How to kill a computer virus
In 1949 John Von Neumann postulated and lectured about a future where computer programs would be designed to self replicate. Later on proponents of terra forming other worlds envisioned machines that could build other machines with programs that could create new programs and optimize their own. This would save humans a lot of work and a lot of money. But it was all just hypothesis back then, as no one had as yet written such programs.
By 1980 Jurgen Kraus was lecturing on the subject of computer programs that could be designed to act exactly like viruses. The analogy stuck and so did the name. However, the analogy had been used by sci fi writers since 1969, and the first self replicating virus had been created in 1971 by Bob Thomas at BBN technologies.
In hindsight it might be considered ironic that the first computer virus outside a lab (in the wild) was written in 1981 for the Apple dos system. It was called “Elk Cloner”.
The first IBM dos virus was created in 1986 called the “brain”. It was created by a software engineer in India to supposedly protect his work from piracy.
When I bought my first PC in 1989 I knew nothing about them. It was an IBM XT. It had a 4meg processer and a math co-processer. It ran MS dos 3. After playing with it for a few weeks I discovered that I couldn’t format a 5 inch floppy. After asking around I discovered that the reason I couldn’t format a floppy was because the program that formatted floppies was missing from my dos program. That wasn’t all that was missing.
I quickly went out and bought a copy of dos 3 for 5 dollars and installed it. As soon as I did, my computer told me it was stoned, and shut down. Apparently, without all those commands, the virus had been kept at bay.
I would discover that I had the “Stoned” virus. Lucky that the floppies I had bought came with a complimentary virus scanner. I had dozens of floppies, and after I cleaned my 10 meg hard drive I found out all the floppies were infected too, and whenever I ran any program I re-infected my computer.
Viruses are often very destructive and replicated themselves into all .exe and/or .com files. In other words: they replicate in to all programs. After all, a virus needs a host in order to reproduce itself. So does a computer virus. This inevitably ends in a useless computer.
Right up until the late 1990s, viruses were the worst malware we had. (malware being the term used to describe any destructive or intrusive computer program.) There are close to 300,000 computer viruses compared to the 5000 biological viruses we have studied and categorized so far.
But computer virus didn’t do much more than cause destruction. And while being able to boast about how much damage your program does must be a real ego boost for the virus programmer, Trojan horses do what the original Trojan horse was reported to have done: It opens a door by which it can let others in. It can also send messages, email all your contacts, send personal info including online bank info, report on your keystroke or internet activity to just about anyone including unscrupulous advertisers, or open a back door which others can use to control your computer or hijack it for use as a server for pirated material without your consent. In other words: they can make unscrupulous people a lot of money.
The third type of malware we’ve seen is called adware or spyware. This is the reason you might have hundreds of pop ups and a slow computer. Adware was originally designed to spy on you for advertisers, who then use that info to target you with their ads. But it was soon obvious that the same software could be used to spy on us for all kinds of reasons.
Spyware can also redirect your browser to web pages you didn’t intend to go to, like porn sites, or suddenly tell you you have a virus and just have to buy a particular unknown antivirus program because no other will save you. Meanwhile it probably has a Trojan in it that will invite a host of other malware into your computer. And, of course, unscrupulous people can make money.
But the worst of the bunch is the rootkit. It, again, can kill a computer like in the old days. But this one can destroy your bios and cost you sometimes more than your computer is worth. The trouble is, most virus scanners won’t even detect them.
As malware grew, so did antivirus software manufacturers. Some have even suggested that the industry has on occasion been responsible for making some of the viruses we suffer. It’s probably not true.
It’s even been suggested that some malware is created by software manufacturers so they can offer it for illegal download in order to infect the pirated software and make downloading less attractive. Wouldn’t be the first time a programmer created a virus to protect their work. But the truth is that there are enough smart programmers out there that if the antivirus companies and major software makers were in the business of making viruses, we would soon know.
Most of all: there are enough people with enough reasons to create the next super bug even without the obvious suspects joining in. All of them should, of course, drop dead in shame. But they won’t.
So if you get malware on your computer, what do you do?
The easy answer most tech support centers will give you is: Pull out that restore disk and reset your computer to factory settings. It’s the quick and easy solution, but you lose all your personal programs, pictures, music, movies and documents.
If you back up like you know you should, it won’t matter. But let’s face it, who backs up as often as they should?
The first things to know when going after a virus are: is your virus scanner active? Is it updated? Do you have updated anti-spyware software installed?
The biggest problem people face is not having any antivirus software at all, or having inactive software. When you buy a computer it comes with a virus scanner. The problem is that it is usually a trial version. They expect you to buy it after you have tried it. If you don’t buy it the software stops working and you are no longer protected.
You need a working antivirus scanner so you either need to buy one or download a free one. The important thing to remember is that you need to uninstall the old one. Never have two virus scanners installed at the same time. Your computer will be slow, and certain combinations have been known to cause serious problems like not being able to boot up again.
