Article Number: 000129494
Dell’s standard practice is to recommend a clean install of the Operating System, once Malware or viruses have been detected. This resolves an infection issue 100% of the time.
Under a ProSupport warranty, our Technical support should always investigate and identify the infection has taken place. They should attempt to get the computer to a usable state. So that they can run anti-virus scans or determine if a clean reinstall should take place due to the level of infection on the computer.
Malware, or malicious software, has become a catch-all term for several different types of infections. Some install themselves and create a simulated infection, corruption, or hardware failure, tricking you into purchasing their product to resolve the issue. This type is known as hostage-ware, ransom-ware, or scare-ware. There are malware infections that redirect your browser to sites that the creator has chosen. Alternatively, they redirect to a website that they are compensated for, based on the number of hits the site receives. Sometimes these infections can hide your entire root drive and all your subdirectories. Sometimes they capture your personal information and communicate back to the creator of the infection.
A virus, which has become a subset of malware, is a program that replicates and attaches itself to services or specific applications. Many malware payloads contain a virus file, such as a Trojan or a Worm, to help root the infection. Viruses were once an exclusive type of infection, but now they have been combined into infection packages of malware. Many malware packages incorporate rootkits to embed themselves into the kernel level of the operating system, making them stealthy and more difficult to remove.
Many items are often mistaken for computer infection. These can include tracking cookies, search hooks, or browser helper objects (BHOs). Although the presence of these can indicate infection, there must be an accompanying loader (.exe) file or kernel mode driver to present to confirm infection.
Although today’s malware can contain multiple payloads, here are some of the most common signs of infection:
Here are some steps to perform to confirm infection:
Ask the question: Are there any pop-ups, redirects, or messages that have been experienced on the desktop or from the system tray?
Has a recent virus or malware scan been run? If the anti-virus or malware removal tools do not run, then this is a positive sign that the computer may be infected.
If the Internet or computer is inoperative due to infection, boot to Safe Mode with Networking. (using LAN only.) You can use the Process Explorer and Autoruns programs to test with. Most malware infections show themselves easily in these tools if they Run as Administrator in Windows. (Windows XP is always in kernel-mode in an administrator profile.)
Process Explorer example:
Figure 1: Process Explorer
Autoruns Example of malware infection
Figure 2: Autoruns
These programs or any other malware removal tools do not open, if the shell extension for .exe is blocked in the registry. Right-click the .exe file and rename the extension to .com. Attempt to run the tool. If it still does not open, boot to Safe Mode and attempt to run the tool again.
If you have an active anti-virus subscription, you can attempt to remove the block on the anti-virus. Clearing any malicious entries in Autoruns and rebooting may allow .exe files to run again and you can update and scan with your anti-virus. Sometimes a kernel mode driver is installed in Device Manager to block the anti-virus software. It usually shows under Plug and Play Devices, and you must set Device Manager to Show Hidden Devices.
If positive malware identification is made, you can use one of the options below. Remember if it does not work, we can take you through a clean operating system reinstall to resolve the issue.
Sometimes running a scanner is enough to remove most malware infections. You have most likely got an anti-virus program active on your computer, you should use another scanner for this check.
If your current anti-virus software did not stop the infection, you cannot expect it to find the problem now. We would recommend trying a new program.
There are two main types of anti-virus.
They constantly watch for malware.
They search for malware infections when you open the program manually and run a scan.
The best course of action is to use an on-demand scanner first and then follow up with a full scan by your real-time anti-virus program. There are several free and effective on-demand scanners available. You can find a list of the most common ones in the last section of this article.
Disconnect your computer from the Internet and do not use it until you are ready to remove the malware.
Think of it like cutting off all communications or putting a patient into a suspended state.
Boot your computer into Safe Mode. Only the minimum required programs and services are loaded in this option. If any malware is set to startup when Windows starts, booting in safe mode should prevent it.
To boot into Windows Safe Mode, follow whichever guide below matches your Operating System. This should bring up the Advanced Boot Options menu. Select Safe Mode with Networking and press the Enter key.
Your computer may run faster in Safe Mode. If it does, it could be a sign that your computer has a malware infection. It could also mean that you have a lot of legitimate programs that start up with Windows.
Delete your temporary files before starting any other steps. Doing this could speed up the virus scanning, but it clears the downloaded virus files and lessen the amount that the scanners have to check. You can do this through the Disk Cleanup utility or from the Internet options menu.
