Free virus infection recovery software (Guest Post)
Free virus infection recovery software
OK, so your system got infected. I’m not here to say “I told you so”, or slap your wrist for possibly doing something, well stupid like not running or updating your AV program. That’s a bit too late. The fact of the matter is your machine is hurting. Somehow, something got hold of it and won’t let go. Before I dive into the programs, you need to estimate just how bad off your machine is. Sometimes you can use Windows and your current AV program to heal your system. Other times, major surgery is involved. Worst case scenario is, well as Bones McCoy would say, “It’s dead Jim!” Most of the time some sweat (worry sweat, not work sweat) and some hours worth of time are all that’s required to get your system back into it’s happy mode. These are basically the questions you need to ask before cleaning:
- Does the machine boot up without outside intervention?
- Does the machine only start in safe mode?
- Does the system go all the way into Windows, but won’t let you run any AV products?
- Does the machine get all the way into Windows, then is held hostage by some malicious software package?
Well if your issue is number one, you are in pretty good shape. The operating system should pretty much be salvageable. Likewise with number two. If we can get to Windows, we can do some salvage work. With three as well, we can possibly get things back in order without too much sweat. If you are unlucky enough to be hit by number four, the cleanup for that is far beyond the scope of this blog. With any of the other above scenarios, you’ll have to think back to when (on what date) did you first notice this behavior. The Windows ‘trick’ is actually a built in function of Windows since Windows XP came ’round. This function is known as System Restore. During AV updates, Service Pack installs, and sometime software installs as well, if enabled, Windows will create what’s called a ‘Restore Point’. That’s a point in the system’s life where you can roll back the registers to before that package was installed. This was done so that a bad install could possibly be backed out of in haste if it all went downhill.
To check your computer’s System Restore status:
- Windows XP
- Right click on “My Computer”, click on “Properties”, then click on the tab labeled “System Restore”. When that window opens, make sure the check box labeled “Turn off System Restore” is NOT checked. Highly counter intuitive…
- Windows Vista
- Right click on “My Computer”, click on “Properties”, then click on “System protection” on the left hand side. When the next window opens, click on the tab labeled “System Protection”. The system restore drive settings will be displayed in the middle of that pane.
- Windows 7
- Right click on “My Computer”, click on “Properties”, then click on “System protection” on the left hand side. When the next window opens, click on the tab labeled “System Protection”. The protection settings will be displayed in the middle of that pane.
Well as you’re probably guessing, we can use this feature to restore our infected system to the time before you first noticed the infection. This is why I had told you just before to try to remember the date you first noticed the symptoms. If you know you received an email or installed a program on the same date, check for the email date or program folder’s date for a clue. Then all we have to do initially is restore the system to the date or time BEFORE then and see what happens. This method isn’t 100% foolproof, because some malicious code actually prevents you from restoring your system. (correcting that behavior is beyond the scope of this blog post) Unfortunately, the place to restore isn’t always in the same place where you check to see if it’s active.
To use System Restore to restore to an earlier date:
- Windows XP
- Click the “Start” button, “All Programs”, then “Accessories”, next “System Tools”, then finally “System Restore”.
- Windows Vista
- Follow the same procedures as above in Windows Vista status. The menu option is in the same location as shown on the XP menu page just above here. You could also drill down through similar menus, but I believe the above method is easier.
- Windows 7
- Follow the same procedures as above in Windows 7 status. The menu option is in the same location as shown on the XP menu page just above here. You could also drill down through similar menus, but I believe the above method is easier.
