Computing for non-geeks

How to clean an infected computer

There are three ways to fix an infected computer. You can return the computer to a previous uninfected state, reinstall Windows from scratch or try to delete the malware.

Use System Restore

This is usually the first thing I try on an infected computer. Windows regularly makes copies of critical system files in case something goes wrong. You can use System Restore to take your computer to back to a time before the infection. This does not always work as some viruses disable this feature. Also if you had previous infections, you will be restoring the computer to an infected state.

Reinstall Windows

This option is relatively quick and guarantees that all malware will be eliminated. However it also wipes all of your data so backup first. If you cannot boot the computer normally, try Safe Mode to backup your files before reinstalling.

This approach also removes all the programs and security updates you installed so you will have to do some work to get everything back to the way you want it. You will either need your recovery disk or use the recovery system installed on your computer, see your manual for instructions. Note that the Repair Windows option does not remove malware, you need to format and Reinstall.

If you bought a XP computer or installation disk before 2005, it may not have Service Pack 2 (SP2) built in. XP Computers without SP2 (and Windows versions older than XP) do not have a firewall and other essential security features and will be infected within minutes when connected to the internet. Once you have reinstalled Windows, you need to install a software or hardware firewall before connecting to the Internet, see the software section for free firewalls or buy your favorite security suite.

Turn automatic updates on, connect to the Internet and let the computer run overnight to download security updates including SP2 if needed. Note that Microsoft no longer provides security updates for Windows 95, 98 and ME, I suggest you dump these unstable virus magnets and install Linux instead.

Remove viruses/spyware

This approach preserves your data but don't take chances, backup first. Your programs and preferences will usually be unaffected but you may have to re-install security applications.

If you have a simple infection you can remove it in a couple hours using antivirus and antispyware programs. It is best to run them in Safe Mode if possible.

You may find that no single program removes all infections so you will need to use several. However you should not have more than one antivirus program installed as the system may become unstable or freeze up, uninstall one before installing another. You can however have multiple antispyware programs installed.

Another option is to use online scanners, this way you do not have to uninstall one program before using another. If you know the name of the virus that has infected your computer, you may be able to get free tools to remove that specific virus from some antivirus companies. See the free software section for some suggested programs.

Some infections simply cannot be removed using standard antivirus programs. The infections may even prevent you from installing security programs or accessing online scanners. In that case you either have to reformat your drive and reinstall Windows or get professional help. It takes hours, sometimes even days to track down stubborn infections and repair damaged files using multiple tools so this option is not cheap.