How to detect and remove a virus, spyware or trojan?

by Dev Duff on October 31, 2010

Have you ever felt that over the time, your computer started running slower? Perhaps that’s not the only thing that’s bothering you. You experience slower load times, you see the hard drive light flashing over nothing, you find your computer grinding even when you are not using it, programs taking a bit longer to open and other problems that indicate the presence of virus or other malicious software. Many a times you wait for the computer to quickly load up to the desktop but it takes a lot of time to completely load all the programs. These all may be the symptoms of a virus or spyware infection and you really need to take an action fast! So, how to detect and remove a virus or spyware from your computer? Let’s discuss what can we do in case we get indications of virus or spyware presence on the computer system.

(For latest antivirus and security coupons,
visit the antivirus coupons page)

To detect a virus, spyware or any malicious software on your computer system, we will follow these 8 steps. We will detect virus/spyware, try to remove it from the computer, ensure zero infection and restore normal functionality on the computer system:

  1. Check MSCONFIG and Registry for infection
  2. Check Task Manager for processes
  3. Use free tools to detect virus/spyware
  4. Take Best Antivirus support
  5. Scanning computer in safe mode
  6. Research on virus/spyware found
  7. Fine tune the computer system
  8. Take professional assistance

Check MSCONFIG and Registry for infection

The first step to begin detecting the presence of a virus/spyware/malicious software is to understand what programs are running in the background. If we found any files determining infection, it is important to quickly detect its location, understand the severity of the infection and explore methods to remove it. To begin with, we will first of all check what is loading on the computer system whenever we start the computer.

MSCONFIG: Microsoft System Configuration Utility (MSCONFIG) is a very good utility to know about your computer system. Please follow these instructions to open the MSCONFIG window:

Click Start > Run
Type msconfig and hit enter as shown below.
(if you get a prompt for Yes/No, click Yes)

Start Run

Once the msconfig window opens, we will click on the tab that says “Startup”:

Msconfig

Look for all the entries that have a check mark. Do you see any suspicious entries checked? If yes, please uncheck them. Once done, click Apply and then OK. If it asks you to restart computer, please restart the computer. Once we are back at the desktop, we will check the registry.

REGISTRY: A word of CAUTION: Do NOT delete anything from registry unless you are sure. Windows Registry is a very sensitive component of the Windows operating system and if you deleted any important key by chance, it may result in instability of the operating system. To check registry, follow these steps:

Click Start > Run
Type regedit and hit enter as shown below:
(if you get a prompt for Yes/no, click Yes)

Startrun

Once the registry editor window opens, we will first of all make a backup.
Click on left side on COMPUTER.
Then click .. File > Export.
Save the file as registry-backup and save it on the desktop.

Now open these locations in the registry editor:
HKEY_Current_User > Software > Microsoft > Windows > CurrentVersion > Run
HKEY_Current_User > Software > Microsoft > Windows > CurrentVersion > RunOnce

HKEY_Local_Machine > Software > Microsoft > Windows > CurrentVersion > Run
HKEY_Local_Machine > Software > Microsoft > Windows > CurrentVersion > RunOnce

Once you browse to these locations, check on right side for any suspicious keys. If you find anything suspicious, search it on Google and make sure if it is a legitimate key or something suspicious. If you find any malicious keys, simply right click on them and then choose Delete. We are going to remove all the keys that you think are suspicious. PLEASE do not delete any keys without knowing their purpose.

Regedit

Once you are sure that only legitimate keys appear in all 4 locations of the registry, close the registry editor window and restart your computer.

Check Task Manager for running processes

Most of us are aware of what is task manager. For anyone who does not know, please follow these instructions to access task manager.

There are multiple ways to access task manager.
Press CTRL+ALT+DELETE, and then click Task Manager.
OR
Press CTRL+SHIFT+ESC
OR
Right-click an empty area on the taskbar, and then click Task Manager.

Task manager

Click on the “Processes” tab on the top and you will see a lot of processes (nearly 60 processes). There may be more depending on the number of programs installed on your computer. Look through the list of processes and see if there is anything suspicious. For reference, use Google Search to get information about these processes if they are legitimate or not. If you are sure, some process is suspicious, you can research on the severity of the infection. There are other things you may try. If you know the location of the infected/malicious file, go to that location and try to delete the file or at least try renaming it. A lot of times, renaming can do wonders.

