This is a guide for virus removal for Windows PCs. If you have a computer/computers that you believe have a virus or have been hacked, here are the steps you must take to protect yourself.
Isolate from the internet
This is the most important step. A lot of functionality is limited if they don’t have a connection.
Make sure the device you believe has been compromised is disconnected from all forms of connectivity. Bluetooth should be off, airplane mode should be on, Ethernet should be unplugged. WiFi should be turned off, and device should be powered down until ready to perform other necessary recovery steps. This will prevent any malware from getting worse, ransomware from progressing, or hackers from sending remote instructions to your computer.
Additionally, immediately boot your computer into Safe Mode (as fast as possible), to prevent malware processes like ransomware from progressing further.
Booting into safe mode (with networking)
Safe Mode is a diagnostic operating mode, used mainly to troubleshoot problems affecting the normal operation of Windows. Such problems range from conflicting drivers to viruses preventing Windows from starting normally. In Safe Mode, only a few applications work and Windows loads just the basic drivers and a minimum of operating system components. This is why most viruses are inactive when using Windows in Safe Mode, and they can be easily removed.bitdefender.com
From Settings app
- Press the Windows logo key windows key + I on your keyboard to open Settings. If that doesn’t work, click the Start windows key button in the lower-left corner of your screen, then select Settings Settings icon.
- Select Update & security Update and security icon, then click on Recovery Recovery icon.
- Under Advanced startup, select Restart now.
- After your PC restarts to the Choose an option screen, go to Troubleshoot > Advanced options > Startup Settings > Restart.
- After your PC restarts, you’ll see a list of options. Press 4 or F4 to start your PC in Safe Mode. Or if you’ll need to use the Internet, select 5 or F5 for Safe Mode with Networking.
From sign in screen
1. Restart your PC. When you get to the Windows sign-in (login) screen, hold the Shift key down while you click the Power icon in the lower-right corner of the screen then select Restart.
2. After your PC restarts to the Choose an option screen, go to Troubleshoot > Advanced options > Startup Settings > Restart.
3. After your PC restarts, you’ll see a list of options. Press 4 or F4 to start your PC in Safe Mode. Or if you’ll need to use the Internet, select 5 or F5 for Safe Mode with Networking.
From system configuration
1. Launch System Configuration in Windows by simultaneously pressing the Windows + R keys on your keyboard. Then write msconfig in the text field and press OK.
2. Switch to Boot tab and, in the Boot options section, select the Safe Boot with Network. Then click OK.
If you have an Ethernet cable, plug the computer in directly.
NOTE: After you finished your work in Safe Mode, please open System Configuration again (step 1) and uncheck the Safe Boot option (step 2). Click OK and restart your machine. Your computer will now boot normally.
3. Windows will tell you that you need to reboot your computer in order for the new setting to take effect. After the reboot, your computer will automatically boot into Safe Mode.
IMPORTANT: You may not have internet because of drivers and Safe Mode
Safe Mode doesn’t load most third party drivers as a precaution. This could lead to the scenario where you can’t access the internet. In this instance, you can use another computer to download the .exe setup file and transfer it with a USB drive. You could even use your phone to download and transfer from your phone with a hard wire.
Use Virus removal tools
AFTER YOU HAVE REBOOTED INTO SAFE MODE I recommend:
- Download Malwarebytes FREE, install and run
(they will push you to buy the premium version, it is unneeded for our usage)
- Download AdwCleaner, install and run
- Download Sophos on demand Scan & Clean. If you want a faster download I’ve mirrored it, but this may be an out of date (3/9/2022) version. This is a ‘second opinion’ scanner that should be run after Malwarebytes.
If you prefer, you can use your own antivirus removal tools.
If you are sure the virus is removed off the device, you can start recovery steps
After removing all traces of Malware
Okay, you’ve restarted your machine. You’ve run Malwarebytes. You’ve run Adwcleaner. You’ve turned off safe mode and now you’re back on the desktop. What now?
Run another virus scan
Seriously, you want to be 100% sure your device is at ground 0 again, especially after a breach. It’s better to be safe than sorry. Now that your device is at a “normal” state, it’s best to be sure some sneaky process isn’t running in the background again somehow.
Change your passwords
Depending on the type of virus, it may be prudent to update the passwords you use for online sites that are important to you. Especially any financial accounts or important email passwords. Trojans frequently exfiltrate passwords as one of the first actions taken upon an infected system.
Check your files
Double check that none of your important files were affected. If they were, this is a great reminder to do a backup! Or at least backup the files that are important to you.
Check antivirus settings
Make sure everything is functioning again and there aren’t any settings turned off from the attack.
Monitor site logins
Watch for site logins (via email or sms) over the next few weeks. If you’ve changed your passwords this shouldn’t be an issue but you can never be too careful.
It helps me if you share this post with anyone who might be interested.
Quick Links to My Stuff
Published 2022-12-10 07:00:00