How to Remove a Virus in Windows - Picking up the pieces
(Page 3 of 4 )
There are two main areas where you need to focus your cleanup efforts: the Windows Registry and leftover files.
We’ll begin by cleaning up those files. You may or may not have found file variations for your virus while researching its processes. If you did, you will save yourself a lot of work in this next step.
Simply find all of the files specified, but do not delete them at this point. Instead, only change their names by adding another .BAK extension or the like. We don’t want to remove them until we’re sure we have the correct files.
If you don’t have a list of possible file names, you’ll need to do a little more work. Pay attention to the file size of your viral processes and search for other files with the same size. This is common in folders such as System32.
If you find other files with matching file sizes and equally obscure names, you’ve probably found another part of your virus. Check the file’s properties and see if there is a manufacturer listed. Also, double check it against the links you got in the last article. You should be able to tell whether or not the file is required by Windows or is suspect.
Once you’re sure a file is suspect, go ahead and rename it. It’s a good idea to have your original Windows CD or some other method of booting available with this step. If you inadvertently rename a needed file, you make your system unable to boot. If this happens, you need to boot with your CD and change back the file name.
Once you’ve renamed all of the files, and successfully rebooted (after the next step), make sure that all of your software and hardware works as intended. If everything is stable, go back and delete those backups.
Next: Removing traces in the Registry >>
More BrainDump Articles
More By Nilpo/Developer Shed Staff Writer
