This action will complete most unnecessary processes that might interfere with your scanning. Then open KillSwitch, go to the "View" menu and select "Hide Safe Processes". Now, remove all dangerous processes one more time. Then, you should also right-click on any unknown processes that remain and select "Kill Process". Don't delete them. you should follow the advice in this paragraph every time you restart your computer to be sure that the following scans will be as effective as possible.

After completing all processes that were not considered reliable, you should open the HitmanPro program while holding CTRL keys... Then perform a "Default Scan" and quarantine whatever it finds. Then perform a full scan in Malwarebytes and in the Emsisoft Emergency Kit. Quarantine whatever they find. Then download the free version of SUPERAntiSpyware from this page. During installation, be very careful as other programs come with the installer. On the first page, make sure to uncheck both options regarding installation Google chrome... Now select the "Custom Install" option. During a custom installation, you will have to uncheck the two checkboxes from the option Google uploads Chrome.

Apart from that, the program will install just fine. When prompted to start a free trial period, I advise you to opt out. Once the program is fully loaded, select the Complete Scan option and click the "Scan your Computer ..." button. Then click the "Start Complete Scan>" button. Delete any detected files and restart your computer when required.

After completing these steps, you must restart your computer. Then check it again using the advice I give in the "" article. If all is well, then you can skip to the "" section. Remember, disabled registry entries are not dangerous. However, if your computer is still not cleaned, then follow the steps in this section again and see if this helps in eliminating the infection. If not, then you need to move on to the next section.

2.4 If necessary, do boot disk

If the above methods did not completely eliminate the infection, or if you cannot even boot your computer, then in order to clean your computer you may need a bootable CD (or flash drive), also called a bootable disk. I know this may sound complicated, but it really isn't that bad. Just remember to create this disk on a computer that is not infected. Otherwise, the files may be corrupted or even infected.

Since this is a bootable disk, no malware can hide from it, disable it, or interfere with its work in any way. Hence, scanning in different programs in this way, it should allow almost any machine to be cleaned, no matter how infected it may be. The only exception here is if the machine itself was infected. system files... If so, then removing the infestation could harm the system. Mainly for this reason, you have reserved everything. important documents before starting the cleaning process. However, sometimes you can get around this by following the advice I give below.

To do this, you must download. It is an excellent program that will allow you to create a single bootable disk with several anti-virus programs. She also has many others useful functions which I will not discuss in this article. Some very useful tutorials for SARDU can be found here on this page. Be very careful about additional offers now included in the installer. Unfortunately, this program is now trying to cheat people in order to install additional programs which are mostly unnecessary.

After downloading it, unzip the contents and open the SARDU folder. Then run executable file which matches your operating system is either sardu or sardu_x64. On the Antivirus tab, click on the antivirus applications that you would like to burn to the disc you are creating. You can add as much or as little as you see fit. I recommend that you scan your computer at least with Dr.Web LiveCD, Avira Rescue System and Kaspersky Rescue Disk. One of the nice things about Dr.Web is that it sometimes has the ability to replace an infected file with a clean version of it, instead of just deleting it. This will help you clean up some computers without harming the system. Therefore, I highly recommend that you include Dr.Web in your boot disk.

Clicking on the names of the various antivirus applications will often direct you to a page from which you can download an ISO image with the appropriate antivirus. Sometimes, instead, you will be given the option to download it directly through SARDU, which can be found under the Downloader tab. If you have a choice, always choose the option ISO downloads... Also, after loading ISO file you may need to move it to the ISO folder located in the main SARDU folder. Once you have moved all the ISOs you need antivirus products to the ISO folder, you are ready to create an emergency boot disk. To do it, go to the Antivirus tab and make sure that all the antiviruses you have selected are checked. Now click the create button for either USB device or disk. Any of these options will be acceptable. It only depends on whether you want to run the rescue disk from USB or from CD.

After creation rescue disk you will probably need to change the sequence bootstrap in your BIOS settings to ensure that when you insert a bootable CD or bootable flash device, the computer boots it and not the operating system as usual. For our purposes, you should change the order so that the first item is "CD / DVD Rom drive" if you want to boot from CD or DVD, or "Removable Devices" if you want to boot from flash drive. Once this is done, boot your computer from the rescue disk.

