Virus Removal in Safe Mode

Virus_RemovalNo matter how many times you scan your PC, full virus removal doesn’t always work as you would hope for. This is because the virus you are trying to remove has the ability to tuck its self away in memory and reinstall after the scanner removes it. This can be very frustrating when trying to clean your system to make it run as it should.

Can Virus Removal be Successful?

If you are wondering if the infection can be removed, then the answer is yes. I have yet to come across an infection that I haven’t been able to remove (even though some took a few hours to rid)… yes I am persistent . This tutorial will take you through the steps I use for virus removal. Of course you are welcome to post a question in the comments below should you not be able to rid your PC of an infection and we will provide help as needed.

Using Windows Safe Mode to Remove the Virus

If you are having problems removing a virus then a good way is to use the windows safe mode which is a cut down version of Windows in a way that only the essential modules are loaded. Features such as sound, video drivers and all other software extra does not load in to memory by default. What we are hoping for is that a virus also does not load in to memory as you are bypassing the regular boot sequence. To load up safe mode you need to tap F8 when you first switch your PC on. When you do this a menu will show up early on in the boot sequence you can select start windows in safe mode. Once loaded up you will get your regular username and password prompt and you can log right in. You will notice the icons are large and there isn’t much screen space. This is due to only the basics of the Windows OS loading up.

How to Remove the Virus

Now you are in safe mode, you need to run your virus scanner on the whole drive. This time you should find that all virus’s are removed, and because none were loaded in memory, you shouldn’t have any rogue viri automatically reloading.

Once the virus scan is complete restart the PC the normal way and boot up in to Windows the normal way. Once logged in it is wise to do another virus scan to see if your PC is finally rid of the virus.

What if the Virus still does not Remove?

I find that the majority of pesky “self installing viri” do remove after using the safe mode trick. However, there are still a number that are devious and need a good kick. What I find is best to do is first check your add/remove programs from the file manager and see if anything weird is installed. If so, remove it. Then do a search for the virus you are infected with and see if there are any removal tools available. Follow the instructions step by step from the removal tool website to remove the virus.

If you find you still cannot remove the virus then drop a comment below with any details you have and we will work with you to clean your system. Alternatively you can start a thread in our forum to receive free help over there.

Comments

    • josh says

      its like up my when i start my laptop everything is slow and hard to click on anything n if the page loads up am stuck. am tryn everything u wrote but nt working

      • Matthew says

        Does your laptop have a virus? or is it perhaps just underpowered? What OS are you running and how much RAM have you got?

      • Gurnam says

        its not because of virus my friend may be ur computer or laptop system problem plz try to clean up and defragment ur mechine and see !

  1. Christina says

    when i run my virus scan in safe mode, i am getting a bunch of files that have “<>” at the end of them. what is this?? also, the virus DOES show up in safe mode and when i look in my ADD/REMOVE programs, i see nothing strange. then again, i don’t know what to look for. any advice??

  2. Matthew says

    Christina,
    Which anti virus software are you using? The <>‘s sounds a bit fishy to me.

    For the add/remove programs section, you are looking for anything like a “dialer” or just anything you do not remember installing. If you are not sure then feel free to post a list in a comment here or over on the forum and I will let you know the bad apples.

  3. Jay`e says

    June 29th 2008 12:24pm
    I have tried this step by step virus removal through safe mode and through Dos and still I wasn’t able to remove it. I have removed countless amounts of viruses in the past this very same way but this one particular virus I haven’t been successful with. Mal Warrior upon research is a membor of the Trojan Horse family that attacks the web/search browser, Automatic updates on your firewall/anti-virus security, Windows & Microsoft Updates and disables your add remove programs if left un attended to for a long period. Spyhunter, I feel is part of that virus as well that attacks your internet explorer and registery. Once you click on the internet, it then floods your task manager causing the system to freeze soon after. This is a friends machine that I wanted to play with before dumpin the HDD and reloading the OS. Any suggestions? Type of Virus protection, AVG 8.0 FREE and Ad-Aware

  4. Matthew says

    @Jay`e… Let me go research this and get some details back to you with in the next 24 hours. It does sounds like a sucky virus you have there :S Hopefully I can find the source of the problems and have some instructions out soon :)

  5. Matthew says

    From what I can find on the internet (I didn’t fancy getting the virus my self to test with ;) but can if needed), there are 2 processes that run.

    What I suggest you do is start in safemode still and then open up the task manager and kill the 2 processes named malwarrior.exe and mwlauncher.exe (assuming the still load in safe mode).

    Then search the whole drive for these 3 files (and any duplicates in other folders)… and delete them.
    malwarrior.exe
    malwarrior.url
    mwlauncher.exe

    Open up the registry and remove the following values…
    HKEY_CURRENT_USER\software\adsl software limited\malwarrior 2007
    HKEY_CURRENT_USER\software\adsl software limited\malwarrior 2007\4.0
    HKEY_CURRENT_USER\software\adsl software limited\malwarrior 2007\4.0\config
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\malwarrior 2007_is1

    If the file is the 2007 version of the virus (the instructions above are for the 2008 version I believe) then you could look at following this tutorial found over here… http://www.411-spyware.com/remove-malwarrior-2007

    Let me know if that helps :)

  6. Martin says

    Hi

    What if the virus has prevented you from running safe mode. I can see some suspicious files but can’t run safe mode to delete them.

    Thanks

  7. Matthew says

    Can you post where your PC locks up when trying to boot in safe mode. The only times I have not been able to get in to safe mode was when I didn’t shut down properly. Once a scandisk had run I could then boot in to safemode.

  8. normzie says

    there’s this uber-pesky virus/malware on my computer. it prevents me in opening yahoo messenger, windows media, command prompt etc. when you click one of those, bunch of cmd windows open up, showing like its replicating. the virus is also a bit smart, it removed folder options, took over the admin account even on safe mode so it won’t let me open regedit and task manager. I found the virus running on startup but when I disable it, it just comes back as enabled. since command prompt is affected, i can’t do anything even on safe mode. please help my doomed computer…

    • says

      You may be infected with a RAT (Remote-Administration-Tool or Remote-Administration-Trojan.) A software is used to create a “stub”, (a program or file masking as something harmless) which is then spread through downloads claiming that the program is something that you want. Say you want to download Skype for example. The person would name the file something along the lines of “Skype_Installer.exe”, when in reality it is a virus. A RAT stub is classified as a “Trojan.Dropper” to most antivirus. It is not like most other viruses, as a user has to control the virus, telling it what to do based on what you do in response. This may be why the virus is “smart”.

      If you want to learn more about what a RAT can do, and to see if your case shows any of the signs of infection, you can check out these articles.

      http://en.wikipedia.org/wiki/Remote_administration_tool
      http://searchsecurity.techtarget.com/definition/RAT-remote-access-Trojan

  9. Matthew says

    That sounds like a nasty virus normzie. Do you have the name of the virus that you could share? I will then research it for you and let you know how to rid. It could be something along the lines of using the recovery console rather then safe mode which is a bit tricky, but not bad if you follow instruction :)

  10. Matthew says

    If you can get in to safe mode I would try booting in to safe mode with networking. That way you can then download something like AVG and install in safe mode, scan in safe mode and see if it will clean up the system that way.

    Also check various locations such as the startup folder to see if any programs are loading that shouldn’t be.

    Download a spyware scanner such as AdAware and run a full scan with that in safe mode.

    Also load up MSConfig.exe and see what programs are set as services to start up. If any look fishy then uncheck them.

    The idea is to get rid of anything that is automatically loading that shouldn’t be.

    http://www.techasis.com/speed-up-your-pc-with-ms-config-03123825/

    That tutorial talks about removing general stuff that’s not needed while booting up, but it also applies to any weird programs too.

    Let me know if that sorts it for you.

  11. Hariharan says

    Hi. my system is affected with sality virus. it doesnot allows me to enter safe mode. it disabled registry editor and task manager. It closes any antivirus applications window as soon as it is opened. please help me to get rid of this virus.

  12. MOmar says

    My computer makes a big noise after turning it on, and it crashes after a few minutes, I don’t have time to do anything about virus removal. Put it in safe mode and run McAffee but it only scans a few item then crash again. what could be the problem and what can I do?

  13. Ami says

    Hi Matthew–I’m having the same problem as Martin above. My computer freezes before it goes into safe mode and theres nothing I can do but shut it off eventually. I press f8 and get this blaring beeping noise and then most of the time, I get the screen where I can choose safe mode. Then the screen goes black and there is a small “safe mode” sign in all four corners of the screen. Sometimes this screen eventually gives way to the log in screen where I select my username and I am told that my profiles are loading…only to go back to the black screen with the safe mode signs in the corners. Nothing happens after this point. Any advice?

  14. Matthew says

    @Momar Have you opened up your PC (be careful ;))… switch it on with the side panel off and see if the processor fan and other fans are moving. If they are not moving then I suspect it is overheating and shutting off automatically.

    @Ami are you trying an admin username and password to log in with? If so and it still doesn’t work then try running chkdsk (or scandisk) when logged in normally. I have seen problems before where safe mode doesn’t work if the drive is tagged to be checked.

  15. reverb says

    When i try and run safe mode, after about 40-50 seconds, it seems to trip the power, and reboot.

    I am struggling to remove the win32.zefi.b virus. AVG is working on it, but i want to run the scan in safe mode to be sure of getting it (like you suggest).

    Any ideas?

    Reverb

  16. Matthew says

    @reverb If it’s struggling with safe mode then another option (that I haven’t personally tried) would be to switch the drive to another machine (as a slave) and then scan it from there. Maybe perform a scandisk and various virus scans, spyware scans etc…and then try booting again from it.

    It’s not a method I have tried though so I am not sure if it will work or not. If it has boot issues after you should be able to run the XP repair CD to get it up and running but I doubt that will be needed.

  17. jess says

    I have the same problem with many above. 2 of my computers got affect with these virus. One of them give me a blue screen when I try to go into safe mode, and another one restart itself after a few seconds when i try to load safe mode. This virus make my window run real slow, disable task manager and regedit, disable my virus protection, etc.
    I tried using BartPE to boot up and run many of anti-virus, for example SpyBot. But as many time as I run SpyBot it detect the same virus after I remove them (mostly the changes in registry).

    I saw a post with the same issue, but no luck in finding the answer. If you have any ideas, I would be so glad to try:
    http://www.techsupportforum.com/security-center/general-computer-security/276834-hiden-process-unknown-virus-disable-reg-edit-network-etc.html

    Thank you in advance.

  18. Matthew says

    @Jess Do you have a 3rd PC, or access to another PC where you can slave your drives to? If so then I would scan them that way.

    An alternative method could be to run the XP repair tool and see if that manages to fix things. This is also a method I have not tried.

    Jess, if you know the name of the virus can you post it here? I will see if I can track a removal tool for it.

  19. Gabrielle says

    Help please!
    Someone in my office allowed a Rogue virus to take over the main network pc. We are a small office – only 3 computers. I began removal with the Norton system scan which found 4 high risk threats. It completely resolved 2 and the other 2 required a restart. After restarting, window boots and displays the logon screen. Once I logon with the password, I am instantly logged off again. I have tried starting in SafeMode with and without networking but the same thing happens, even when attempting to logon as the administrator. Wiping this hard drive will force us to loose our Quickbooks data – not a great thing for us. How can I get in and remove this virus?? Thanks!

  20. Matthew says

    Gabrielle, are you able to lose anything else on the drive? If you were to reinstall a fresh copy of Windows on your computer without formatting and over the top of the current install then the Quickbooks data should be kept safe. Just make sure you do not choose to format the drive when doing the reinstall.

    That’s worst case though. I have seen similar happen on a computer before and was able to use the recovery console to fix the problem. The recovery console can be found on the Windows CD. Would you like me to create some instructions on how to fix the problem with the recovery console? There’s a couple of things that might be wrong so it might take a couple of attempts to fix, but all should be ok.

  21. Mike says

    Matthew,

    I have a lap top with Vista OS that appears to have picked up something nasty. The machine will not boot and when I attempt to start in safe mode, I get a message like the following:

    0% complete, 0 of 3 updates
    Do not restart your computer

    I also tried the recovery environment without success.
    Can I run virus scans in MS-DOS? I think I can get a DOS shell open from the F8 menu.

    Thanks very much for your help.

    Regards,

    Mike

    • Matthew says

      Mike – The 0 of 3 updates is an ok message to get in my experience. How long have you left it on that screen before forcing it to reboot? I’d suggest leaving it a few hours or so (if it takes that long). All it appears to be doing is installing the latest windows updates that it has downloaded.

      Let me know if leaving it for a while on that screen fixes it. You should see progress on the 0% complete. It might take sometime though if the laptop has been rebooted mid update.

  22. Mike says

    Matt,

    Thanks for your reply. I think we’ve tried that, but will do so again to be sure. I should have mentioned that the same message appears when trying to boot normally. The machine just keeps restarting every 5-10 minutes.

    Regards,
    Mike

  23. Mike says

    Matt,

    I confirmed the computer just continues to try to reboot while displaying the windows update message and does the same thing when trying to enter safe mode. In other words, the safe mode menu comes up, but it doesn’t actually enter safe mode. The Recovery Envrionment doesn’t do much either.

  24. Matthew says

    There are a couple of things you could try here. If you have another machine you could take the Vista drive out of the broken machine and put it as a slave in another machine. Once in there, boot up and then run chkdsk/scan disk on the drive and see if any errors are reported and fixed. Once checked (may take a couple of hours) put it back in the original machine and try boot again.

    The other option is to take out 1 bit of hardware at a time. Maybe one of the latest Windows updates broke the USB controller. Take out the keyboard and mouse (if USB) and switch the PC on without them. If it works then put them both back in and the drivers should re-initialise. The last part would be to take out memory modules 1 at a time and the sound card etc… to try get to the hardware that it doesn’t like. If that works you can then look for updated drivers for the motherboard or soundcard etc… install and then put the cards back in.

    Let me know if that helps :) If not I’ll get thinking some more.

  25. John says

    Trying to rid a PC of Virtumonde. I’ve run all PCTools SpyWare Doctor and Spybot Search and Destroy. They removed most of the infections. However, there are a couple of registry entries in the HKLC/Software/Windows/CurrentVersion/Run calling the following dll files: yaredize.dll and barihuye.dll. I can delete these entries and refresh and the entries are right back in the same place. I’m doing this in safe mode. They also show up in msconfig under the startup area. I can uncheck them there and after reboot there are new entries for them when I run msconfig again. Any ideas?

  26. Mike says

    Matt,

    Thanks. I think I’ll try the first option. However, my second machine runs XP and not Vista. Is this a problem? Is the drive pretty simple to remove?

    Mike

  27. Matthew says

    @John Let me look in to this. There must be some other process or infected file allowing these to be auto created on booting up. I’ll see what I can find.

    @Mike It should be ok Mike.

    Sorry for the late replies to the questions. I’ll endeavour to speed up going forwards :)

  28. Matthew says

    @John I just created http://www.techasis.com/how-to-remove-virtumonde/ to go through the basics I would use to tackle the Virtumonde virus. If the instructions do not work (I am unable to test with out infecting my own computer) then hopefully comments from people who come across the article can post their findings and with a group effort we can get to the bottom of this.

  29. Andy says

    Hi
    My brother picked up an annoying Virus that (at first) wouldn’t let me load past the login screen, it would just freeze. After starting through safe mode i managed to rid of some of the viruses (trojans) with the Anti-virus program then it told me to reboot, i did so, then i was able to get past the login screen, but now, as soon as the desktop appears everything just freezes. mouse cursor, start button, you name it, its frozen.

    I went back to safe mode, repeated the process and managed to find another trojan it didnt pick up the first time. Unforunately removing that virus didn’t do the trick, the desktop still freezes and the anti-virus is unable to find any more threats. Any suggestions on where this virus could be?? Ive scanned through my programs but didnt see anything unusual, but then again i dont really know what im looking for. Help please!!

    • Matthew says

      @Andy. Do you know what the name of the virus is that cannot be removed? Sometimes I find that searching in google for “virusname” removal tool can help find something to remove a specific virus. AVG sometimes do tools that are dedicated to getting rid of just 1 virus.

  30. Owen says

    Hi,
    My computer seems to have the Haxdoor virus. I am running Norton and it says my system is secure however I am unable to get into my emails and regedit will not load. I don’t even get any messages just nothing happens so I am unable to remove the lines from the registry? Is there a way of fixing this which doesn’t cost a lot of money?
    Thanks

  31. Matthew says

    @Owen. I believe there is a way to fix it. Can you confirm 1 quick thing for me? When you right click on the task bar (bar at the bottom of the screen), are you able to load Task Manager? or is it greyed out? If it’s greyed out then I believe I know the cause of the regedit problem.

  32. Owen says

    Actually the task manager loads alright however in the processes screen each item keeps flickering and moving around.
    Also the home page has changed to ask.com which I certainly haven’t changed.
    Does this help?
    Thanks

  33. Matthew says

    Ok, that’s good that the task manager loads. Items moving around is normal as you probably have it set ordered to memory size, so as each program is used it jumps to the top. No worries there.

    It’s interesting how the home page switched to Ask though and that might have been switched by a rogue program.

    For removing Haxdoor I have read elsewhere that this program will fix it for you…

    http://www.atribune.org/downloads/HSFix.zip

    Download this zip file to your desktop, reboot in to safe mode, unzip the contents of the zip file on to the desktop and run the bat file included within. Icons will disappear as well as the task bar. When finished you can reboot and see if all returns to normal (ie, can you load up your registry etc…). I’d also (before running the bat file) load up IE, change the homepage to google and store it so that it gets rid of ask.

    I have not verified this method but reports seem to indicate all will be ok for you.

  34. Owen says

    Ok that’s great, I’ll give that a try and let you know how it goes. Thanks very much for your help.

