The best way to know if the computer is infected with a rooted virus is to pay attention to symptoms. Usually, once Windows contacts a virus, misleading things happen, like unknown programs are opened when entering Internet Explorer (and sometimes, other browsers too), various pop-ups begin to appear on the screen without reason and so on. In most cases, the virus actually pretends to be an anti-virus and forces the user to purchase a full license, by lying that the whole system has been infected and only by paying, you can get rid of infections.
How to get rid of nasty Windows viruses
Paying is not an option, ever – at least when it comes to tactics like the ones described. Although the virus can sometimes restrict internet access and even the desktop itself, here is what can be done:
Repairing the internet connection
Enter the Windows Safe Mode with Networking by restarting the computer and pressing the F8 button until a beeping sound will be heard. Choose the desired choice using the keyboard arrows and press on Enter to select. When the desktop loads, press the Start/Windows button and navigate to Internet Options, found inside the famous Control Panel. Now click on the Connections tab and go to LAN Settings. Under the Proxy Server heading, see if the proxy server option is checked for the LAN connection. If so, click on the Advanced button and if the IP address listed there is the one of the local host (127.0.0.1) then you may be infected. Unchecking the proxy box will reactivate your internet connection.
Even more problems
Something else might have been broken, besides the internet connection. Usually, is the .EXE file association, and this has to be fixed with different methods, one for Windows XP, and one for Windows Vista or 7. The full steps can be found here. If all that has been listed above fails, you will be forced to remove the physical hard drive and connect it to a clean computer, and scan the external drive from there.
Tools that can cleanse the computer
There are several programs that can get the job done, but from our experience the best ones have always been:
MalwareBytes’ Antimalware BitDefender AVG Microsoft Security Essentials Norton Power Eraser
Choosing one from the list and use it on the infected PC should do the work, but we always recommended that even the scan itself should be done while in Safe Mode. To use one of them, simply download the program on the desktop, install it by leaving all options as default and then run a complete, not brief, scan. For the sake of the explanation, here’s how to do it with the powerful Norton Eraser:
After the program has been downloaded, double-click the NPE.exe file and accept the license agreement terms. Click the Scan for Risks icon in the main window. Because this software is so powerful, it requires that the computer is restarted, so please allow it when it asks for it. When the scan is finished, infections will be listed as Bad, with a Remove box near them. Check this box and click on the bottom-right Fix button (also make sure that the Create System Restore Point is created). The Unknown files should be further checked, by clicking their names. Click on Done when the removal has been completed. If asked to restart the PC once more, allow it.
Note: Please take in consideration that the above steps are not related to RootKit viruses, which is a severe category of infections. This method will have no effect on them and it will only work with viruses a bit more complicated than the usual breed. We will post a guide for RootKit infections as soon as possible.
