I probably get asked this question at least once or twice a week. Users have a tendency to load a virus or spyware on their computer even when they are running an antivirus like Norton Antivirus or Nod32. There are lots of programs users will download that carry more than they have bargained for. I always tell users to read the terms carefully before installing something cause more than likely there is usually something bundled along with it. This usually applies to “free” software given out. They are not going to develop something to give away completely free without monetizing. Some people do but that is usually not the case.
So remember, before you click accept to anything make sure you read what you are accepting. This is probably the largest way toolbars and a whole host of other things get installed from computer to computer. The next biggest thing I have seen which causes these viruses to spread like wildfire is popups. You have probably experienced many popups before. Many may be legitimate but you will surely encounter ones that want to do harm to your computer. When you see these types of popups don’t get scared. Most of them are created to scare and intimidate you into performing an action like scanning your computer for a virus. These people have gotten smart and may pop your browser window into full screen mode and act like it is scanning your computer or checking it for errors. This program will tell you it has found many viruses or errors on your computer and give you a nice big button to press for you to clean it. No matter how many times I have told users not to click on this button they usually ignore my advice and click on it. Clicking on this button will usually initiate a download for you to install and infect your computer.
So now that we have gone over the things you should never do to get a virus on your computer let’s go over what you should do if your computer is already infected with something. Chances are your virus scanner did not pick it up. I have seen many rootkits get past a few on access scanners. This does happen. When this happens you need a different tool to get rid of the virus or spyware on your computer. One of my go to tools for this is called ComboFix. I will give my warning here. If your computer is royally screwed an ComboFix happens to delete the files that were infected that happened to be your windows files you may experience some boot issues. This is rare but you have been warned. If you are more comfortable having a professional help you at this point by all means get them on the phone. After you have downloaded Combofix go ahead and right click on it and run it as administrator. This will only apply if you are running Windows 7 and above. Combofix will automatically download Microsoft’s recovery console. Also, please make sure you disable your antivirus before you run a scan with Combofix. There could be a conflict between the two pieces of software and you do not want that.
When you have initiated Combofix you can expect to wait about 5 minutes plus for it to do its job. If it has detected a rootkit on your computer it will automatically reboot your machine and continue deleting the infected files when it boots. This is because the files are typically in use and need to be unlocked to get rid of them. Combofix will let you know when it finishes and output a log file usually in the root of your C:\. You can look over this log file if you want and it will tell you the files it has deleted. Some of the information in here may look foreign to you.
Once you have gotten your computer all cleaned up you can run something like Microsoft Security Essentials along side your antivirus. But please if you have to re-read this over and over again until you get these practices down. If you do the things outlined in this post you will virtually eradicate these from your computer for good!