I think I have a virus in my computer. When I insert a floppy into the A: drive and the floppy is used on another computer,
that computer either then gets the virus or the anti-virus software on that computer reports that there is a virus trying
to get access/control of the computer. How can I get rid of the virus?
-- Raees Khan
The first thing is to isolate the computer (no more trading floppies until you're done) and then begin to disinfect it.
One of my favorite tools, as you can see from previous columns, is Knoppix. The great thing about this Linux distribution is that you don't have to know anything about Linux in order to be able to use it. Download the latest copy of Knoppix and burn it to CD from another computer that is virus free to the best of your knowledge. Turn on the "infected" computer and open the CD-ROM drive as soon as you can. Depending on how quickly you can get this done, you may need to reboot the computer to get it to boot from the Knoppix CD.
If you still have a problem getting the computer to boot from the CD, go into BIOS and make sure that the CD-ROM is in the boot order so that it gets seen before the hard drive. If there is anything important that you cant easily recreate, take a moment using Knoppix to back those files to a flash drive so that you can still have them if parts of the drive or some of the files become damaged during the virus removal process.
Once you can get Knoppix to boot, go into the menu and look for the anti-virus software that is installed. Depending on the version of Knoppix that you have, it could be Clam AntiVirus or something similiar. Run the anti-virus software and before doing anything get the latest signature files downloaded. After the signature files are downloaded, run a file level clean on the computer. Depending on how infected your computer is, this could take a while. Once this completes, remove the Knoppix cd from the drive and reboot the computer, allowing to go into Windows. Try at least one other anti-virus software package and make sure that it comes up clean with no viruses being reported.
Once you don't have any viruses being reported, it's time to run some anti-spyware software. I'd try at least three - each will find different bad apps. Run each one of them, one at a time, until they don't report any problems. Once you have gone through each of the removal tools, go through each of them again.
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (9)
I disagree...By Anonymous on April 14, 2008, 11:15 amIn any article on cleaning a compromised PC, I strongly suggest including a statement that the only way to truly clean an infected machine is to reinstall the OS....
Reply | Read entire comment
Essential PracticeBy Anonymous on April 14, 2008, 12:23 pmInstead of wasting all of this time, and still not knowing if you have a 100% clean system. All data should be copied from the device, and the drive should be reformatted,...
Reply | Read entire comment
re-formatting or reinstalling the o/s does not guarantee a cleanBy Anonymous on April 14, 2008, 7:07 pmTo those who jump to the - it takes too much time to get to the root source of the infection so reformat, oh btw move the data files ,,, That is a shotgun approach...
Reply | Read entire comment
why keep that system running?By Anonymous on April 15, 2008, 8:43 amWhy not look into the Knoppix LiveCD, and if it meets (or nearly-meets) your needs, consider a Linux distribution to replace the virus-prone Windows OS? There is...
Reply | Read entire comment
is there any way to recover non-bootable drive ?By Anonymous on April 18, 2008, 5:49 amIs there any way to repair or recover virus affected non-bootable drive ?
Reply | Read entire comment
windows virus?By Anonymous on April 21, 2008, 9:32 amthis is to clean MS windows viruses right? there are no harmful virus for osx, linux, unix, bsd?
Reply | Read entire comment
View all comments