Why are computer viruses created?
For the same reason that anybody develops any other application; to see a piece of code serve an efficient purpose and to gain an income.
With Windows owning the largest share of the consumer desktop market space it is a no brainer which OS most viruses will be written to target. So, if you hang around the Windows operating system long enough, you will be sure to get hit with some sort of malicious code designed to cause harm to your system or harvest your personal details for profit. If you are lucky, the virus will have been written to cause your computer harm and will display itself out in the open immediately. If you are unlucky the virus will hide itself, slowly transmitting personal information to Russia or Asia.
Don’t Accept a Format & Repair
Through customer feedback I constantly hear of other professionals in this industry charging premium rates to provide substandard removal services by:
- Backing up data
- Formatting the drive containing the culprit
- Re-installing the operating system
- Restoring data
- Returning computer with factory OS and no software
From the last case reported to me, the above was charged at a 1 hour rate for each of the steps 1, 3 & 4. How can one honestly charge $240 to remove a singular piece of malicious code and return a blank OS?
If you are not willing or capable of doing the removal yourself, don’t expect to get away from paying a premium price; just expect to get a premium service in return. I am a firm believer of non-destructive methods of repair & believe these methods to be the premium service that you should receive if shelling out the $$$’s. You should always get your OS back exactly as it was before the virus infection.
DIY Removal & Avoidance
Almost ALL repairs that get to the stage where they are brought through the shop are caused by having antivirus software with out of date virus definitions. If you plan on downloading dubious content or browsing sites that you know you shouldn’t, make sure that you update your virus definitions first & perform a system scan afterwards. If you don’t have some sort of protective software, you may as well post all of your personal details in the comments section below.
I don’t like spending money; as you can probably deduce that means that I like free stuff. If you are a cheap as me and you want to do the removal yourself, get hold of some free software to do it for you. I like Malware Bytes for the grunt work needed to find and remove an infection & AVG Free to keep it that way.
Sometimes a virus will purposely disable virus scanners from running. This type of virus will normally block internet traffic to virus protection websites and redirect you to a malicious website instead via a rootkit. If this is happening to you, there is no option but to perform a manual removal. If you want to or need to do the removal manually:
Malicious code runs with the same constraints as any other piece of code on a Windows operating system. In order for the code to do things it needs to execute. When code is being executed, it is visible either as a process or a service or a highjack of one of the two. This makes malicious code fairly easy to spot if you are aware of the things that should be present vs the things that should not.
- Identify the infected process or service with the computer booted to the infected OS.
- Look for the execution point that the virus uses to get started each time your computer is started with msconfig.exe (Services & Startup items). Look through the list and if you need to Google each entry to find out if it is safe (you will not be the first infection). Remove entries that are not safe.
- A virus will try to protect itself by using a running process and a watcher process. If you try to stop & then delete the running process, the watcher will re-create running process. You need to boot to a PE environment or any other parallel OS to remove the EXE; this way the watcher process can not be running. Delete all files that were identified above.
- Restart the computer into the infected OS and look for any entries with msconfig that have been re-created
- Check task manager for any suspect running executables. Once again if you are not sure if something should be there or not Google it.
- Back to your chosen parallel OS to remove any more identified files
- At this stage, if the virus stopped you from browsing to internet sites, this will still be the case. Now though you should now be able to launch a virus / malware scanner again. Check how well you did by running a virus scanner over the OS and letting it pick up the rest of the scraps.
- If you are using Malware Bytes, it will most likely repair the blocked or redirected website rootkit. If it doesn’t and you happen to be one of the first infections, turn your computer off and wait for a couple of days until the virus definitions are updated. Or get in touch with them to provide a sample of the infection.
Booking a Virus Removal
We provide virus removal services so long as you can get your infected drive out of your computer to post it to Cairns, Queensland. If you are within the Far North Queensland area we may be able to provide onsite services. Email us or call 0408 741 128 for a price and to have the job done properly the first time.