I have found that the free antivirus scanners are as good as if not better than the big name brands. For one thing the big name brands are invasive. They also have a lot of bells and whistles you don’t need and that can slow down your computer by running processes in the background that take up your resources.
The only advantage to going to the store to buy an antivirus program is that they usually come on a bootable CD which can be used if the virus is so bad that you can’t even boot to safe mode.
There are several truly free scanners out there like: “Avira” and “Avast”. I’ve used both and have been happy with both. But the most positively reviewed of the two is Avast. You can get them from www.download.com (type: “free antivirus” in the search window) or from their websites. While other scanners on download.com are probably ok to use, some are defiantly trial versions.
Beware of bogus antivirus programs, and never buy one that pops up out of nowhere telling you your computer is infected.
If you think you have a virus, do a virus scan making sure you update the virus definitions first. The virus may be new. Most antivirus programs update their definitions at least once every day. However, if you are infected, your virus scanner may be infected. Some viruses compromise your scanner so they can go unnoticed. After all, your virus scanner didn’t protect you from this particular problem. So if you can get online, do an update but don’t run it yet.
The first thing to do is an online scan, if you can get online. If you can’t, going back a few days by using system restore may get you back on line. But it won’t solve your virus problem.
Trend micro has a free online scan called Housecall: http://housecall.trendmicro.com/ Other major players like Norton and McAfee may have free online scans as well. They have both offered them in the past and then removed them. Trend micro is the only one that has offered a good free online scan, uninterrupted, for at least the last 20 years, so I know they will likely continue to for some time.
Once you have done the scan and removed what it found (if it found anything) your computer may be fine. But in all likelihood it’s not over. Because of Windows security system, running files can’t normally be deleted. You can turn that feature off, but then you are really vulnerable. Not recommended.
If you are an advanced user: once you know the name of the running process you can stop it from running and delete the virus manually. All virus scanners will tell you where the infected files are in your computer. That’s the main reason to do the online scan, other than the hope that it will solve your issue right off the bat.
Use windows explorer to find the virus using the antivirus information. To stop a process press control, alt and delete, at the same time. Choose task manager and go to processes. Find the process associated with the virus and shut down the process. Then you can delete the file. But you are probably not done.
Once you know the name of the virus you can look it up at almost any major antivirus site. It should tell you what if any files the virus or trojan dropped. You can delete those too. Then you may have to enter the registry with the command: regedit, typed into the run window. Most sites will tell you exactly what to look for and what to delete or change. Don’t do or change anything else in the registry, as you could make things worse.
For those not so adventurous: If the scan did remove the virus, reboot and rescan. If nothing is found and your symptoms are gone you won. But if your symptoms persist you may have only gotten part of it. Next step is to run a spyware scan. I use Spybot search and destroy. It’s free from download.com and it’s good. There are others, but again, you have to be careful.
If it finds things, remove what it finds with the fix button. It may want you to reboot and run a scan before the computer loads all its drivers and .dll files. That way it also bypasses the windows safety feature. If your symptoms are gone you’ve done it. If not you need to run your virus scanner in safe mode.
To get to safe mode restart the computer and tap f8 once per second. Not too fast or you will confuse the computer. You should end up at a menu. Choose: safe mode.
Log in the admin account. If you set a password when you set up the computer you will have to use it. If not, there shouldn’t be one. Once in, run your virus scan with your updated scanner. If a virus is found the scanner should be able to delete it.
Once gone, reboot and see if your symptoms are gone.
If they aren’t or if none of the scans revealed anything you may need to have a pro look at it. But if you have some computer knowledge you can run a program called: “hijack this.” It doesn’t tell you you have a problem, it just tells you what is running and alerts you to items it doesn’t recognize.
If you know your stuff your answer may be right in front of you. If not you can cause yourself more problems if you delete processes you are not familiar with. It’s great if you familiarize yourself with the tool when nothing is wrong. That way you can see what changed and what may be causing you problems later on.
The last thing you can check for is a rootkit. A rootkit is a bit of software that cloaks malware processes to avoid being found by antivirus and spyware software. There are a few rootkit scanners out there that are really good, but you need to be a very advanced user to get benefit from them. Kaspersky TDSSKiller has a standalone scanner that is free for download: http://support.kaspersky.com/faq/?qid=208283363
Avast has it’s own free tool called: aswMBR. You can download it at: http://public.avast.com/~gmerek/aswMBR.htm
I’ve used both and found them both up to the job.
So as you see, killing viruses isn’t easy and it isn’t for the faint at heart. I’ve done battle with some viruses that have taken 3 days to find and kill. The only reason I didn’t pick up the restore disk or the windows disk and do a full reformat and clean install, was because of the challenge and the thrill of the hunt and the kill.
I’ve never had to buy antivirus software in 20 years of computer use. There is always a good free scanner out there for any application.
Don’t take virus removal as a chore. It’s an adventure. And what better way to get to know your computer inside out?
If you aren’t all that adventurous, make sure to back up everything… twice. Then when the big one hits, you can just pull out that restore disk and laugh.