Cleaning an Infected Windows PC. Part 2
First Steps
As you try to clean a Windows PC you to try to contain the viruses and/or malware so that they will not get any worse. You don’t want infections to get worse as you work on your computer.
So, the first thing that you might do is something called
System Restore
If you are running Windows Vista, you have Run button for System Restore, in windows XP you have System Restore as well.
System Restore is not a backup routine. It restores system configuration, saves previous configuration and you can go back to previous point in time in your computer and see if hopefully that virus can go away as you do that.
A lot of times people install “software” on their computers that turns out to be a virus. Sometimes, if you catch it very quickly, you can do it to the point before the virus was installed and the virus goes away. You still want to do a full cleaning of the computer, but if you can go back before the virus was actually installed, it can make your life much easier.
Again, one of the reasons why it is Ok to try to clean computers on a corporate network or your own computer is that most likely you will get a computer right after the infection happens. I have had it happen with myself: as I was doing a research I was going through the Internet looking for some resources and I saw a virus pop up. So I just was alarmed, and as soon as I was alarmed I did System Restore to three days before, then I went to this virus process and cleaned it all. One of the reasons this worked is because I do this System Restore immediately.
Now, one of the reasons why modern viruses are so evil is that in many cases they are installed on the computers and then try to pull in other viruses, so you get a bundle of viruses at once. That is, you do not just fight one virus. In minute 1 you have one virus, in minute 10 you have 5 viruses, in an hour you have 20 viruses. That is, you are not going to clean 1 virus out, in an hour you clean 20 viruses out of your PC. So, the quicker you do System Restore, the more likely it is that you will be able to eliminate that virus altogether, will be able to reinstall your security software and be able to go on with your data.
Again, if you are at your computer, you can do it very quickly. If you are on a corporate network, employees can go around their infected computers a little bit, but eventually they will call to corporate desk and ask somebody to help so that is not going to be too bad.
The big problem that I have seen as a consultant with people who bring their computers to us is, well, they have started noticing a virus like a month ago, so, you know, if they have not been noticing the virus on a PC for a week or more, again, the chances that you will be able to do anything with that computer are just very bad.
So, the first thing I want you to do is, if you see a virus on a computer, do System Restore to a few previous days. Go to before you think the computer was infected, and that may actually eliminate the virus and you actually can do some scans.
Upon completing System Restore another thing to do is to secure the network that the computer you are working on is using. One of the ways you can do it is by using OpenDNS for your router, DNS service. Basically, DNS, Domain Name Services, is how computers map domain names to IP addresses. If you are going to CNN.com, DNS is what translates CNN in 208.55.66.1, then your computer is able to use this IP address to go to CNN.com.
How are these viruses trying to affect your computer with other viruses? They do something called phoning home. Basically, within their configuration they have domain names, and they try to go to these domain names and communicate to home servers: maybe they try to send data, maybe they try to bring viruses etc. So, one of the things that you can do is try to stop that process.
OpenDNS is a service that tries to block those DNS connections from happening; so basically there is OpenDNS, there are most infected with horrible evil infections servers in the world. When your computer tries to connect to those horrible infected servers, it will refuse and not allow that to happen.
Again, if you do something, like you open up Internet Explorer and you see like 50 popups pop up, so you have caught a porn virus and your home page pops up with porn site, and other 20 websites pop up, then each of these browser windows that open might try to infect your computer. OpenDNS will block those websites from opening, so you will get 20 pages trying to open, but they all will say domain name cannot be found.
Thus you need to plug in OpenDNS to your router and you will have secure network that you are gong to be working on.
The next thing to do is to change password on the computer that you are working on.
Many people nowadays still do not use passwords on their computers. The problem is that viruses can script themselves and can do anything simply by using the name Administrator and blank password. If you do not have a password on your computer, these pieces of software can do things like editing Registry, installing other pieces of software etc. simply because you have no password.
This is the thing to do immediately for a computer you are going to work on. Do not make it uncomplicated, e.g. 1234567 so that virus may know that; do it complicated so that virus should not know it. Again, that will stop the virus from continuing to do damage to your computer.
The final thing is to reset your Internet Explorer settings.
So, you can open Internet Explorer, you have Tools, Internet Options and you can reset configuration. By resetting configuration you do all the security stuff within Internet Explorer: resetting ActiveX Controls, homepage, all that kind of stuff. Therefore, if you have viruses getting on your PC, just reset to previous configuration, and you should be Ok.
These are the first steps you are to take to clean your system. Again, nothing here is too complicated. If you have Windows NT or 7 machine you should be able to do all these things. Another important step to remember is to do System Restore ASAP to try to put yourself two days before the virus infected the computer. Then, use a little secure network that you plug your computer into. I would say, do your little demilitarized zone where only infected computers are, so if you are in a workbench, secure your workbench network so that other computers are not going to infect other computers on the network, so basically you are going to secure that.
And in the router you are going to use OpenDNS, and this OpenDNS will try to block connections when these viruses are trying to phone home and either send data or pull in new viruses. Change the password: if you have a blank password, these nasty little scripts can run freely, and there is nothing you can do about this except changing the password.
Finally, reset your Internet Explorer settings. Again, as we are going further and you are starting to install software and you are trying to download updates and such, if your Internet Explorer has been reset, it can cause a lot of problems.
Those are the first steps you are going to be taking when cleaning an infected Windows PC.
Also Read:
Posted in: KnowledgeBase
Leave a Comment (0) ↓