After booting from the disk, you can choose with which antivirus you would like to start scanning your computer. As I mentioned earlier, I would recommend starting with Dr.Web. When this program finishes and you restore or delete whatever it finds, you will need to shut down your computer. Then be sure to boot from disk again and then continue scanning in other antiviruses. Continue this process until you have scanned your computer in all antivirus programs that you burned to your boot disk.

After cleaning your computer with programs that you burned to disk, now you need to try starting Windows again. If the computer is able to start from under Windows, then check it using the instructions that I give in the article "". If all is well, then you can skip to the "" section. Remember, disabled registry entries cannot be compromised.

If your computer is not cleaned yet, but you can boot from Windows, then I would advise you to try cleaning it while in Windows, starting with this article and following the suggested methods. However, if your computer still cannot boot Windows, then try again to tidy it up using the installer. Windows disk... This should help get your computer to start up again. If even this does not help to make it bootable, then try adding more antiviruses to the emergency boot disk and then scan your computer again. If doing this still doesn't help, then read on.

3. What to do if the above methods did not help clean your computer

If you have followed all the above instructions and still could not clean your computer, but you are convinced that the problems are caused by malware, we would be very grateful if you leave a comment and explain what you tried to do to clean your computer, and what remained signs that make you think your computer is still not cleaned. This is very important in order to improve this article. Really hope no one ever gets to this section. This article is intended to give you the ability to clean the infected computer completely.

You can also seek advice on the dedicated malware removal forum. A very useful forum, which is our partner -. However, if even after asking help on the malware removal forum, your computer still hasn't freed itself from harmful programs, you may need to format your computer and start it like that. This means that you will lose everything that you did not copy beforehand. If you do, be sure to produce full formatting your computer before reinstalling Windows. This will eliminate almost any kind of malware. Once Windows is reinstalled, follow the steps in.

4. What to do after all malware is finally identified for removal

After making sure that your computer is cleaned, you can now try to recover anything that was lost. You can use Windows Repair (All In One), an all-in-one tool that allows you to fix a large number of famous Windows problems including registry errors, file permissions, Internet Explorer, windows updates, windows firewall... If, after completing all the procedures, your computer is working normally, then you can also open Comodo Autorun Analyzer and select the option to delete those registry entries that you just disabled earlier. Thus, they will no longer be on your computer at all.

Once you have safely removed all infiltrations from your computer and removed the remnants of the devastating consequences, you must take steps to ensure that this does not happen again. For this reason, I wrote a guide "How to stay secure online" (to be published on our site soon). Please read it later and implement the methods that you think best suit your needs.

After securing your computer, you can now recover any of the files lost during the cleaning process that were previously saved in backup... Hopefully this step will not have to be done. Also, before restoring them, make sure that your computer is very well protected. If you do not protect your computer sufficiently, then you can accidentally infect it, and then you will have to clean up the infection on it again. In addition, if you used a USB device to move any files to the infected computer, you can now insert it back into the computer and make sure there is no malware on it. I recommend doing this by deleting any leftover files on it.

Found a typo? Press Ctrl + Enter

Unfortunately, you cannot scan your computer for viruses using only one website opened in a browser. The fact is that for security purposes, web services do not have access to local files and programs on the PC.

But there are cloud antiviruses that can scan the system without complete installation and registration. To use one of them, you just need to download a small client and run it. After that, you can scan the entire computer or select partitions for a partial scan. In the process, the program will download the data it needs from the cloud. If viruses are found, the service will offer to remove them.

If you want to scan your computer with a cloud antivirus, try these services. All of them are products of well-known companies and work in a similar way - according to the scheme described above. Therefore, you can choose any of them.

Of course, such an online scanner is only suitable for periodic checks on demand and does not provide constant protection computer from malware and network attacks... Therefore, it is not an equivalent replacement for a paid antivirus.

Maybe, similar services there is for mobile devices, but I won't recommend them. After all, even android developers they say that most users do not need antivirus software for this system: it is enough to install programs only from Google play and be careful with. A iOS system too closed for viruses to pose a serious threat to the iPad or iPhone.

Web services for checking individual files

If you want to scan a small file or archive of files for viruses, you can do this completely online, without installing any programs at all. You just need to go to any of the resources listed below, download suspicious file from the computer to the server and click on the check button.