Leonard Llangozi’s PC showed clear signs of a malware infection. “I don’t know what to do.”
Most people write to me about having a “virus,” but have nothing of the kind. Their problems are caused by failing hardware, badly written software, or their own mistakes. But Leonard’s problems, which included overused RAM and mysteriously disabled security programs, suggested something malicious.
In 2014, I wrote about the telltale signs of infection. This time, I’m going into more detail about what to do if you’re getting those telltale signs.
[Have a tech question? Ask PCWorld Contributing Editor Lincoln Spector. Send your query to firstname.lastname@example.org.]
Boot into Safe Mode
First of all, don’t depend on the antivirus program already installed on your PC. Chances are it’s been compromised.
Instead, boot into Safe Mode with Networking and run a cloud-based malware scanner. Safe Mode reduces the likelihood that the malware can interfere.
If you don’t know how to boot into Safe Mode, read my directions for Windows 7 and 8.1, or my separate directions for Windows 10. Remember to pick the option for Safe Mode with Networking.
Scan and clean
Once you’re in Safe Mode, launch a browser and the ESET Online Scanner. Then try Trend Micro’s HouseCall.
Need something stronger? Malware designed for Windows is crippled in another OS, so try a Linux-based malware cleaner, booted from a DVD or a flash drive (See Chris Hoffman’s beginner’s guide for more information on Linux boot drives). I recommend either ESET SysRescue Live or Kaspersky Rescue Disk 10.
Malware authors are evil, but they’re not stupid…or lazy. They will use every trick in the book and invent new ones to stay on your PC. For that reason, there’s a legitimate argument that once a PC has been compromised, you should go the full nuclear route.
Starting over with a clean slate
First, back up your data files on external media. Then securely wipe your hard drive or SSD. Darik’s Boot and Nuke does a good job for hard drives. For an SSD, go to the drive manufacturer’s website for specific instructions. This will probably involve downloading a special program.
If you have an image backup made before the infection, restore from that. Then copy your data files back to the newly-restored drive.
Otherwise, on another computer, download and prepare installation media for Windows 7, Windows 8.1, or Windows 10 (click the Download tool now button). Boot from that media and install Windows.
Finally, follow my advice for setting up a new PC. That article is specific for Windows 10, but the general advice would work for any version.