  35. Owen says

    No problem, thanks for your help. There are no virus messages coming up anymore, it just won’t let me into regedit at all. I’ve followed all instructions to enable editing and when I click on it nothing happens. If I can get into it then I can see if there are any traces left of the virus. I think there must be if I am still unable to get into it.
    Thanks

  36. Matthew says

    Owen, it seems like your virus must be gone then. To fix regedit you could try loading up gpedit.msc from the Start > Run box. Then go to administrative templates, System and then look for Prevent Access to Registry and disable it.

    Test to see if it works.

    If you do not have gpedit.msc or gpedit.msc is restricted then you could try this option…

    http://www.dougknox.com/security/scripts_desc/regtools.htm

    I have not used that method before though but you can open the vbs file to make sure all looks good and that the script is going to do what it should.

  37. Tom says

    I need help. (I’m on my laptop)
    I’m having problem getting rid of Conficker viruses that infected my computer. So, I’ve scanned with AVG 8.5 and MalwareBytes Anti Malware.Both programs detected Trojan.Conficker.H and Worm.Conficker.H.

    After removed infected files and rebooted, it runs normally. But after 20-30 minutes, a window pop up. It told me that “Generic Host Win 32 Process has encountered problem and need to close”. I thought it just a coincidence and I clicked “Don’t Send Report” button. Everything is okay except every drivers that installed are like it has been “uninstalled”. Meaning I can’t hear any sounds, big icons and slow internet connection.

    I’ve followed your steps, AVG and MBAM detected same virus, cleaned and rebooted. It is fine in the first 15 minutes then the error pops up again. After that happens, I got random BSOD, hangs and restarted suddenly.

  38. brendan says

    Hi

    My laptop is infected with a virus. It is showing as a spyware product called Secret Service which i have not downloaded and has got into the operating system. I am in the process of going through safe mode to try and remove it but it has kinda froze on me.

    Any ideas ?

    Thanks

  39. Matthew says

    @brendan I recommend trying SpyBot Search & Destroy, McAfee Stinger and Adaware to try track this problem down. I would still attempt this in safe mode but make sure you download the latest versions of the software and that they are fully up todate when you try.

    Let me know how it goes.

  40. Xandria says

    hi i’m wondering if you could help me

    i got a virus when i was surfin the net and i dont have any security or virus removers.- i think the virus is ‘security pc’ , it looks for like potential viruses and says to install it.

    i cant use sytem restore becasue it was affected.

    now i lost my admin password and cannot log on. that’s my only account in my netbook

    then i tried the safe mode/,with networking,/with command prompt -but it doesnt work as well.

    pls i need help. thank you

    • Matthew says

      @Xandria Seems like quite a pickle you have yourself in. Not to worry. Are you able to log in at all to your PC? If so, log in, download AVG, Adaware and Search & Destroy and scan your laptop and then reboot.

      Have you tried the password hint option for your password? I am sure you have but thought I would point it out just incase you missed that option.

      If you do not know how to get back in to your system then try the following article which seems to have a few good pointers…

      http://www.petri.co.il/forgot_administrator_password.htm

  41. Shelly says

    Whenever I turn on my computer normally, my screen keeps turning blank except for my wallpaper. Also, my brother said the virus (or viri) has/have disabled my safe mode. Is this unfixable? ):
    Any help would be appreciated!
    Thanks so much!

  42. Matthew says

    @Shelly If you can log in to windows at all then click Start > Run and then enter msconfig and hit enter. Go to boot.ini and enable /safemode. Reboot your machine and see if you can get in to safe mode that way (still by pressing F8 when the PC is first switched on).

    Let me know if you can get in that way and if you can scan with your virus scanner while in safe mode.

  43. jamesdd says

    i had an zlob virus on an aciidental link click and some rouge viruses and spy ware came in with it macfee did nothing and now will not run i quarentined and deleted 21 inffections with malwarebytes’ and still when i go to log in not safe mode the blue screen of death comes up with the code . Stop 0x0000008E with other codes ive never seen im running virus scans on all drives by two virus protections and nothing

  44. Matthew says

    @jamesdd Can you rescan for viruses in safe mode and perhaps with another virus scanner then you are using. Maybe AVG? It could be that the virus hasn’t fully been removed.

  45. Gilanthz says

    Hello, plz help me my task manager,msconfig and registry has been disabled by a virus. . . When i scan no virus has detected. . .What should i do to remove the virus. . . .Thnx

  46. Angel Bates says

    I have a virus on my desktop and after logging into safemode, it won’t allow me to download a virus removal software (ex. McAfee…Norton). Does this mean that the virus is too far gone. Is it too late?

  47. Chris Collins says

    I got a virus on my hp pavilion with vista, no normal mode i run the virus scan it finds the virus then it freezes, i can not do anything on normal mode because it is so slow, but on safe mode it runs normal speed and i run the virus scan and it does not find the virus, help me please??????

  48. Max says

    I have a virus on my computer that I cannot seem to beat. Normally I can work in safe mode to get rid of it but this one also operates in safe mode. It has blocked access to my removal tool (superantispyware). Also, it redirects my webpages. While in safe mode the problems persist. I get the “you do not have permissions” error meaage when trying to open superantispyware. Also, there are no wierd programs installed and I cant seem to find anything on task manager that is a stand-out. Please help!!

  49. Shelly says

    Please help!
    I ended up with this stupid virus that is a fake virus scanner. It’s called Antivirus System PRO.
    Every time I try to run a program (including Start menu, Run) it says that the file has been infected and it asks if I want to start the virus scanner/protection. Then if I click yes the Antivirus System PRO thing comes up again.
    It’s 2:30 in the morning and I’m starting to freak out!
    Is there ANY way I can get rid of this stupid thing?
    Please help me if you can!!!

  50. Carol says

    Please Help. Nothing has worked now my computer won’t boot at all. I get a blue screen that says a problem has been detected and the bottom of the message says:

    Technical Information:

    ***Stop: 0x0000007E (0xc0000005, 0x8AEC21, of78A9C48, 0xF78A9944) How can I boot again. Safe mode and regular mode do not work.

    • Matthew says

      @Carol You could try using your Windows CD when booting and run through the recovery. I have done this a few times before and seems like a good option when all seems lost.

  51. Erin says

    Hi Matthew-

    I hope I’ve finally found someone with enough wits to help me! I’m in a similar situation to others who have commented here- somehow “Personal Security” has pasted itself onto my computer and prompts a million threatening pop-up’s claiming damaged computer, must buy buy buy!!! I’ve seem the bleeping computer fix-it multiple times, and even downloaded Malwarebyte’s Antimalware TWICE, but both times the virus kept the program from running when I tried opening it. I tried EVERY means of opening it, and updated the antimalware, etc., etc., but the best I get is maybe two seconds of the program before it disappears, and I am unable to utilize it. Could this trojan witch have somehow mutated to overcome the software needed to destroy it?!

    Ack! Help, please Matthew…

    -Erin

    • Matthew says

      @Erin Seems like your PC is in a bit of a muddle. Have you tried running Malwarebytes in safemode? Hopefully in safe mode the virus scanner won’t have the infected programs ready to shut the program down. To access safe mode, hit F8 when you first switch your computer on and select safe mode. Once loaded up, run the scanner, reboot, I’d suggest booting in to safe mode again, running the scanner again, rebooting and let it boot in to Windows normally.

      If that doesn’t work then there will be some startup or service or registry entry that is re enabling all the junk. If after cleaning it as mentioned above then I’ll talk you through the more complicated stuff to try get rid.

      Good luck!

  52. Daniel says

    I have what i believe to be a virus. When starting up it will give me just a blank screen before the windows log-in screen (though i still see my mouse and can move it around). I have gone into safe mode, which allows it to work. I have even tried a system restore. Spybot and windows defender and McAfee doesnt pick up any viruses or spyware. I remember a popup that had one of those messages that said something like “active-x is missing components, would u like to load it now?” and if u tried exiting it it would just keep popping up until i started task manager and closed it. I knew it was a trap do i didnt click either yes or no, just the X at the top. While that was happening windows defender picked up a trojan which i deleted. But nothing more. Then i kept getting this message that said windows has closed a program trying to start. and it would keep popping up. which i assume is the virus trying to start something that windows defender stops.

    Here is another interesting thing that happened when i was trying to fix it. I was at that blank screen before log in with only the working mouse which i found suspicious. So i pushed the delete key, noticed my mouse was loading something, and then i decided to try my finger print log-in, which worked. and allowed me to get past the blank screen and into my computer normally. Though that message about windows stopping a program from starting would keep happening. Which makes me think that the virus is just making it LOOK like my system isnt starting up properly by hiding it behind a blank screen. I havn’t been able to replicate that though.

    This also may or may not be related. But when i try to work defender, i get this error (i forget the exact number). I looked up the error and the windows support people say that it happens sometimes when downloading updates (which i did last night). Then the support said to go into the run program, run the specific program delete icon, which i did, and then delete windows defender from the list. But it wasnt on the list. And when i tried to just download it straight from the website, it said i didnt have to because it came with vista (i was hoping it would start downloading anyways and would just replace all the files instead).

