How to Manually Remove Viruses
A virus can damage a computer's operating system in ways that prevent the automated removal of the virus using software. Sometimes there is no option other than to manually remove the virus, deleting all the files that the virus installed. This is usually done in the operating system's "Safe Mode." To remove a virus, you must first identify all files that are associated with the virus. Identifying virus-infected files and removing them can often be done in Windows without downloading additional software.
Identify the virus that your computer is infected with, and all files that the virus has installed. Sometimes an anti-virus program will be able to identify a virus for you, but not remove it. Use the Microsoft Malicious Software Removal Tool to identify the virus if possible. If the virus has prevented you from opening an anti-virus program, press "Ctrl," "Alt" and "Delete" at the same time. This will open the Task Manager, where you can see a list of running processes. Check each process for legitimacy by using a search on Microsoft Support website. Do a search on the Bleeping Computer website to see if the specific virus that your computer has contains any associated files (see References) or registry keys.
Click "Run" from the Windows Start Menu. Type "Msconfig" into the run box and press "Enter." This will open the Microsoft Configuration box where you will be able to click the "Start-up" tab. From here, de-select the virus from the list of start-up programs and click "Save settings." This prevents the virus from starting up when your computer starts.
Turn your computer off and back on, pressing the "F8" key immediately after the power button. This will start your computer in Safe Mode. Open the Start menu and click "Search." On the left side of the search box, select the options to search for hidden files and system files. Type in the name of the virus and click "Search."
Delete each file and repeat using all file names associated with the virus. Restart your computer, and run an anti-virus program to delete any possible remnants of the virus or other viruses. Also delete all registry keys associated with the virus, if any exist. To delete a registry key, enter "regedit" into the "Run" box from your start menu. Browse the corresponding folder on the left menu of the registry to delete specific keys.
Tips & Warnings
- Do not install any programs that you are not familiar with, as many look helpful but are indeed viruses. If you are unsure whether a program contains viruses, search for reviews of the program online. Also, look at the official website of the program's manufacturer. If the website does not look like a legitimate company, or is missing detailed company information, the program may be a virus
- Sometimes viruses will carry names that sound legitimate. Searching for the file process name online will help differentiate between viruses and legitimate programs, but is not always foolproof. If a virus has a legitimate program name, checking the number of processes that it's using can help determine its authenticity.
References & Resources
- Microsoft: Remove a computer virus
- Microsoft: How do I remove a computer virus?
- Microsoft: To start the computer in safe mode
- Bleeping Computer: The Computer Glossary
- Microsoft: Malicious Software Removal Tool
- Microsoft: How can I help protect my computer from viruses?
- Microsoft Support: Fix a Technical Problem