SEARCH

How-To Geek

Important: How To Scan and Remove Malicious Viruses

Every so often, we hear about a new and horrible virus spreading across the internet, infecting millions of Windows computers. Today we’ll show you the steps to remove those threats and (hopefully) prevent them from happening in the future.

Note: The latest horrible virus is set to hit on April 1st, 2009. It’s called Conficker, and we’ll explain how to make sure you are safe.

Whenever an outbreak happens, you should take the following steps:

  1. Run the Microsoft Windows Malicious Software Removal Tool.
  2. Run the McAfee Stinger Tool (optional)
  3. Make sure you are using Updated Anti-Virus Software.
  4. Make sure Windows Updates are turned on.
  5. Get Notified for Microsoft Security Alerts.

We aren’t talking about regular viruses… your anti-virus software can handle those. We’re talking about the terrible viruses that will crash your computer, steal your information, delete the pictures of your kids – and cause your computer to be remotely controlled by a spammer. Bad stuff, but they can usually be prevented.

Run the Microsoft Windows Malicious Software Removal Tool

The first step in detecting and removing horrible viruses and worms from your computer is to run Microsoft’s own Malicious Software Removal Tool – it’s not a replacement for anti-virus, but it’s the best way to get rid of some of the worst offenders, like the current Conficker worm.

To run the tool, you simply need to download the file from Microsoft and run it. There’s no installer required.

Malicious Software Removal 

If you were affected, the tool would remove the virus and alert you. Since we’re thankfully safe, we got the friendly message that no malicious software was detected. You can click the “View detailed results of the scan” to see more information.

No malicious software detected

By scrolling down in the list, you can find the current threat and make sure that you are not infected.

Scan results

The tool should be updated automatically through Windows Update, but you can always just download it directly as well. This is an important tool to keep around.

Download the Microsoft Windows Malicious Software Removal Tool from microsoft.com

Run the McAfee Stinger Tool (optional)

An alternative tool is the McAfee Stinger tool, which is a freeware tool that removes only the worst viruses from your computer. You can check to make sure that Stinger can remove the current virus problem by checking the List Viruses dialog… make sure you have the latest version of Stinger before you use it.

List of viruses Stinger can detect

Simply hit the Scan Now button to do a full scan of your computer, but be warned that this will take a long while.

McAfee Stinger

Once it’s done, you should get a report with the number of clean files.

Stinger Results

It’s a simple and rather ugly tool, but it does the job. It’s still not a replacement for real anti-virus though.

Download McAfee Avert Stinger from vil.nai.com

Make sure you are using Updated Anti-Virus Software

This is one of the most important steps in keeping yourself safe. You need to make sure that your anti-virus software is enabled and properly working! Here’s a quick list of what you should do:

  1. Make sure your virus definition updates are automatically updated.
  2. Make sure that real-time scanning is enabled.
  3. Run a full scan (optional but useful)

ClamWin Update

If you aren’t sure what anti-virus software to use and don’t have money to spend, you can try out AVG Free edition, or you can take a look at the big list of anti-virus software we tested with Windows 7.

Note: We don’t necessarily recommend ClamWin for regular users, because it has no real-time protection. It’s just what I have installed on this computer and I needed a screenshot.

Make sure Windows Updates are turned on

Now we arrive at the most important step: making sure that Windows is fully patched and Windows Updates is enabled. You can’t protect yourself against worms and hackers if you are running a woefully out-of-date version of Windows that isn’t patched. It just won’t work.

Open up Windows Updates, make sure to click “Check for updates” and install every security patch they recommend. Then click the Change settings link…

image

And make sure you have it set to check for updates automatically, and installing updates automatically isn’t a bad option. Just remember, if you are running an un-patched system, you are leaving yourself open for all sorts of bad things.

image

Note: Please pardon the alarmist nature of this point, but patching is the #1 key to keeping safe against internet worms.

Get Notified for Microsoft Security Alerts

If you really want to make sure you are secure, you can sign up for alerts from Microsoft whenever there is an important patch that needs to be installed. You can also check the current security bulletins at any time by visiting their security bulletin home page.

Subscribe to Microsoft Security Alerts by Email or RSS

Latest Microsoft Security Bulletin Home Page

How Do I Make Sure the Patch is Installed?

So now we get right down to it… how do you know if you are vulnerable to one of the security holes? As an example, we’ll look at the security hole that leaves you vulnerable to the Conficker worm: Vulnerability in Server Service Could Allow Remote Code Execution. If you look through the list of downloads, you’ll see the particular patch for your system.

If Windows update says that you are up to date, you can check for a particular patch by clicking on “View update history” on the left-hand side.

Windows Update

This will take you to a long list of every update that has been installed. Look through the list, and you should see the update mentioned in the security bulletin… for me, it was KB958644 for x64-based systems, since I’m running 64-bit Vista.

View Update History

At the very least it’s a relief to know that you aren’t vulnerable… to the current worm, at least.

Conclusion

These steps are essential in protecting your computer from hackers, worms, and viruses, but they aren’t the only important keys to safety. You should still remain vigilant and use common sense: don’t download files from untrusted sources, use a firewall, and make sure your email provider scans for viruses before you open attachments.

Lowell Heddings, better known online as the How-To Geek, spends all his free time bringing you fresh geekery on a daily basis. You can follow him on if you'd like.