    What do you suggest to do? I have tried everything i can think of to do. I fear it might be a virus disguised as a real system name (i remember once a long time ago there was a virus that was named the same thing as a .dll file, but was put instead as a .dlI (.DLi instead of .DLL) using a capital i instead of a lower case L to make it hard to catch.) Thank you very much for reading all this. I know that it can help to have the most information as possible when dealing with problems like this. Whether all of it was relevant, i do not know. Thanks again.

    • Matthew says

      @Daniel You mentioned you have tried a system restore. If the virus was on your system then you might be restoring your system along with the backed up virus if that makes sense. Perhaps you could try go back to an older date then you have been trying (it might require you reinstall some software, but files like pictures, emails, docs etc should stay in tact).

      If you can’t find a decent backup that works then try inserting the Windows CD you have and running a restore with the disk. This should clean up the files as needed.

  53. michael says

    this may seem simple to you but to me it’s mayhem i get a virus called e.exe or h.exe it will always come back and when surfing the net it will redirect my to some terrible search engine kinda like ask.com. it will also shut down my fire wall and my AVG on start up aswell as downloading a file to this directory “C:\Documents and Settings\mike\Local Settings\Temp\” it’s called trojan horse down loader agent2.OXL.(if i don’t keep scanning this directory it can download up to 140 viruses daily)

    please help my i beg of you (i already have AVG 9.0 aswell as malware bytes fully updated)

    • Matthew says

      @michael I’ll get working on this and report back when I can find some sort of fix for you. Sounds like a real pest though!!

    • Matthew says

      @Michael Sorry for the late reply here. Busy week! I’m guessing you have tried removing the virus in safe mode. If not, try that by pressing F8 on booting and select safe mode and run the uptodate malware bytes and AVG to see if that removes anything. Also check your Start Up folder in the Start Menu to make sure nothing is loading there. If you do have something there that you shouldn’t then remove it.

      Another thing to try is scanning the registry for agent2.oxl to see if you can find any instances of that file name in there. Also perhaps check for e.exe and h.exe (or what ever other file names they get) within the registry.

      Also before scanning with the virus scanner, load up task manager (right click task bar, select task manager) and end process on any services that shouldn’t be running. If they are in memory while scanning then they will either not be removed or if they can be removed they might just copy themselves back to another location ready for the next boot up.

      Another option is to try a system restore to a previous date before you were infected. Also another option is using the Windows CD to try a restore that way. Depending on hat windows you run depends on what options you have there.

      Feel free to post back if you still have issues.

  54. shijujv says

    My xp pro windows had some prolem with some malware or viruses.Now i am unable to run in safe mode,or any other options otherthan normal mode.Can you help me restore that……………..

    Urgent need………….

    Expecting your help as soon as possible………..

    • Matthew says

      @shijujv So booting up normally works but safe mode does not? I had this problem recently. Is the last message on the screen when booting in to safe mode relating to mup.sys? If so then this is kind of a known problem and is commonly related to problems with hardware on the system. Perhaps it would be good to try removing drivers from your computer and particularly those drivers that are not installed correctly or are corrupt.

      Other possibilities are problems with the PSU, Motherboard or even a corrupted registry. Check the drivers first though in Device Manager to see if any of them have a problem.

  55. James says

    Hello , whenever I start up my laptop ( windows vista ) in normal mode , a white screen comes up its all fuzzy and seems to fade into a strange screen with my desktop on it and wont let me do anything, its nothing to do with the screen as it can still run in safe mode with networking mode , also there is about 2 inches of blue screen around the left side of the screen and the top so it is hard sometimes hard to use as i cant see some of the buttons ( Minimize , maximize and close ) in the top right corner , I have lost my disc so i can not restore windows and install it again, and ideas ? thanks james

    • Matthew says

      @James I’ve not heard of this happening before. Perhaps uninstall and reinstall your graphics card drivers to see if there is something weird happening there. If not then I’d be surprised if it was a virus, but to check that I’d recommend scanning with a virus scanner to see if the PC is clean.

  56. Erin says

    Hi Matthew,

    It’s me again. I took all your advice, ran the virus program in safe mode. It found 6 corrupted files and destroyed them, but the virus still prompts me to feed it money. I’m so sick of it, I’ve just been ignoring the pop-ups, but there must be something that can be done. Please help!

    -Erin

    • Matthew says

      @erin Could you try running the system restore program? This can be found at Start > All Programs > Accessories > System Tools > System Restore. Once in that program you need to select restore my computer to a previous time (or something to that effect). Eventually a calendar should appear with dates to choose where you want your computer to be restored from. At this point I suggest selecting a date that you know is before you were infected and then tell it to restore.

      A few things to note before you run this…
      1.)All files should be left in tact meaning your documents, photos etc will be ok.
      2.)Any programs installed after the date you selected will need to be reinstalled. For example, you downloaded a game from the internet then you will need to reinstall that game if your restore point is older than when you installed it (hopefully that makes sense).

      Let me know how that goes.

  57. Jack says

    My Sony Vaio Laptop has a virus but Window Live OneCare did not detect it in time and it seems to of corrupted the OneCare software so when i try to scan in safe mode OneCare comes up with an error message saying it can no longer function. Recently the virus also seems to have expanded and corrupted a major file(s) to stop my computer from booting up, and when it does occasionally start; within minutes it crashes and automatically restarts, when this happens there are rows of blue dots running across the whole bios. I have tried using startup repair which says it cannot fix the problem, i have checked to see if it is a memory hardware problem and its not, i have also tried using the CHKDSK with the cmd but it says no errors. Is it possible to re-install OneCare or another Anti-Virus while in safemode?

    Many Thanks Jack x

    • Matthew says

      @Jack… Installing in safemode could be worth a test. Another option is to try a restore point from before the problem happened. Let me know how it goes.

  58. Daniel Vale says

    Hello!

    My internet provider called today to inform me that my computer was infected with a virus called: darknet scan
    They said I needed to remove this swine in 48 hrs. or they’d disconnect my internet service!
    I’m going to follow your suggestion & run my AVG program in safe mode; if that doesn’t work, what might you suggest? I’ve done several searches for info. on this virus but have yet to find any mention of it.

    Thanks!

    Regards,
    Dan

    • Matthew says

      @Daniel Vale… This is a reply to your longer question. I’ve done a search for darknet scan and can only find a website called darknet and no virus. Perhaps you could enable the Windows firewall and block access to everything except the necessary ports like 25, 110, 80, 443 and any DNS ports. If the virus they mentioned actually exists then maybe it’s transmitting/receiving something through another port which can be blocked to get your ISP off your back.

      Perhaps try a recovery from a previous date like a week or two back.

  59. Daniel Vale says

    Note:
    I cannot achieve Safe Mode, Safe Mode with Networking or Safe Mode with Command Prompt. Could it be the virus is preventing this? ( I’m running WinXP ).

  60. Daniel Vale says

    Thanks folks…

    I needed this computer up & running fast so I took it into the shop for repairs; they had to wipe it clean to rid it of that accursed virus. So now…

    …my hard disc removable devices won’t read the discs!! The device manager says they are both working fine…could it be that the tech knocked a wire loose / off inside the tower??

    Thanks again for all your help – you folks are wizards!

    Best,
    Dan

  61. Arjy says

    my sister’s laptop got infected by a virus… she’s in Australia and im in another country… here are the facts:
    -can’t connect to the internet
    -can’t open or read documents
    -the virus she said was a trojan (she freaked out and tried to buy new anti-virus but failed, the next morning she found out that her credit card did a transaction without her knowledge… caused her to lose $106 dollars) LOL
    -i asked her to do a scan on safe mode.
    -at first her anti virus said it cannot be fixed (later did, shes still scanning as of the moment)
    -while on safe mode a lot of cmdpromt windows started appearing
    -did system restore but nothing happened

    thanks!

    • Matthew says

      @Arjy Can you try a system restore from an earlier point? Maybe go a month further back than you tried where it wasn’t successful.

  62. manny says

    Hi, i think i have the same problem as others. the computer keeps crashing, the fan speeds up *it has nothing to do with overheating* dell said theyd fix my brand new window 7 comp for 200 dollars thats a rip off i need ur help plz

    • Matthew says

      @Manny If the computer is brand new, does the warranty cover it? It seems like it could be a hardware fault which I would of expected would be covered.

  63. Saul Steck says

    Okay I really need help…..
    I can honestly say this virus isn’t all that bad since I’m in safe mode with no problems but it did damage my webroot antivirus software so I have no clue how I am going to a remove a virus in safe mode without being able to re-install or use my virus scanner…….normal mode is a mess
    It’s a fake rogue virus protection called paladin antivirus or protection I think

    Please e-mail me I have an ipod touch so I can still receive e-mails
    Please help me :(

  64. Brandon says

    I have a bad virus I think. When I do ctrl alt del, my task manager option is greyed out. I tried to load into safe mode, but several lines of commands came up on the screen. I can’t use system restore. I get to the point where it says Next, after I’ve chosen the earlier point, but it won’t go to next. It will only go back. Any advice?

    • Matthew says

      @Brandon – I’ve seen this happen before. You will probably find that trying to get in to safe mode stops at a line of text saying mup.sys. To get past that I’d go to the device manager (if you can get there) and check that all devices are installed correctly. If not, install the ones that have errors or warnings next to them. If I remember correctly this prevents access to safe mode.

      To get the task manager back you need to run a registry entry (but the registry will be blocked too). Give this tutorial a test… http://www.pchell.com/support/registryeditordisabled.shtml

      Also try this tutorial (it might not be directly related but the malwarebytes program mentioned is excellent at sorting problems out)… http://www.techasis.com/how-to-remove-registry-defender/

  65. ness says

    help ! I have read through your advice and cant see anything on my problem. I just bought windows 7 and can see the signs that I have a virus on my computer. ie, when I type things it deletes it without me commanding it to do so, and opens windows without my commandmy internet explorer freezes up now, and it also writes odd symbols that are not on my keyboard which I cant even begin to describe. i have opened safe mode, and did a scan with avg 9.0 on both safe mode and regular windows, but it is not detecting a virus. I dont know where to look for it, and I dont know how to take it off, but Im afraid that if I dont find it fast it will ruin my computer. Any ideas as to how to fix this?

    • Matthew says

      Ness… I’d be tempted to do a restore of the OS if it’s acting up that weird. It doesn’t sound like a virus, but more of a weird issue/maybe something has corrupted.

  66. Mitchell Dumser says

    i ran the scan a few times in safe mode under administrator and ran it in user log in and when i try to remove the programs(the virus) from add remove programs i click remove and they start running and freeze up the computer. it wont let me remove them still after running scans and trying to remove them in safe mode.

    • Matthew says

      Mitchell, are you trying to remove them in safemode? Try removing any programs in normal Windows mode, but if you are meaning you are trying to remove the virus’ then try in safemode if that makes sense.

  67. Clara says

    my computer is infected with the “virus protector” rogue software and does not let me enter safe mode. It stops at a line of text saying mup.sys. I cannot get to my device manager as the virus protector software loads everytime I get into safe mode or normal mode. I saw your last suggestion about running a registry entry but I can’t get access to the internet as nothing appears except for the rogue program. What would you suggest? Any help would be appreciated!

    • Matthew says

      Clara, Do you have the system backup running? Could you possibly run that program and restore a backup from say a month ago?

    • Matthew says

      Ness, if you have the Windows installation CD, pop it in the drive and boot your computer. It will ask if you want to boot from CD and just hit any key to agree. You eventually get presented with some options to restore the PC. Please note that some of these options might wipe data from your PC and restore it to the original settings, so be careful with this method.

  68. Brian says

    Hey,

    I have a virus that is like others. It wants the user to pay 60 dollars to get rid of it. I’ve had these before and always managed to remove them. This one is slightly nastier. It won’t allow me to run any programs or do anything. It says that it is an infected .exe file and cannot be run.

    I can operate in safe mode, however.

    If need be I can get the name of the virus but it is something like kaka:C\\then the rest of the location.

  69. Brian says

    Just ran system restore in safe mode to 2 days before I received the initial pop up.

    I hope this works.

  70. Meg says

    Hey, I have this virus that keeps coming up as Windows Security Alert, and it has the software Antivirus Soft that seems to be a virus itself and is taking over, and scanning and it is not doing anything, but telling me to purchase it, and then take all credit card information. I was wondering if there is a way I can get rid of it if it’s not letting me have access to the internet or doing anything, except look and my pictures and documents. My computer will only work in Safe Mode with Networking. PLEASE HELP!

    • Matthew says

      Meg,
      Are you able to download Malwarebytes and perform a full scan in safemode? If so, give that a go. I believe the virus is overwriting a file in the windows/system32 folder (possibly explorer.exe or services.exe) with a bad file. Running malwarebytes should stop the virus from doing that.

      Let me know how it goes and if it still keeps occurring.

  71. Andrew says

    I think i have a virus on my laptop but i’m unsure whether it is or not. On turning on my laptop it will load up untill windows loads, then the screen disappears and reappears with veritcal lines of colour, sometimes these flash, other times they just sit there. I’ve run a safe mode scan with AVG free 9.0 and also used a restore point from a month ago when it worked fine. After this the laptop works but slowly and when you turn it off the laptop breaks again when turned back on. So apart from repeating this procedure every time i want to use it, or the laptop being in safe mode, it is unusable as windows simply won’t load, well it might, but the screen won’t show anything. Cheers for any help.

    • Matthew says

      Andrew,
      It sounds like the virus is still present or somehow hiding it’s self and re-appearing after booting up. I’d be tempted to fix it the way you have been, download Adaware and Malwarebytes (both free) and run those two scanners in safe mode as well to see if they spot anything.

  72. Brenda says

    Hi. I have a My Security Engine virus. Trying to remove it on my home computer but cannot get to the website of any virus cleaners. I’m at library and while I see the websites that could help by downloading, I do not know how to download onto my CD, the download. HELP

    • Matthew says

      Brenda,
      Do you have a USB flash drive you could use to copy the file on to? Copying to a flash drive is a little quicker and a lot less steps involved.

  73. Tena Troy says

    I have a horrible virus on my computer…Every time I try to use a search engine…google, bing, yahoo…I am always redirected to another website. The name of the virus is exahayerid. Any time I try to find out how to get rid of this virus using a search engine it comes up with “Your search – how to delete exahaerid.dll – did not match any documents”
    I am going to try and get rid of it through safe mode. If it works or doesnt work I will let you know.
    Take care and God bless

  74. Elen says

    Hi Matthew

    Not sure if you are able to help but couple of weeks ago my PC got attacked by Trojan virus (rapporte.exe;rappor.exe;rapp.exe). All the sudden I didn’t have any access to the Internet Explorer and a virus software (which propbably had expired by that time anyway-lesson learnt!) got destroyed by the enemy. What would be the safest way to get rid of the virus(es)?

    PS. I can still access my computer from the safe mode.

  75. Rick says

    I contracted a memory virus WIN32. My AVG detects is but doesn’t remove it upon scanning. What is the best way to rid my PC of this virus?

  76. Rick says

    Matthew,

    Thanks, downloaded malwarebytes and it seemed to work. I scanned in safe mode first and followed the instructions. My PC was still slow on the internet, especially in hotmail and got locked up. I ran the scan then normal mode and it seems to be running better. My AVG didn’t detect any issues once I ran the scan in normal mode. However, I still have slow mail and hotmail doesn’t want to shut down when I try to get out. I’d like to switch to Microsoft Outlook, I think hotmail may be my issue. Is there an easy way I can switch to Outlook?

  77. anilraj says

    i am running mcafee on my system to day morning i got the on access scanner msg which shows these two names”mcsql.exe” and “audltusr.exe” with status cannot delete now am doing the command line scanner i hope it will success!!! Are u people are agree with me?

  78. alphazone says

    I have the same problem as anilraj – two files named ”mcsql.exe” and “audltusr.exe”, which I can’t delete. I can’t see it in ADD/REMOVE programs. Could You help me?

  79. Calvin says

    Hi Matthew,

    Thanks for helping everyone. The virus I’m experiencing (on XP) keeps saying there’s a “window’s security alert” and do I want to activate my antivuris software–which is not my software. Any anything I try to open, says it’s infected. For example, try to open my yahoo messenger, and “the file ymsgr.exe is infected. Here’s what I’ve tried so far to fix the problem per all of your advice:

    (all from safe mode)
    1. Spybot search and destroy (found nothing)
    2. Ad Aware SE (full scan, no results)
    3. Malware Anti-malware (found nothing with full scan)
    4. Dr web cure it w/ USB drive: found a couple infections, and removed them

    Booted up again, and the same virus was still there.

    I then tried to restore from a previous date as you suggested, but when I do that, it always reboots and says it “cannot restore to the selected date.” I’ve tried like 7 different restore dates and nothing.

    Any thoughts on my next step?

    • Matthew says

      This might or might not work. I sometimes am able to uninstall a variation of this windows security alert from the add/remove programs. Have a look in there to see if there is any mention of it in there. I recently did this for someone (with in the last 2 weeks). It isn’t always the case, but it worked when I tried this time.

  80. john fox says

    Mat,
    I have the security suite virus, I am in safe mode and trying to remove it with out purchasing spy doctor
    I have malwarebytes doing a full scan now… am I on the right track? can I remove this one for free.

  81. jono says

    have you tried using comodo,, ive had a virus that norton and avg could not find and comodo found it stright away its a free programme so you should give it ago

  82. says

    I am having a nightmare with secuity suite, It will not allow changes in internet lan, It frezzes my system in safe mode boot,with networking dubging mode last know good boot and what ever eles. this program will not let me download anything and every time i open a exsplorer window it comes up with viagra adds and porno sites. please help its driving me made.

  83. adam says

    I have tried everything & I mean everything to fix my pc…I did a diskcheck, avast virus removal scour in regular, safe mode & even boot scan which found & supposedly removed several viruses, i have done several system recovery’s that seem to be infected now as well, i used ccleaner to clean the registry & clean the pc but it is still freezing. The only new change is that I have added a 32″ monitor to my pc. Could this addition cause my freezes??? HELP PLEASE!!

  84. Jesse says

    hello mathew i am in dire need of help my computer has important files that i dont want have erased by swiping the whole system of its memory but i really dont even no how to do that. i installed anti malwarebytes which helped this computer that i am on. but my other laptop which just today got the virus is trying to make me buy anti virus software and tells me would you like to block this attack i no its a scam and it wont let me open anything it just says file could not be executed or opened or something and that file is corrupted. i started it in safe mode ran my anti virus software to delete virus but nothing could be found. i created another user while in safe mode and this user is not affected by the virus the guest user so i ran my anti male ware and i tried to clean the virus out. i scanned my sytem twice and both times it found infections the first time about 130 so i clicked remove and it said it removed them the second scan said there were five infections i clicked remove and it said successfully removed. i logged back on to my original user and the virus software is still there not letting me open anyhting. just saying file cannot be executed file is corrupted. please please help

  85. says

    i have a older hp laptop i ran a virus check and had alot of viruses,mostly adware trackers,and some trojans i hit the fix button and it says all were fixed,i restarted pc,and when the sign in page came up ,no cursor i was able to get signed in with the arrow keys,what i want to know,can i go to restore,to a earlier date in safemode with cursor frozen,by using the key pad,i used malwarebytes’ malware ant-virus program,and i believe i removed the the program that works the cursor,when i fixed the many viruses,it said all viruses were cleared,i am not that computer savey,i would appreciate any help you can give me

  86. TheMaximus says

    here is the best way to get rid of viruses for good and you wont ever have another one
    1. lay off the porn 90% of viruses i have found from repairing peoples computers are from porn
    if you cant stay away from it you got what you deserve and therefore cant complain!
    2. google pop up blocker or google toolbar
    3. avast antivirus its free and it updates itself
    4. there is a few more additives but 9 out of 10 of you will still go and try and visit that porn site or warez to get free stuff, it’s common sense folks you know what your doing so why is it that most of you cant accept your own poison from playing with that rattlesnake? Grow Up!

  87. Ryan Schwartz says

    Hello.
    I have the Securty Tool Virsus. I’ve tried to go into safe mode by restarting my pc, but it does’nt come up as an option. I’ve also tried to go into “run” and it does’nt allow me. The virsus pops up saying it’s a worm trying to take credit cards information.

  88. Jimmy says

    Hi Matthew.

    Last night doing some late night surfing I appear to have picked up some sort of nasty virus. When trying to open any file (for example AVG 8.5) i will get an alert saying, “Warning, avg.exe is infected. Proceed to anti-virus software?” So I click yes and am taken to a strange anti-virus protection software that I have never seen on my PC before. It will scan the computer and detect 7-10 viruses but not remove them because I must buy a full version etc. (pretty shady stuff).

    So my first step was to follow your instructions and boot up in safe mode. I ran BOTH AVG 8.5 free edition and Windows Defender and no viruses of any kind were detected. One strange thing I noticed however, is that during the AVG command line scan, many files were being “locked” and therefore not scanned, I’m not quite sure what this means or if that is normal during such a scan. Please help, I’m running out of options!

  89. DavidW says

    Hi Matthew

    Any experience with thoroughly nasty RAMNIT virus. After having W32/NGVCK virus, things have got worse and Macafee is showing Ramnit incessantly. In safe mode I am trying to rescue data, but I am very worried my PC is compromised. (I’ve dsiconnected from the internet of course, and am trying to do stuff in Safe Mode. But how wrecked do you tink my PC now is? Aaaagh.

  90. KyleB says

    Heyy, I have a virus that will not allow me to access my system restore and AVG Antivirus during ‘normal mode’. When in normal mode a red pop on the bottom right corner appears saying the is an infection somewhere and it asks me if i want to use a antivirus software that what i believe the is the actual virus. when i go to internet a small box appears saying error. i have a Toshiba and i needed to press F7 to access safe mode. when i accessed it i went straight to system restore and it wanted to restore it back before i downloaded a program called DirectX which was on the 22nd of december. i said yes and it done its thing. and i logged back onto my computer when it restarted and it said that the system recovery did not work nothing was changed to your computer. i then turned it off and on and went back into safe mode. i then went to AVG Antivirus and i scanned the computer hoping to delete the virus from there. but it apparntly scanned the whole computer, but it said that everything it scanned was all locked. i dont know if AVG Is telling me that AVG Locked it or it was already locked before i scanned it? can you please help me delete this virus.

  91. gio says

    i’m interested in my anti virus software abilities, it’s panda 2011 internet security. so could it protect me from virs?

  92. Lola says

    System Tool 2011 is in my computer. I’ve run my McAfee in Safe mode and nothing shows. Do you have any suggestions to get rid of this? Thanks

  93. joe says

    My laptop seems to have picked up a virus…it is a program called virus checker….it freezes up my whole computer..wont let me open anything, and the internet will not open any browser pages….i was told to run in safe mode to fix the problem however when pressing f8 like i was instructed…all that comes up is start windows xp…..no safe mode option at all…. HELP?!?

    • Haris says

      For some computer its works on F10 or just press and keep off button until its turns the computer off then start it and its should pop on with start windows normal or safe mode.

  94. travis says

    I am having a major virus problem it a virus and a trojan i am sure!

    Cause it making me have a blue screen and when start it up the command thing comes up first with black background saying loading and then says cannot find something and then pops up 3 times then disappear and then everything loads but once my virus protection pops up and loads and then this stuff pop up saying yes or no and click yes or no the computer freezes and then blue screen comes up!

    It had happen before but i can’t remember how to get rid of it cause idk where the files or folder this are in

    i know i got this virus from firefox i guess cause when i ran this adware check there was like 125 adware on there saying firefox file and stuff i unistall firefox see if that would work but idk!

  95. Clarence says

    A fake self instaling virus program oaded up on my laptop, after I went to a site that is not 100% a porn site. It also has also has big name celebs also. The name of the fake self instaling virus program, I think it called anti-virus vg, not sure. It has screwed up files needed to open and run programs like print master, yahoo messenger and so on. It will not let one go to any websites like yahoo, amazon.com, bestbuy,com, comcast.net, google.com, commanderbond.net, hotmail.com, bing.com, flickr.com, ebay and so on saying it bad with a message, when use IE. Right now I’m in the middle of using avast! in safe mode. So far it has found one and it at 45%. Hopfully it will fix things up like being able to run prgrams again and go to different websites. Even install programs and not have problems opening them to use.
    I’m typing this from another family member’s computer.

    • Matthew says

      Clarence, Have you tried rolling back your Windows install with the system restore? It could be easier to load that up (in Safe Mode) and then roll back to a date prior to all the problems.

  96. Clarence says

    Now the self instaling virus program gone, and it has screwed up programs. So what do I do, reinstall all of them or I have follow something to fix the files it screwed up. Like for yahoo messegnger, it troubleshooter shows up and say We can’t sign into Yahoo! Messenger.
    There might be a problem with your Internet Click Troubleshot to begin a series of tests to try to diagnose the connection problem. After doing the troubleshooter, it still has problems and that the prossible problem with HTTP connection. Verify that you can see web pages you typically browse to in Internet Explorer. For Internet Explorer, it not going to any websites all I’m getting is a messge saying Internet Explorer cannot display the webpage. That is the same as if you are not log on or connected and only click non the browser. But my laptop will auto detect to the server I’m with which is Comcast. So what do I have to do to fix anything up reinstall them or follow something to fix the files up. I have not try opening other programs yet to see do they work right or has problems. I no techie, so I don’t want anything complex to understand in fixing the file(s) that make work right.

    • Matthew says

      Just spotted the message here, I just mentioned trying the system restore a few minutes ago. Might be worth you testing that.

  97. Haris says

    Hi I got a nasty virus any program or web i open its opens 107 pages i delete double click trojan with quick scan, but computer still go crazy and in safe mode its even worst,, can’t open nothing coz its opens more than 100 and computer just stacks . When i try to put full scan its stacks in a middle and its happens with any anti virus or mallware remover. I tried a lot anti virus. I even reinstalled a windows but its gets back from some old windows files. my computer go crazy just as i turn it on before its starts loading OS. any help. May be someone know some good trojan remover or anti virus?

    • Matthew says

      I’d give system restore a go. Boot in to Safe Mode and then click to go to safe mode rather than the desktop.

  98. Kay says

    I had a virus on my computer (what I had was security pro virus so I couldn’t open any application, even connect internet to download). To get rid of it, I went safe mode and ran Malwarebytes and removed the infected files. After that, I had a problem with Internet. It’s connected (Skype works) but I get a message ‘page cannot display’. If you have any idea why and how to fix this, I appreciate it.

    • Matthew says

      Have a look at your IE settings and perhaps reset them all to default. Also, you could look at your hosts file. Open up notepad.exe and then open within that, c:\windows\system32\drivers\etc and the hosts file in there (the one with no extension), and make sure there’s not much in there at all other than the description and localhost pointing to 127.0.0.1. Delete other entries if they exists (unless you purposely added them).