The following link takes you to an article with general steps to take you through a removal of the most often encountered Malware types:
This guide uses Malwarebytes. I am using this piece of software as it is the software I am most used to and is freely available. You can find another program to do the same job if you prefer in Section 9 below. If you are following this guide, then go to their Support Site and install the Malwarebytes program. You must reconnect to the Internet for this. However, once the download is complete, disconnect from the Internet again. If you cannot access the Internet, or you cannot download Malwarebytes on your computer. You can download it on another computer and save it to a USB flash drive or CD/DVD and transfer it to the infected computer.
Run the setup and follow the on-screen InstallShield wizard. Malwarebytes checks for updates and then launches the user interface (UI).
Keep the default scan option 'Perform quick scan' and click the Scan button.
Figure 3: Malwarebytes Scan
This program offers a full-scan option, however it is recommended that you perform the quick scan first. Depending on your computers specifications, the quick scan can take anywhere from 5 to 20 minutes. However, the full scan could take up to 60 minutes or more. You can see how many files or objects the software has already scanned. It shows how many of the files it has identified either as being malware or infected by malware.
If Malwarebytes disappears after it begins scanning and does not reopen, then the infection could be more serious and stopping the scanner from running. There are ways around this if you know the type of infection. However, you might be better off reinstalling Windows after backing up your files. It could be quicker, easier, and is guaranteed to resolve the infection.
If Malwarebytes' quick scan comes up empty, it displays a text file with the scan results. If you still think that your computer may have acquired some malware, consider running a full scan with Malwarebytes. You can use other scanners - such as one of the others above. If Malwarebytes finds the infection, it shows a warning box. To view the suspect files, click the Scan Results button. It should automatically select the ones that are dangerous for removal. If you want to remove other detected items, select them as well. Click the Remove Selected button to get rid of the selected files.
Figure 4: Malwarebytes Removal
After removing the infections, Malwarebytes will open a log file listing the scan and removal results. Check to confirm that the anti-virus program successfully removed each item. Malwarebytes may also prompt you to restart your computer in order to complete the removal process, which you should do.
Do your problems persist even after you have run the quick scan and it has found and removed unwanted files? Follow the advice above and run a full scan with Malwarebytes or with the other scanners mentioned earlier. If the malware appears to be gone, run a full scan with your real-time anti-virus program to confirm that result.
If you cannot seem to remove the malware or if Windows is not working properly, you may have to reinstall Windows. See the appropriate link below for a guide to suit your particular situation.
Once an infection is identified, you have to decide on your next step.
There are several options for resolution:
We can offer a Dell Solution Station for a technician to do the work for you, but this is a 'pay at point of need' service.
We can always reinstall the operating system as well.
If the infection is obvious, and can be located quickly then you may be able to attempt a removal.
If you can get online or use another computer with Internet, then you check out the following article and tools for more information:
|Anti-Threat Toolkit (/W32)
|Anti-Threat Toolkit (/W64)
|Fake AV-Removal Tool user interface (/W32)
|Fake AV-Removal Took user interface (/W64)
|Fake AV-Removal Tool CLI (/W32)
|Fake AV-Removal Took CLI (/W64)
|Rootkit Buster (/W32)
|Rootkit Buster (/W64)
To minimize the risk of a repeat infection, pay attention to the steps below:
Keep your operating system and applications updated with the latest security patches. On Windows Update, these would be the updates that are marked as critical and security.
When you are reading your email, do not open messages or attachments that are sent from unknown senders. If you are unsure, it is better to delete it than to expose your computer to reinfection.
Ensure that you have a real-time anti-virus program running on your computer and see that it stays updated. If you do not want to spend money on a paid service, then you can install one of the free programs that are available.
Scan any removable media before they are used. (This includes, floppies, CDs, DVDs, Flash USBs, and External hard drives.)
Do not download unknown software from the web. The chance of infection from an unknown source is too high a risk.
Scan all incoming email attachments or any other file that decide to download - before you use it.
Do not open files that you receive by email or chat with the following extensions. .exe, .pif, .com, and .src.
In addition to installing traditional anti-virus software, see our Security and anti-virus support page for more information.
Always double check any online accounts such as online banking, webmail, email, and social networking sites. Look for suspicious activity and change your passwords, you cannot tell what info the malware might have passed on.
If you have an automatic backup for your files, run virus scans on those backups. Confirm that it did not backup the infection as well. If virus scans are not possible such as online backups, most people decide to delete their old backups and save new versions.
Keep your software current. Ensure that you update then frequently. If you receive any messages about this and are not sure of their validity, then always contact the company in questions support to clarify it.
Desktops & All-in-Ones, Laptops, Inspiron, Latitude, Vostro, XPS, Tablets, Latitude Tablets, Surface, Venue, XPS Tablets, Fixed Workstations
17 Nov 2023