  • Published 03/30/09

Comments (25)

  1. NoNameFace

    People should be reading the Kaspersky Threat Center so they’re not so freaked out about Confiker outbreak. A little knowledge goes a long way! http://threatpost.com

  2. Mister.Epiphany~

    I personally find it hilarious that conficker only attacks Windows 2000 – Seven. Ah this April Fools day virus makes me feel glad that I use Linux distros and Mac instead.

  3. Michael Bodine

    Succinct, to the point, excellent. Expect an extra thousand or so hits on your site today, as i’m forwarding the link for this article to our community email list! ;-)

  4. jonhill987

    Good article, hopefully that will reduce the number of “my computer has a virus” posts in forums across the internet.

    Also, never underestimate the power of a re-install of windows once in a while.

  5. Chuck

    Couple of extra steps I would recommend..

    1. Disable system restore
    2. Do as much scanning as possible in safe mode

    Cheers!

    Chuck

  6. Ethrel

    Ugh. Thanks for this. Hopefully it’ll help quell at least a portion of the moronic panic that seems to have been sweeping through the virtual communities regarding this latest Conficker worm threat.

    And keep up the good work guys! Friday Fun FTW! :)

  7. James

    Hi,

    Good article. Sophos’ Conficker removal tool can detect and remove all variants of the worm/virus.

    As long as people run these tools it should stop any serious outbreak.

    James

  8. sul2005tan

    good tutorial thank you very much geek

  9. David

    I would say it’s a good article but you forget to mention how to run the Microsoft Windows Malicious Software Removal Tool.

  10. Cindy

    Great information, but I agree with David, you forgot to mention how to run the Microsoft Windows Malicious Software Removal Tool.

  11. The Geek

    @David/Cindy:

    Thanks for noting that – you actually only need to download it and run it from Microsoft’s site. When a new version comes out, Windows update usually prompts you, but you can run it on demand by simply using the downloaded file.

  12. Andrew

    Does this run automatically with windows defender? I have already run the update and recieved the file do I also need to download the exe?

  13. Michael Bodine

    Well… today i got my FIRST-EVER virus infection, and wouldn’t you know, Symantec (latest virus definitions) and Microsoft’s Malicious Software Removal Tool, both reported no infection with a full scan. I had it bad (invoked via iehelper.dll, so i couldn’t run IE, as well as other registry and dll installations) but my co-worker found http://www.malwarebytes.org and their Malwarebyte’s AntiMalware program, and it found 16 different infections sites on my desktop machine. I got this virus simply by opening a local, normally trustworthy web page, and it hit me despite a corporate firewall, Symantec AV, and Windows Defender! The key point is, don’t trust the results of a scan from a single tool, especially if you think you are infected. (And the caveat – only run one tool at a time, so they don’t step on one another’s feet!) I was going to run Avast! next, but it looks like the Malwarebyte tool has cleaned it up. Whew!

  14. Chase

    I’d say it’s generally good info, but certainly not for Conficker.

    Conficker.c will disable antivirus, microsoft’s malicious remover, Microsoft security center and has the ability to not allow safe startup.

    Ethrel You can think it’s a bit moronic, but at least do recognize the situation. Once you have any malware on your system I’d support nothing less than a full reimaging.

    http://mtc.sri.com/Conficker/addendumC/

  15. thesun

    with this virus going off tomorrow, does this mean we should stop using p2p like torrents?

  16. francis

    hi mister geek, what happen after finished, april 1, or tommorow? is steel running the virus, or only this day?what happen to those users afecting on this virus? no chance to recover there password?

  17. Ethrel

    @Chase: I can agree fully with that statement. Especially when dealing with the big nasties.

    The simple fact is that PC never seems to run the same after even the most thorough cleaning following a malware infection. Keep a semi-recent clean image handy, and when something pops up, re-image.

    @thesun: Until the AV guys get a new patch (if a new patch is required), that would probably be a good idea. Lay low, let it blow over, and then emerge clean and happy.

  18. venkat

    What you mentioned is right ,every users PC should be updated with latest updates from Microsoft and mean while their anti-virus and antispywares they are using should be updated.Its all upto pc users to aware about the latest security news.

  19. salvador

    tnx alot!!!! important inforation..

  20. Lenore

    please help how do i get rid of the blocked malicious that pops up when ever i go into any program

  21. ruudster101

    I have a good tip to get Microsoft Windows Malicious Software Removal Tool…
    that means on my vista home premium it works….simply type mrt in the start searchbox or in runbox
    et voila there it is…

  22. Nagiftitadway

    Credit you looking for details. It helped me in my assignment

  23. terry goucher

    I have just been alerted that i have trojans malishious viruses @ worms on my laptop & it has blocked me from downloading anything to remove it,also it wont let me run anything! it tells me that its stealing my credit card details! but wants me to enter them to remove these. can any one please help?

  24. gloria

    Help! My computer (e-machines, Vista 32-bit) got infected and I have been running scans for about 2 wks now and it seems to be getting worse :( I have removed the Trojans viruses and other junk detected with several recommended free downloads from this website such as: Microsoft Removal Tool, Norton Internet Security 2010, Anti-spyware, Malwarebytes Anti-Malware, CCleaner and currently, I am running a full scan with Spyware Terminator. All of these programs have detected and removed critical items etc. but after computer restarts, I have tons of saved documents opening up and I am able to close them but with difficulty. Does anyone have any suggestions on what else I can do to get my PC back to normal? Any other tools I should be using?

  25. john

    thanks this was very helpful. many many thanks john

Enter Your Email Here to Get Access for Free:

Go check your email!