  99. Anonymus says

    Please help! I entered safe mode but my desktop stops working except for the mouse. It also lets me click on an icon just once, but that’s it. I can’t open my virus scanner.

    • Matthew says

      Try restoring to a point before you had the problems. Can do this by entering safe mode and selecting to go to system restore when asked before going in to Safe Mode.

  100. lily says

    please help me i went into safe mode to remove the virus by scanning it using my scanner and the virus still blocked it and i tried downloading avg to my computer through a usb drive and the virus blocked it from completeing set up. what else can i do?? please help asap. i’m a student and i need my computer !! but i need this virus off first so please help. my school IT office did nothing so please help me.

    • Matthew says

      Sorry for the delay. At the moment, rolling back your install seems to be the best option. Boot in to safemode with F8 when switching it on, you’ll then eventually be prompted to go to the desktop or restore from an earlier date. Choose a date prior to the problem you are having now and all should return to normal.

  101. James says

    Hey bro ii have a w32/Blaster.worm and this thing WILL NOT LEAVE!!!
    every time I boot up my laptop Normally the first thing that pops up is a PC scan
    the scan goes and tells me whats infected! then I hear a Noise like a pig screaming and something pops up that says REMOTE FILE TRANSFER to another computer IP address!!!
    nothing can be opened except Explorer and every time I download a removal tool I scan and scan and Scan and it never finds it, I cant download any anti-virus protection without something saying its infected by the worm, so I boot up my comp in safe mode w/networking and no tools can find the virus even then!! I’m at a standstill here man what can I do??

    • Matthew says

      Give the restore a try (safe mode). When booting to safe mode it will ask you if you want to use restore, just agree and then roll back to a date prior to the problem.

  102. Sabrina says

    Hi, So I have been bombarded with viruses today. Mostly by Backdoor: Win32/Nervos.A, I have ms security essentials, it detected them and removed them but they were coming every 10 minutes. My spyware definitions are up to date so that’s not the problem. Then I got some trojandownloaders also removed so I just shut down the laptop. Came back a few hours later and still the same problem (bombading of viruses) so I started to run a full scan which Froze and while it was frozen 2 Backdoor: Win32/Nevros.A were allowed. Tried another full scan and that removed 4 other viruses. But the ms security essentials still show that the backdoors were allowed. Would my computer still be infected even though the scan didn’t pick them up? There is no option to remove them in the history. Do these viruses load in safe mode? Will I be able to remove them from there? Sorry about all the questions!

    • Matthew says

      System restore should help. Boot in to safe mode and you’ll be asked if you want to roll back or not. Just select that you want to do that and roll back to a date before the problem. All should be good then. Just make sure you run Windows updates, virus updates etc… as all that gets rolled back to an older version.

  103. taylor says

    i dont know what the virus is called but something by the name of ms removal tool keeps popping up saying i have a virus and need to activate my antivirus software, but it wont let me use my own which is AVG 9.0, says it is infected and MS removal tool just keeps popping up with virus alerts. i have switched into safe mode and ran malware and spyware scans, both found and removed viruses but when i went back into normal mode they were still there.

  104. Jack says

    Hi. I have a virus calling itself “XP Anti-Spyware 2011 Unregistered Version” that opens and starts to “scan,” even in safe mode. It’s blocking my virus remover, Malwarebytes, and there is either a problem with my system restore or it’s blocking that too. Any advice?

  105. Bill says

    Jack, I have that same virus. While I have no clue how to get rid of it fully, I can tell you how to get Malwarebytes back. The virus keeps you from opening MB by adding something to windows registry. Not sure what or how, but this addition is what is keeping you from opening most of your programs, including MB.
    Open up a notepad and copy and paste this into it:

    Windows Registry Editor Version 5.00

    [-HKEY_CURRENT_USER\Software\Classes\.exe]
    [-HKEY_CURRENT_USER\Software\Classes\pezfile]
    [-HKEY_CLASSES_ROOT\.exe\shell\open\command]

    [HKEY_CLASSES_ROOT\exefile\shell\open\command]
    @=”\”%1\” %*”

    [HKEY_CLASSES_ROOT\.exe]
    @=”exefile”
    “Content Type”=”application/x-msdownload”

    After you copy it, click on file, then save as, and then type Fix.reg. Make sure it doesn’t say Fix.reg.txt, just Fix.reg. Then save to the desktop.
    After, doubleclick on it, and will ask if you want to add it to the windows registry and click yes. Once thats done you should be able to run Malwarebytes and get rid of it. But it won’t be permanent, at least it isn’t for me. Every so often you’ll get hit by a virus or something, because there is still something there that AVG and MB can’t find. For me it has something to do with the svchost.exe that controls my sound and its also connected to windows security center, as there is always an icon down in the tray that tells me that automatic updates and widows firewall are turned off. Every time I turn on the firewall, I get hit by a virus. Other than that, my computer goes amazingly slow sometimes.

  106. Will says

    Basically I have a virus that makes the screen have green lines going down the screen, I started on safe mode and ran the virus scan using AVG, however there were many locked files that wouldn’t be scanned, so no virus’s were found or removed, help?

  107. Abby says

    Hi, i have got my pc in safemode but my virus software isn’t there. i have no “all programs” just my computer, my documents, my music and my pictures and controll panel. so i cant do anything to get rid of the virus in safemode please help!!

  108. Dwight says

    I run the virus scan in safe mode, but it will not remove the virus. It will scan through everything, then all of a sudden it restarts the computer. It did find the virus and it is a trojan. So don’t know what else to do. I done this over and over.

  109. Marty says

    Hi Mathew,

    Im trying to find out what is wrong with my mother in laws laptop. OS is Windows Vista Premium Home addition. It will boot up normal and then the Laptop restarts itself after a few minutes or whenever I try to perform a function such as open a program. HELP!!! Any idea’s would greatly be appreciated.

  110. Joshua macclelland says

    Hey the virus is attacking my computer fan so I cant go in safe mode because the computer shuts down right away due to the fact that the fan doesnt work. I dont even get a chance for safe mode. This virus is so simplistic that before I can get in safe mode my com shuts down. If you have the answer I could youse it. Thanks a ton!!!!!

    • Matthew says

      Are you sure it’s not just the fan failing? You might want to try boot from the ultimate boot CD and see if that bypasses the problem. From there, you can then take a look to see if there are any problems.

  111. joseph says

    what if the anti-virus cant run or the exe file of an anti-virus cant run because of virus.? even if im in a safe mode?? how can i remove that virus..? thanks for the help!

  112. ImSoScrewed says

    so i seem to have some sort of unstoppable virus. Its the kind that says its Windows 7 Security but will say that anything under the sun, including IE or ANY program, and says i need to register it immediately! I tried running Rkill from the guys at BleepingComputer and ive run MalwareBytes countless times and it still isnt working. It first attacked my usual profile, where viruses occasionally hit me. I go to my guest profile to work from there, but soon it got into there too, despite Malware-Bytes having eaten through a lot of these viruses, even saying there are some this time already its killed, but not defeated. I tried Safe Mode w/ Networking and it has become a horribly ironic Unsafe Mode as it pops up there as well. Also, strange “will you allow this to change your comp” messages keep coming up with things like “bcont.exe” and strangely enough, “windows explorer.” when windows explorer comes up (oh and it doesnt go away, you click no and it IMMEDIATELY comes back) and i click it away with a no, it stops working. I am using a different computer altogether and am fearful to use my own again, fearing the virus will somehow spread more, not even allowing me to start it up. Your help would be greatly appreciated, because i am freaking out just a little.

    • Matthew says

      Have you tried doing a restore from a backup? Windows keeps backups each time the state changes. Make sure you roll back to a date before you got the virus. To do that you can go in to Safe Mode and then choose the option to restore rather than the one to log in.

  113. Mary says

    We had a virus hit our laptop ( Windows XP) we were able to run a virus scan-but got a blue screen afterwards. I was able to run another McAfee scan in safe mode and 3 viruses were found and quarantined. Now the mouse is frozen and I cannot access the user account to log in and I can’t get the Start menu to pop up to get into check to see if the mouse is enabled. Also- I am now unable to get into Safe mode–even after pressing F8-it goes directly into the Windows screen–maybe because I can’t shut down properly–none of the key fu
    nctions work? Any thoughts?

    • Matthew says

      I’d try unplug and put your keyboard in to another USB port. Also check the bios settings (if you can get to them) to make sure USB is set to function correctly. I think it’s called legacy support.

      Test that and see if hitting F8 can get you back in to Safe Mode and then try a restore from there back to an earlier date prior to the date you got hit by a virus.

  114. Raspal says

    Hi Matthew,

    I read through this blog post and wonder how long it’s been going that people still comment on it and ask questions and it started sometime in 2008!

    Anyway, my question isn’t like others. I wrote an FAQ page about the recovery console and one of the question was – “how to remove a virus using the recovery console, which can’t be removed even in safe-mode?” I found a few pages on the Internet mentioning that this is possible and can be done but after a lot of searching, I couldn’t find any page that shows how one could do this. Can you put some light on this topic … and maybe you could also write a post on this topic on your blog too.