Use free tools to detect virus/spyware

There are many free tools available that can help you detect infection on your computer system. The best of all is the HijackThis application. Download the executable file from the website and install it on your computer. Run the application’s executable file and generate a log file. Save the log file on your computer’s desktop. Then open it in a text editor, copy all the content and paste it at Hijackthis.de website. You will find this utility really helpful because it will highlight the problematic software installed and/or running on your computer.

Once you find the problematic keys, you can then DELETE those keys using the Hijackthis application. Hijackthis uses “user support” to determine whether a key is malicious or not. However, I would suggest you to use Google Search to determine whether a key is legitimate or not. Only then take an action based on your research. Deletion of keys cannot be undone, so make sure that you are deleting only the bad keys.

Take Best Antivirus support

If you have a good antivirus security software on your computer, run a full system scan. In case you don’t have a good antivirus software, find out the top ten antivirus 2011 and download the best antivirus program. I would suggest you to go with complete internet security package that includes antivirus, antispyware, firewall, antispam, and more.

Once downloaded, install it and run a full system scan. Scanning may take at least an hour, more if you have lots of data on the computer. Do not use the computer when the scan is running, do not interrupt/pause the scan either. Once the scan is completed, research on the infections found. Although the infection may “seem” to be removed, but there is another step that we can follow to ensure virus/spyware is removed.

Scanning computer in safe mode

This is a crucial step in scanning the computer. Sometimes, scanning in normal mode does not help removing the virus/spyware infection. It is better to start the computer in safe mode and then run a full system scan.

Windows Safe Mode

Shut down your computer. This time when you start it, as soon as you press the power button, begin tapping on the F8 key on your keyboard. You have to tap on the F8 key immediately after pressing the power button. You will see the Safe Mode options screen. Highlight the first option “Safe Mode” using your keyboard up/down keys and hit enter. You will see bunch of information on screen but nothing to be worry, it is normal. You may be asked for the Admin user/password. If you know it, good. If you don’t, simply leave it blank and hit enter. Chances are you will bypass the admin login screen and you will see a black and white desktop with fewer icons. That’s normal!

Now click Start > All Programs > XYZ Antivirus

What I’m trying to say, run a full system scan. If any virus or spyware is detected, quarantine it or remove it. If it all comes clean, that’s actually a good sign. If there is some infection which your antivirus can’t remove, let’s continue the troubleshooting.

Research on virus/spyware found

At all times, you should be ready to research. Only in safe mode you can’t access internet, otherwise, you can always access Google Search. Whenever you find anything suspicious, just Google it and find information about that application/file. There are many security forums online where you can find loads of information about virus/spyware infection, search on these forums. Search for blog articles like the one you are reading right now. There is loads of information but just make sure that you follow instructions on only those forums/blogs that have legitimate information. There are many blogs/websites where people try to push their cheap software in order to create further troubles for computer users. Be very careful! Do not buy anything that’s not fully trusted.

Fine tune the computer system

Even after performing all the above mentioned steps, your computer is running slow and/or giving errors. You still have a feeling that the system is infected with some virus, trojan, spyware or a malicious software. May be by fine tuning, we can get rid of the problem that’s causing slow system performance. Fine tuning involves a lot of steps but to make it simple, follow this article to make computer faster in easy steps. I wrote this article after applying all these steps on my personal computer. These steps are the result of my 8 years of computer troubleshooting experience.

Take Professional Assistance

If nothing helps, only a professional can help! I’m sure, you agree with me. Although you tried a lot of different things and tried to resolve the problem on your own. But there are certain times when only a computer expert can help. However, taking that bulky computer to a troubleshooter may be a tough nut to crack. Mingling with all those wires and then disconnecting-reconnecting components, all of that may be a little too much for someone who knows only the basics of a computer system. You can allow a professional to access your computer through remote assistance and let them fix the software problem while you can enjoy your coffee and just be a spectator! That’s possible with remote assistance! The only service that I have tried and benefited from is the Spotmau computer service which is simply outstanding! They have specialized software that can fine tune your computer, check for errors and more. However, if you have virus/spyware infection, they can even provide technical support at a small price. The reason I recommend Spotmau is because they are fully trained to handle any computer problem, be it software or hardware. If nothing is working for you, they will definitely provide needed support that will help you fix your computer and get it up and running!

This post was written by...

– who has written 305 posts on Dev Duff.

Contact the author

Leave a Comment

Previous post:

Next post: