The tech helper: Removing stubborn viruses (Feature)

By Jay Dougherty Aug 9, 2010, 3:06 GMT

Washington - If you're a technology fan, you probably try out a lot of software, visit a lot of web sites, and have your share of externally-connected drives. And eventually, you'll fall prey to a computer virus or worm that you cannot eradicate. What can you do if that happens to you? Read on for some answers.

Q: I run Microsoft Security Essentials antivirus software on Windows 7. Recently it has been telling me that my computer is infected with Win32/Rebhip.A. I tell the program to remove the virus, and it succeeds. But the message that my computer is infected keeps re-appearing. How can I get rid of this virus?

A: If standard antivirus scans and automated removal attempts do not get rid of a virus, you will have to get a bit more aggressive. Start by doing some research on the virus that has infected your PC.

Rebhip.A, it turns out, is a self-propagating virus that is spread over unsecured shared drives on networks and from removable USB drives. That means that while your antivirus tool may be getting rid of a current instance of the virus, if its source is not eliminated - or if it has inserted an entry into your Windows registry which causes the virus to be re-deposited on your system - you could be facing a Sisyphean task of continually removing the virus, only to be infected once again when you restart your computer.

There are two steps that may help you get rid of this or any stubborn virus. First, search a trusted site on the Internet to see whether there are any manual removal instructions. Occasionally there are. If the manual fix involves removing entries from the Windows Registry, get an overview of the Registry and know what you're doing before you attempt the fix. You'll find good resources and explanations of the Registry and how to edit it at the Microsoft Support site (http://bit.ly/12x5y0).

Be sure, too, that any online instructions for removing a virus manually are from a trusted source. There are plenty of web pages put up by unscrupulous vendors of malicious software who attempt to get you to download their tools in order to eradicate a virus. Do not download any new tool, especially from a vendor you've never heard of. If you find manual removal instructions from a reputable source, print them out.

Next, reboot your Windows 7 computer in Safe Mode, which is a special diagnostic mode that loads only essential drivers and disables all network connections, including the internet. To start in Safe Mode, press and hold down the F8 key as the initial bootup messages appear on your screen and before Windows begins to load. You should soon see a text menu that allows you to select Safe Mode.

Once Windows 7 has started in Safe Mode, initiate any manual removal instructions. When you're finished, launch your antivirus scanner, and allow it to do a full scan of your machine. The goal here is of course to eradicate all traces of the stubborn virus and - because you're not connected to the internet nad have bypassed any Registry entry that loads the virus automatically - not give it a chance to re-infect your system.

Q: I believe a very bad virus has infected my Windows computer. The machine is suddenly very slow to boot, and when I launch Internet Explorer, a lot of additional browser windows appear - so many that my computer is unusable. What can I do?

A: Try booting your computer in Safe Mode, as described above, and running a complete virus scan using a reputable antivirus tool. If the virus has rendered your PC virtually unusable, then it is going to be difficult for you to access the internet to get the latest virus signatures from your antivirus maker, but you should try. If that fails, hopefully you've been using an antivirus tool that keeps itself up-to-date.

If the safe-boot virus scan does not help, it may be time to try Plan C, which is to reinstall your operating system and all of your applications. This is never a pleasant chore, but sometimes it's the only sure way to get back to a clean system in a case where a virus renders your PC all but unusable.

Before re-installing everything, make sure that you back up your critical data files. You can do this in Safe Mode by plugging in a USB drive to your PC and either manually copying files you know you need or, if you're using Windows Vista or 7, employing the Easy Transfer utility to copy your essential files.

In either case, Safe Mode is your route to sanity. Loading Windows in Safe Mode will cut off your internet connection and, most likely, the virus's ability to load automatically and start wreaking havoc. Safe Mode will give you the time to do a virus scan and, if that fails, to copy your essential files so that you can prepare to start over.

Q: My son always seems to have viruses on his computer. I never do. What is it that could be causing this? =

A: Most viruses today are contracted over P2P (peer-to-peer) file sharing networks. Programs that provide access to such networks, including BitTorrent and LimeWire, are popular with kids and young adults. Also popular distribution sources for viruses are gaming sites and porn sites.

Be aware of what your son is installing on his PC and which sites he is visiting, especially if his computer is connected to other household computers via a household wireless network, since one infected computer in a connected household can mean trouble for everyone.

--- Have a tech question? Send it to jaydougherty.dpa@gmail.com.