    Kind Regards,
    Raspal

  115. Raspal says

    Forgot to mention that I did get a short post mentioning that a few virii can be removed using just the chkdsk /F /R in the recovery console. Such virii are extremely hard to find even in safe-mode but chkdsk wipes them off.

    Kind Regards,
    Raspal

  116. Kelsy says

    I’ve ran into the glorious Windows XP Security 2012. Seemingly same situation as “ImSoScrewed” lol. I’ve done all the research I possibly can, even went through all of these discussions and still can’t beat it.
    I’ve gone into regedit and deleted all malware files and three letter .exe files. I’ve tried Norton and AVG. After doing all of this and also going into safe mode, my computer keeps rebooting. I can’t access, safe mode, or previous configurations. I don’t know what to do!

    • Matthew says

      Raspal in a recent comment suggested trying the recovery console. I haven’t used this yet but will be testing soon. I’ve also heard discussion about booting in to a Linux partition and running a scanner that way. Let me know if you need help with that.

  117. Stewart says

    Hi Matthew,

    Love your site. I bought the Vista Internet Security 2012 virus. I have tried running the computer in Safe Mode with Neworking (although I cannot access the Internet in this mode) and am having trouble getting rid of the virus. I cannot find any help on my iPhone, which is the only way I can access the Internet now. Could you please help me find the file names of the virus so I can delete them. I fear they are not showing up in safe mode, and I cannot start any application in normal mode. I am not tech savvy, so the more detailed the advice the better. Please help! Thank you.

    • Matthew says

      Are you connecting to the internet with wireless normally? If so, boot in to safemode with the networking option (there’s two safe mode options). Connect an ethernet cable from your router to the computer and see if you can get online that way. If so, that would help resolve it.

      If not, let me know and I’ll see if I can find a tutorial on how to remove that virus manually.

  118. Bridget Willis says

    Matthew,
    Heres my problem, My brother in law removed the anitvirus from the laptop, so had NO PROTECTION, got something that will not let me load a disc for anything muchless a anitvirus program, and I can only start in safe mode. The accounts with admin capabilities will not let me do anything, I did creat a guest account, but it doesnt let me do the things I need to, due to not bing an admin user…. I want to just dump everything and reformat the thing but it wont let me. I cant even restore due to my bro in law not setting ANY restore points!! How do I reformat in safe mode? Or is it possible to do so? I cant get online with the thing, it wont let me download the Norton anitvirus nothing…. HELP PLEASE. I just want to rid it of everything and start over. The computer is an Acer Aspire 5515.
    Thanks for any help you can give me.
    Bridget

  119. sel says

    hey some of my key are not working coz of a virus..i dont know what to do…help….keys like enter, backspace ,delete etc…and whn i scan with my antivirus program it finds da virus and deletes it bt nxt tym i scan again its there again…what to do…im using bit defender 2012….help me plzzzz.i tried ur method bt same thing…

  120. ER says

    Hi Matthew,

    Yesterday it seems I have been infected with the “Happili” redirection virus. It is a browser jacker that seems to redirect search results, but looking it up suggests that it is a whole slew of other nasty things. I ran scans from 3 different protection programs before, during, and after entering safe mode. A few infections were removed, but clearly it can’t find everything because the problem is still persisting.

    Luckily I have my back-up drive handy, so if all else fails I’m going to try restoring to factory settings soon. If you can reply, I would like to know if there is a better way.

  121. Jessica says

    How can I detect a virus that my anti-virus software isn’t “finding”? The scans say all clear but when I described the issues to my brother in law he says sounds like a virus and I should have it looked at. He would help but lives across the country. Is it possible that my anti-virus software can’t detect it?

  122. Bridget Willis says

    I had a virus and decided to just reformat the computer well during reformat it stops and asks to put in windows cd. I did this and still nothing happens. HELP!!!! Stuck in nowheresville now. What can I do to finish this to get it to be back to factory settings? I will Try turning it back on and see what happens and get back here ad post a result. I have to leave for work now but I wos hoping maybe someone had a answer or thought for me just by my description. Be back later today. Thanks.

  123. Bibi says

    I’ve been having this virus on both my computer and laptop where as soon as I log in and start everything up, once I put the scans on my whole screen freezes (during this time I believe the virus is tampering with the scanners) and then it will allow me to click things again. The computer will act normal but it still feels like the virus is there.

  124. Anhtu says

    Hi,
    I really need some help!! You see, as soon as I start up my computer, it shuts down and restarts again. It keeps on doing this unless I’m in safe mode. I did a virus scan with avast! and it detected no viruses though when it finished, it said some files couldn’t be acaned….. However, when I go into safe mode, there’s a pop up that says something about a blue screen . Other than that, no blue screen actually came up. I really have no idea what tdo d

  125. Mike Anderson says

    I ran a virus scan in safe mode but goldun trojan is still infecting my PC even after I deleted it. It comes right back time and time again. I have two anti malware programs who can find this trojan and delete it however it is back again when I restart my PC. This trojan is somehow attached to my anti virus software by Kingsoft. This software comes from China does that mean anything to you guys? Thanks Mike

    • Matthew says

      Have you tried a different virus scanner and also checked that it is up to date. Also check the add/remove programs section. Some dodgy toolbars can be installed in there and can also cause viri to come back.

  126. Richard says

    I have been running Photoshop CS3 Es\xtended. When I try to enter Bridge a panel comes up from Adobe asking me to install something called Acrobat Connect. There is no delete “X” button. When I try to see the demo or even buy the damn thing I’m told that my DSL connection is faulty and that I should remove my firewalll and give other information. I have tried Adobe with no help. I suspect a phishing expedition.

    Got any thoughts of how to get rid of this thing?

  127. Cedric says

    Hi

    I have a pesky virus that i cannot seem to get rid of. I cannot login any of my regular websites such as facebook, yahoo, zoosk, or any website that requires a login. I thought I had a Confick virus but have not been able to detect it with any antivirus program. I have multiple antivirus programs such as avast, avg, avaira, sophos, malwarebytes, super antispyware and the MRT. I have had a few detections but nothing they cannot seem to find anything. I am in the process of running the same applications in safe mode but so far no luck. I checked the host file and it was fine. I used Advanced system care 5 and it found a bunch of unneccessary H Key files in the registry but I still cannot log into anything. Can u help my please?

    • Matthew says

      Have you tried running the latest Windows updates and also checked for updates on your browser, including java updates etc… It could be that you are running an older browser that is just not compatible anymore with the latest websites.

  128. ray says

    so i hope your still around, trend micro dosent work at all but deffinatley wont work on safe mode, whats a good free for the moment virus scan i can get?

  129. Lance says

    i have the FBI moneypak infection.
    it did a number. where i am unable to log into safe mode- reponse is incorrect username. safe mode with networking- opens and shuts dwon.
    regular login freezes the screen with the moneypak.

    i think i have run out of options.

  130. Antonio says

    Hi there, I switched on my Desktop & laptop this morning & wanted to open up a word document & it gave me a pop up message “There is not enough memory or disk space to complete the operation” however the document does open but the spacing in the words on the document are all different & it’s not in an recognized font. This even happens when I open outlook on my mail. When I do an AVG scan it’s stuck on 0%. My laptop is shared to my Desktop, & when I unshared it my laptop now is experiencing the problem. I am running windows 7. I am not tecnically savvy but would really appreciate any help please.

  131. Britto says

    What should I do if I don’t have a virus scanning thing?Which to download?
    I can get to the safe mode.But don’t have the virus scanner.

  132. says

    Hi
    Please help!
    I can not get ride of the bad image virous, even through safe mode and by scanning with malwarebytes. Dont really want to strip computer but I may have too! Any suggestions

    Thanks Ian

  133. scott says

    i have an older laptop i fired up today. i was attempting to update the old bastard when windows updater kicked in. once that was done, (it was running fine before the updates) now the screen slowly dissapears then returns, and i can see it slightly flashing, like somethings eatting it. the programs on it are interupted, even my virus scanner (i use the microsoft security esential because i cant afford the million dollar ones everyone tells me to get)…at this point, im ready to toss it as its several years old and just get a new laptop. ….scott

  134. Sandy says

    Hey i have somehow picked up a virus (well my mum has) everytime i open a web page another window opens i think its movie toolbar or something.

    Anyway i downloaded spybot and adaware, after running both and finding 666 errors (only writing this i wonder if thats deliberately that number. Anyway i ran spybot and removed the problems then when i reboot my system it goes to the log in screen. Makes a loud recurring beeping like a machine gun but a computer bleeping noise and the mouse wont move and i cant even use the “tab” key to type inn my password. I can go into
    safemode which i did and done a system restore which removes spybot and adaware and the computer works again although the virus’ are still there! What do you suggest??

    Thank you
    Sandy

Trackbacks

  1. [...] definitions. For help in running a basic virus scan check out our Virus Removal Tutorial and Virus Removal in Safe Mode tutorials which will help you do a basic scan. Sometimes this might be enough to remove Virtumonde [...]

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>