3

Possible Duplicate:
What to do if my computer is infected by a virus or a malware?

My Mom, who uses Windows 7, thinks she may have opened a virus -- she double clicked normally and did not run as Administrator, so I tried to delete the .exe but it was in use so I do think she ran it. The first things I've tried:

  1. CTRL-Alt-Delete and killed "cmd" (which she would never open)
  2. checked MSConfig and looked in services and startup; it was clean (I also checked the startup folder and saw nothing)

It looks like its fine and the virus was probably designed for Windows XP. What do I do once a virus has been opened in Windows 7?

Note: I ran Windows Defender and it found nothing. There's no other anti-virus then that installed.

Community
  • 1
  • 5
    Have you run a virus scan to make sure that it is, in fact, a virus? – please delete me Oct 24 '11 at 15:00
  • Use a web based scanner if windows defender is all you have, I believe Kaspersky, Trendmicro, and Eset offer them. Also get Malwarebytes and run a full scan it tends to find things most AV products miss. – Supercereal Oct 24 '11 at 15:09
  • 1
    There is a community wiki question that deals exhaustively with this question. Go ahead and check it out and if your situation differs, re-ask this question with the details of what you've done already and we can then provide help from that point: http://superuser.com/questions/100360/what-to-do-if-my-computer-is-infected-by-a-virus-or-a-malware – music2myear Oct 24 '11 at 15:11
  • @music2myear well that one is generic windows and an already infected machine. I believe nothing was infected but asking this for ideas on how to check. The places i mention are hotspots and windows D found nothing. I dont think the machine was infected –  Oct 24 '11 at 15:16
  • @Kyle - Defender is as good as any other AV system (it may have flaws, but they all do). – ChrisF Oct 24 '11 at 15:16
  • Defender is an anti-spyware program, not an anti-virus program. If you don't have any other programs installed I'd recommend Microsoft Security Essentials. It's free, pretty well rated, and easy to use. But you should follow at least a couple steps from the linked doc above to scan and make sure you're actually clean. MSCONFIG is not a reliable place to look for infection traces. – music2myear Oct 24 '11 at 15:23
  • @Chris I'm sure it's not a bad program (I personally don't use it) but I always suggest running an online scanner or live disk as well as built in AV when checking for a virus. After re-reading my comment I can see how this implies lack of quality with Windows Defender. – Supercereal Oct 24 '11 at 15:29
  • I find that Defender keeps warning the user about dangerous software for well-known software that isn't actually dangerous (usually open source software, such as UltraVNC and 7-Zip). In this day and age, security software really shouldn't be making these types of errors. – Randolf Richardson Oct 24 '11 at 15:37

1 Answers1

1

Get a good anti-virus program, and try to use it to remove the virus. I really like F-Prot Anti-Virus because it has worked very well for me and my clients (there are many choices):

  F-Prot Anti-Virus (free for 30 days; by FRISK Software, in Iceland)
  http://www.f-prot.com/

  One more reason to like F-Prot -- they're anti-spam, and they confronted the Anti-Virus industry on it
  http://www.lumbercartel.ca/resources/security.pl#f-prot

(F-Prot has a free 30 day evaluation period, and then after that it's $29 for up to 5 computers at your home, so you can try it for free to find it out if works well for you.)

But, if you are dealing with one of those stealth viruses that prevents removal by anti-virus software (there are quite a few out there), then McAfee's free "Stinger" tool can probably get rid of it (I've found this tool to be very useful, but it doesn't have any automatic updater and it is NOT a replacement for a regular anti-virus product):

  McAfee Stinger - Stealth virus removal tool (free)
  http://vil.nai.com/vil/stinger/

Stinger will get rid of stealth viruses while they are actively running in your system, which is great because it means you don't always need to remove your hard drive to run an external scan from a clean system.

If the regular Anti-Virus solution and the Stinger solution fail, you may need to remove the hard drive and scan it from a clean system or use one of the reputable self-booting Anti-Virus scan CDs that are floating around on the internet. I believe Kaspersky makes one of these, but I've not had need to use this yet because the two solutions I listed above have always worked well for me.

The other possibility is that you're dealing with SpyWare, in which case you'll need a good SpyWare removal tool. Here are two that I really like, and which I've found to be safe and reliable (you should teach your relative how to use MalwareBytes on [at least] a monthly basis because it has a really simple interface):

  MalwareBytes.org (free)
  http://www.malwarebytes.org/

  SpyBot - Search & Destroy (free)
  http://security.kolla.de/

Note: Sometimes you need to run these tools from Windows Safe Mode, which requires a reboot and then pressing "F8" at the very start (before the "Loading Windows" logo appears).

Randolf Richardson
  • 14,634
  • 39
  • 52
  • I deleted the original exe after i restarted. I'm positive nothings on here but i am wondering about quick ways to check if it has done something –  Oct 24 '11 at 15:14
  • 3
    You'd better scan anyway. The way a lot of this software works is also with deceptions -- sometimes they'll detect attempts by the user to delete, and then they'll just lay dormant for a while to create a false impression that the deletion was successful. – Randolf Richardson Oct 24 '11 at 15:16
  • 1
    @acidzombie24 this is a "quick" way to check... Generally we advocate the nuke it from orbit approach. – Supercereal Oct 24 '11 at 16:05