How to Identify and Repair Malware or Virus Infected Systems

Summary: This is an article that takes you through identifying and repairing a virus or malware infection on your PC. Dell strongly recommends you recover your system image on the PC instead.

Article Content



The following article provides information on working with Malware or Virus infected systems.

Table of Contents:

  1. What level of support is possible for Malware and Virus infection Issues?
  2. What is the difference between Malware and a virus?
  3. What are the most common symptoms of a Malware of Virus infection?
  4. Malware Detection/system usability steps
  5. General Removal Guide
  6. Scanning Software
  7. Removing the Infection
  8. Prevent Re-Infection
  9. Other Removal Options


What level of support is possible for Malware and Virus infection Issues?


Dell’s standard practice has historically been to recommend a clean install of the Operating System (OS), once Malware or a Virus has been detected. This will resolve an infection issue 100% of the time.

Under a ProSupport warranty our Technical support should always investigate and identify the infection has taken place. They should attempt to get the system to a usable state in order to run antivirus scans or determine if a clean reinstall should take place due to the level of infection on the system.

SLN292746_en_US__1icon Note: Granted, some infections are not serious and can be removed using the right tools. This information is provided for informational and educational purposes. Dell is not responsible for any loss of data from your system and you run these tools at your own choice and risk.

Back to Top


What is the difference between Malware and a virus?


Malware, or malicious software, has become a catch-all term for several different types of infections. Some will install themselves and create simulated infection, corruption, or hardware failure, therefore tricking you into purchasing their product to resolve the issue. This type is known as hostage-ware, ransom-ware or scare-ware. There are malware infections that simply redirect your browser to sites the creator has chosen or to a website that they are compensated for, based on the number of hits the site receives. Sometimes these infections can hide your entire root drive and all your subdirectories or capture your personal information and communicate back to the creator of the infection.

A virus, which has become a subset of malware, is an actual program that replicates and attaches itself to services or specific applications. Many malware payloads contain a virus file, such as a Trojan or a Worm, to help root the infection. Viruses were once an exclusive type of infection, but now they have been combined into infection packages of malware. Many malware packages incorporate rootkits to embed themselves into the kernel level of the OS, making them stealthy and more difficult to remove.

Many items are often mistaken for system infection. These can include tracking cookies, search hooks, or browser helper objects (BHOs). Although the presence of these can indicate infection, there must be an accompanying loader (EXE) file or kernel mode driver to present to confirm infection.

Back to Top


What are the most common symptoms of a Malware of Virus infection?


Although today’s malware can contain multiple payloads, here are some of the most common signs of infection:

  • Onscreen Warnings about system infection from a source other than your antivirus software
  • The browser redirects or a complete hijack of the browser
  • You can't open any EXE or Microsoft Installer (MSI) files
  • The inability to change wallpaper or any desktop settings
  • All entries under Start>Programs are empty and/or the C: drive is blank
  • The Antivirus icon disappears from the system tray or cannot be started
  • Random pop-ups show onscreen either in or out of the browser
  • Unusual icons, erroneous start menu, or Device Manager entries appear

Back to Top


Malware Detection/system usability steps


Here are some steps to perform to confirm infection :

  1. Ask the question. "Are there any pop ups, redirects, or messages that have been experienced on the desktop or from the system tray?"

  2. Has a recent virus or malware scan been run? If the antivirus or malware removal tools will not run, then this is a positive sign that the system may be infected.

  3. If the internet or system is inoperative due to infection, boot to Safe Mode with Networking. (using LAN only.) You can use the Process Explorer and Autoruns programs to test with. Most malware infections show themselves easily in these tools as long as they Run as Administrator in Windows Vista or Windows 7. Windows XP is always in kernel-mode in an administrator profile.

Process Explorer example :

SLN292746_en_US__2Process Explorer

Autoruns Example of malware infection


  1. These programs or any other malware removal tools will not open, if the shell extension for EXE’s is blocked in the registry. Right-click the .EXE file and rename the extension to .COM. Attempt to run the tool. If it still will not open, boot to Safe Mode and attempt to run the tool again.

  2. If you have an active antivirus subscription, you can attempt to remove the block on the antivirus. Un-checking any malicious entries in Autoruns and rebooting may allow EXE files to run again and you can update and scan with your antivirus. Sometimes a kernel mode driver is installed in Device Manager to block the antivirus software. It usually shows under Plug and Play Devices and you must set Device Manager to Show Hidden Devices.

If positive malware identification is made, you can make use of the options below at this point. Just remember if it doesn't work, we can take you through a clean OS reinstall to resolve the issue.

Back to Top


General Removal Guide


Disconnect your PC from the Internet and don't use it until you're ready to remove the malware.

Think of it like cutting off all communications or putting a patient into a suspended state.

Boot your PC into Safe Mode. Only the minimum required programs and services are loaded in this option. If any malware is set to startup when Windows starts, booting in safe mode should prevent it.

To boot into Windows Safe Mode, Please follow whichever guide below matches your Operating System (OS). This should bring up the Advanced Boot Options menu. