No matter how many times you run a virus scanner, they do not always remove a virus. This is because the virus you are trying to remove has the ability to tuck its self away in memory and reinstall after the virus scanner removes it. This can be very frustrating when trying to clean your system to make it run as it should.
Can the Virus still be Removed?
If you are wondering if the virus can be removed, then the answer is yes. I have yet to come across a virus that I haven’t been able to remove (even though some took a few hours to rid)… yes I am persistent . This tutorial will take you through the steps I use to get rid of a pesky virus which refuses to remove. Of course you are welcome to post a question in the comments below should you not be able to rid your PC of a virus and we will provide help as needed.
Using Windows Safe Mode to Remove the Virus
If you are having problems removing a virus then a good way is to use the windows safe mode which is a cut down version of Windows in a way that only the essential modules are loaded. Features such as sound, video drivers and all other software extra does not load in to memory by default. What we are hoping for is that a virus also does not load in to memory as you are bypassing the regular boot sequence. To load up safe mode you need to tap F8 when you first switch your PC on. When you do this a menu will show up early on in the boot sequence you can select start windows in safe mode. Once loaded up you will get your regular username and password prompt and you can log right in. You will notice the icons are large and there isn’t much screen space. This is due to only the basics of the Windows OS loading up.
How to Remove the Virus
Now you are in safe mode, you need to run your virus scanner on the whole drive. This time you should find that all virus’s are removed, and because none were loaded in memory, you shouldn’t have any rogue viri automatically reloading.
Once the virus scan is complete restart the PC the normal way and boot up in to Windows the normal way. Once logged in it is wise to do another virus scan to see if your PC is finally rid of the virus.
What if the Virus still does not Remove?
I find that the majority of pesky self installing viri do remove after using the safe mode trick. However, there are still a number that are devious and need a good kick. What I find is best to do is first check your add/remove programs from the file manager and see if anything weird is installed. If so, remove it. Then do a search for the virus you are infected with and see if there are any removal tools available. Follow the instructions step by step from the removal tool website to remove the virus.
If you find you still cannot remove the virus then drop a comment below with any details you have and we will work with you to clean your system.
{ 14 comments… read them below or add one }
Greg 04.26.08 at 9:30 am
Im Reading Your Tutorial, I’m Gonna Try Your Advice..
Christina 06.06.08 at 7:04 pm
when i run my virus scan in safe mode, i am getting a bunch of files that have “<>” at the end of them. what is this?? also, the virus DOES show up in safe mode and when i look in my ADD/REMOVE programs, i see nothing strange. then again, i don’t know what to look for. any advice??
Matthew 06.11.08 at 9:54 am
Christina,
Which anti virus software are you using? The <>’s sounds a bit fishy to me.
For the add/remove programs section, you are looking for anything like a “dialer” or just anything you do not remember installing. If you are not sure then feel free to post a list in a comment here or over on the forum and I will let you know the bad apples.
Jay`e 06.29.08 at 11:31 am
June 29th 2008 12:24pm
I have tried this step by step virus removal through safe mode and through Dos and still I wasn’t able to remove it. I have removed countless amounts of viruses in the past this very same way but this one particular virus I haven’t been successful with. Mal Warrior upon research is a membor of the Trojan Horse family that attacks the web/search browser, Automatic updates on your firewall/anti-virus security, Windows & Microsoft Updates and disables your add remove programs if left un attended to for a long period. Spyhunter, I feel is part of that virus as well that attacks your internet explorer and registery. Once you click on the internet, it then floods your task manager causing the system to freeze soon after. This is a friends machine that I wanted to play with before dumpin the HDD and reloading the OS. Any suggestions? Type of Virus protection, AVG 8.0 FREE and Ad-Aware
Matthew 06.29.08 at 11:52 am
@Jay`e… Let me go research this and get some details back to you with in the next 24 hours. It does sounds like a sucky virus you have there :S Hopefully I can find the source of the problems and have some instructions out soon
Matthew 06.29.08 at 12:03 pm
From what I can find on the internet (I didn’t fancy getting the virus my self to test with
but can if needed), there are 2 processes that run.
What I suggest you do is start in safemode still and then open up the task manager and kill the 2 processes named malwarrior.exe and mwlauncher.exe (assuming the still load in safe mode).
Then search the whole drive for these 3 files (and any duplicates in other folders)… and delete them.
malwarrior.exe
malwarrior.url
mwlauncher.exe
Open up the registry and remove the following values…
HKEY_CURRENT_USER\software\adsl software limited\malwarrior 2007
HKEY_CURRENT_USER\software\adsl software limited\malwarrior 2007\4.0
HKEY_CURRENT_USER\software\adsl software limited\malwarrior 2007\4.0\config
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\malwarrior 2007_is1
If the file is the 2007 version of the virus (the instructions above are for the 2008 version I believe) then you could look at following this tutorial found over here… http://www.411-spyware.com/remove-malwarrior-2007
Let me know if that helps
Martin 08.29.08 at 10:01 am
Hi
What if the virus has prevented you from running safe mode. I can see some suspicious files but can’t run safe mode to delete them.
Thanks
Matthew 08.29.08 at 10:21 am
Can you post where your PC locks up when trying to boot in safe mode. The only times I have not been able to get in to safe mode was when I didn’t shut down properly. Once a scandisk had run I could then boot in to safemode.
normzie 10.31.08 at 2:02 am
there’s this uber-pesky virus/malware on my computer. it prevents me in opening yahoo messenger, windows media, command prompt etc. when you click one of those, bunch of cmd windows open up, showing like its replicating. the virus is also a bit smart, it removed folder options, took over the admin account even on safe mode so it won’t let me open regedit and task manager. I found the virus running on startup but when I disable it, it just comes back as enabled. since command prompt is affected, i can’t do anything even on safe mode. please help my doomed computer…
Matthew 10.31.08 at 6:51 am
That sounds like a nasty virus normzie. Do you have the name of the virus that you could share? I will then research it for you and let you know how to rid. It could be something along the lines of using the recovery console rather then safe mode which is a bit tricky, but not bad if you follow instruction
Matt 11.13.08 at 5:05 pm
What if you have no anti-virus or anything installed? And say the virus wont allow for a normal boot, only safe mode.
Matt 11.13.08 at 5:11 pm
Oh and the virus I believe is: brastk
Matthew 11.14.08 at 9:02 am
If you can get in to safe mode I would try booting in to safe mode with networking. That way you can then download something like AVG and install in safe mode, scan in safe mode and see if it will clean up the system that way.
Also check various locations such as the startup folder to see if any programs are loading that shouldn’t be.
Download a spyware scanner such as AdAware and run a full scan with that in safe mode.
Also load up MSConfig.exe and see what programs are set as services to start up. If any look fishy then uncheck them.
The idea is to get rid of anything that is automatically loading that shouldn’t be.
http://www.techasis.com/speed-up-your-pc-with-ms-config-03123825/
That tutorial talks about removing general stuff that’s not needed while booting up, but it also applies to any weird programs too.
Let me know if that sorts it for you.
Matthew 11.14.08 at 9:18 am
@Matt - Take a look at this brief tutorial I just made which might help you…
http://www.techasis.com/how-to-remove-brastk-11141758/