Learn about the technologies behind the Internet with The TCP/IP Guide!|
NOTE: Using robot software to mass-download the site degrades the server and is prohibited. See here for more.
Find The PC Guide helpful? Please consider a donation to The PC Guide Tip Jar. Visa/MC/Paypal accepted.
|View over 750 of my fine art photos any time for free at DesktopScenes.com!|
Virus Removal and Recovery
Despite your best efforts, you may at some point catch a virus on your PC. When this happens, you of course want to get rid of the virus immediately, and restore your system to its pre-infected state. Removing a virus from your system can be incredibly simple, or surprisingly difficult, depending on what the virus is, what sort of antivirus software you are using, and how quickly you have caught the problem. There is also the problem of dealing with any potential data loss that may have resulted from the virus's handiwork.
Most virus scanners that use virus definition files also include software that will remove many viruses and repair the damage that they have caused. However, in many cases a scanner will detect a virus, but will be unable to remove it from the system. This can leave you, the one with the virus, feeling somewhat helpless. It would be better if scanners could remove all viruses that they could find, but this isn't always possible. Some scanners will remove viruses that others cannot.
Remember that there is the possibility of false positives with all virus detection products. Make sure you really do have a virus before you attempt to remove it, or you may make matters worse. The first thing that I do when I find a virus on one of the PCs I maintain is to do a search on the net to find out more about it. This helps me to decide how to proceed when dealing with the virus, since if a special disinfector is needed, many people usually will be talking about it. It also helps me to decide if I have a real infection or a false positive--if many others have been finding a particular virus, there's a better chance that the infection is real. I usually first check on USEnet to see what the current scuttlebutt is about the virus I just found.
When a virus infects a boot sector, it is normally removed by rewriting the boot sector code that resides on the disk. Most virus scanners will do this for you. Another way to do it manually is to boot from a clean floppy (to make sure that the virus is not in memory) and then use the command "FDISK /MBR" to rewrite the boot sector code on the hard disk. However, this is not always the best solution, because in some cases the virus can cause damage that needs to be undone by a program that knows how to deal with it. "FDISK /MBR" will wipe out the virus, but not necessarily address any damage that it has created to the disk.
Warning: Be careful before
using FDISK /MBR, especially if you have any special setups on your hard disk, such as
non-DOS partitions, disk manager utilities or boot managers. These situations often
require special attention to ensure that the non-DOS information is not lost.
Most commercial antivirus software today is very high quality, due largely to competition amongst the various large firms for this lucrative market. It is best to follow the instructions given by the antivirus program when you find that you are infected, and use the technical support line that it comes with, if you need it. Usually this will yield the best results. You may also find more useful information in the comp.virus FAQ page, or Symantec's Antivirus Research Center.
For files infected with viruses, there are usually one of three results:
Tip: After disinfecting a
virus, reboot your PC and run a routine scan again to make sure that all traces of the
virus have truly been removed.