When you restore the system, only installed programs are backed out, your data remains intact on the system. Windows 7 is able to tell you what programs will be affected after backing out. Windows XP won’t. That’s the beauty of this. You back out that install of the virus. Now be wary, it’s still resident on the hard drive. (even possibly in the system restore area if a restore point was made when the virus was downloaded) Now before you go out and install something else, CLEAN YOUR SYSTEM! Your AV software may actually run now that the virus is hibernating. Start it. If you cannot get it to run, download and install it again. It’s at this point I give the bad guys the 1-2 punch. Run 2 independent on demand scanning programs back to back. My go to programs are Vipre Rescue by ThreatTrack Security and directly after that MalwareBytes by MalwareBytes. Vipre Rescue is like it states, a rescue program. It runs in a DOS window, so even if your OS won’t boot, just use the installation media to boot to the command prompt and let this wonderful piece of software go to town. As the window scrolls, anything it finds offensive will be displayed in bold red on black colors. It usually takes a couple of hours to completely scan an average hard drive. Depending on the level of infection, it may ask to run once again after the reboot. If it asks, LET IT! Next, hopefully, you can get the OS back up again. That’s when I install and run MalwareBytes. This is a Windows program. Upon first install allow it to update, then immediately run a deep scan as well. This too may take a similar amount of time as VipreRescue had, and also it may ask for a rerun after reboot. LET IT!
If your Windows is back at this point, you’re in really great shape. Make sure your antivirus program is 100% functional and updated. Have it run a scan as well. It can’t hurt and you can actually use the machine while this scan is running. One final step to insure your system is as near to pristine as possible, run the following command from the “Run” window:
sfc /scannow. SFC is ‘Windows speak’ for System File Checker. The scannow switch is hopefully painfully obvious. This utility will check the installed system files against the known good versions and refresh any that have been damaged by infection or that are missing. Once all this has been completed, I would reboot. It’s not required, but it will clear any memory and start from scratch. Besides, it’s impressive to see how much faster the computer loads. That brings a smile to my face each time I complete a cleanup. At this point, since you are (hopefully) convinced the computer is virtually virus free, BACK IT UP! If after all of this work your hard drive decides to give up the ghost, at least you won’t lose all you just fought to salvage.
See the below list for some free virus infection recovery products available to you:
- Emsisoft Anti-Malware
- When you click the above link, click on the blue ‘download’ button to download. From the Emsisoft website, ‘By default Emsisoft Anti-Malware installs as a free fully functional 30 day trial version. After the trial period you can either choose to buy a full version license or switch to the limited freeware mode. The freeware mode still allows you to scan and clean infections, but it doesn’t provide any real-time protection to guard against new infections’.
- Kaspersky Virus Removal Tool
- When you click the above link, click on the green ‘download’ button to download the free version in your preferred language.
- Malwarebytes Anti-Malware 2.0
- When you click the above link, click on the orange button on the left (free version download) to download the free version. Immediately run the program and allow it to update and download the latest definition file.
- Super Anti Spyware free
- When you click the above link, click on the red button on the top left (free edition download) to download the free version.
- Vipre Rescue
- When you click the above link, click on one of the green buttons (download now) to download the free version. It’s a self extracting .zip file. It will run in DOS mode or in a DOS window. You may also wish to open the instructions (blue button) from the same download page.
The above list was compiled from the best free options available during testing by an independent lab sponsored by PC Magazine.com at http://www.pcmag.com/article2/0,2817,2388652,00.asp (April 23, 2014).
Unlike residential antivirus products, those on the above list are run time applications. They are on-demand (“my butt is in trouble here!”) products. You call upon them when most other avenues are exhausted. Sometimes your AV product may miss something (or at least you think it may have), so you run one of these to be sure. Since they are free you have the ability to load each one down, run it then install and try the next. Try them all if it’s your whim. After all, they are free!
Have fun out there
About the author: Bob is a 17 year veteran in technical support for a metropolitan NYC hospital system. His responsibilities there include LAN, WAN and wireless communications, server as well as telephone support. In his professional career, he started out working with PC assembly and sales in the 80s when a 20 megabyte hard drive was the size of a lunchbox and cost as much as a present day laptop. 😉 He has programmed in MS BASIC, Visual BASIC, PERL, HTML and CSS.
Isaiah 54:17 - No weapon formed against you shall prosper, And every tongue which rises against you in judgment You shall condemn. This is the heritage of the servants of the Lord, And their righteousness is from Me,” Says the Lord.
Like and Share on:
(This post may contain affiliate links. See my disclosure policy here.)