How to troubleshoot suspected virus infections

[Wayward_Son]

I've seen many threads that relate to viruses and similar issues here at CoG (and elsewhere but that goes without saying). Many people, apparently, go right to the formatting route before trying anything other than freeware A/V scanners. Therefore, I thought it suitable to suggest the following:

If you think you have a virus, first thing to do is boot into Safe Mode run whatever anti-virus you have installed; if the results come up null and you think you may still have an infection, try an online viral scanner; you'll have to use "Safe Mode with Networking", but beware- if you have a worm (self-replicating virus), it can still spread through a net connection.

My personal favorite, because it's free and holds a very high reviewer-rate, is BitDefender's Online Scanner.

If it finds nothing, you probably do not have a virus. If it DOES, but cannot remove it (or if you still aren't satisfied), you can use Benjamin's UBCD4Win. Burn and boot from it, and you'll have access to a wide array of tools, not the least of which include various malware removal tools. Run them all, and if you have an infection somewhere, at least one of the scanners will at least pinpoint the issue, and in most cases, remove it.

If that doesn't fix what ails you, chances are your problem is not malware, viruses or what-have-you, and you should do some googling to find a specific answer. But please make sure you run through the usual steps before you assume you have an infection, it'll save you lots of time and effort. Or, instead of starting a thread, ask someone who has had a similar issue. Just beware, if it's a trivial matter you might be greeted with sarcasm of the highest order.

Reliable freeware (installed) scanners:
Avira Anti-Vir, my personal favorite.
AVG
Spybot Search & Destroy
Super Anti-Spyware (verify, someone?)

Check out this thread for more software suggestions.

Don't think that Lavasoft Ad-Aware is going to save you from an infection, I know even myself used to think that was all you needed. I also wouldn't rely on System Restore but it actually CAN save you from infections, on occasion.

Also, it's very worth cleaning junk files and registry entries; for both, for the sake of simplicity and brevity, use CCleaner (or NCleaner)

*Admins, feel free to sticky this, if there isn't already a similar stickied thread- we've all seen many PC'ers who fear they have a virus, and I feel as though this is a good route to take if such a suspicion arises. I've always went this route, and it hasn't betrayed me yet! I'm not sure if someone else has made a similar thread, but since I keep seeing people asking about this, I assume not.

**In the event this does get stickied, since I'm the thread author, feel free to PM me if you're having difficulties; I'd recite my qualifications but who cares, if you're having issues just ask instead of starting a new thread, I'm glad to help anyone that needs it.

***Also, any CoG'ers that have had experience here, I'd appreciate a post here that might cover anything I could have missed; it's 3 in the morning here, so I very well may have missed something, I decided to write this after seeing a thread in GReader about a possible virus issue; instead of having a shitload of threads that cover the same topic, I thought we could condense it into one. I know not every gamer is an IT expert, but I also know that there are lots of such experts who read and post here, so any input isn't lost, especially to those who might be able to avoid a format of their box.

[RandoM51]

download free/trial AV of choice (avira, for instance)
download standalone AV definition update
download free/trial Antimalware of choice (spybot S&D, for instance)
download standalone AM definition update
disconnect network
boot to safe mode
install av+update, am+update
reboot to safe mode, run full scan with each, repeat until both come up clean.
boot to normal mode, run full scan, repeat until both come up clean.
reattach network

Nowadays the plain old virus takes a back seat to malware. Last pc I scanned for somebody had 108 malware problems---real problems, we're not talking a bunch of tracking cookies---and exactly one virus.

[Dukefrukem]

I'd just like to point out I think virius scanners are a waste of time/money, if you know what you're doing, you don't need them. I haven't run a scanner since 2005 and I haven't done a reinstall of an OS since 2004.

[Wayward_Son]

On a side note, you can avoid a lot of problems by blocking evil-doing sites; best way to do this is via your HOSTS file.

An easy way to do this is to download HostMan, and update your HOSTS. I suggest this tool because it's very easy to go in and comment out (disable) entries you might want, because it likes to disable a lot of sites that are "safe" like MySpace and Facebook. You can also outright disable the HOSTS if need be, although you should remember to re-enable it.

Any change to your HOSTS will not take effect until you restart your browser.

[CappinCanuck]

Quote:

Originally Posted by Dukefrukem

I'd just like to point out I think virius scanners are a waste of time/money, if you know what you're doing, you don't need them. I haven't run a scanner since 2005 and I haven't done a reinstall of an OS since 2004.

Exactly. I use one for prevention mainly, that's why I have ESET with the best heuristics rating. Otherwise, they're all pretty useless in my experience. I've gotten a few virii, none of which a scanner could ever clean. I had to do it myself by tracking it through hijackthis; going into the registry to find it; using killbox or in one extreme (bastard of a) virus, I had to install a second OS and get through the security to delete the other's system files. Either way, a scanner has never ever helped me one bit. I also haven't gotten one accidentally for 10 years.

But if you don't know how to do those things, a scanner is the alternative.

[Kelegacy]

I have used combofix and vundo removal in the past with great results. Especially when I caught that goddamn malware for some Windows product that will fix your issue if you purchase. That should be illegal. It was so hard to get rid of until I stumbled upon combofix. I've caught it 3 times from 2 different computers. My laptop was the last victim. Spybot and Adaware have worked for some lesser intrusions as well.

Yes, I blame porn. Sue me, I like titties.

[Wraith]

Combofix was recommended to me a couple months back, and it fixed an issue that AVG (which was already running on the PC) and various anti-malware apps weren't able to find or fix. Though it definitely sounds like something you need to be a bit careful about running. Instructions here.

Also recently walked someone through running Malwarebytes in safe mode, and it got rid of their problem (which was of the "hey, buy our scam malware removal to remove this malware we just gave you" variety).

[CappinCanuck]

Quote:

Originally Posted by Wraith

Also recently walked someone through running Malwarebytes in safe mode, and it got rid of their problem (which was of the "hey, buy our scam malware removal to remove this malware we just gave you" variety).

I love those... I giggle every time I see one. Or the performance tools ads that give you multiple flashy popups to slow down the browser.

[J Arcane]

Quote:

Originally Posted by Dukefrukem

I'd just like to point out I think virius scanners are a waste of time/money, if you know what you're doing, you don't need them. I haven't run a scanner since 2005 and I haven't done a reinstall of an OS since 2004.

Good for you.

The rest of the internet appreciates you doing your part by serving as one more piece of the botnets, sending us all the spam and DDOS attacks we could ever desire.

[RandoM51]

Ah, the Ravenous Bugblatter Beast of Traal version of virus protection.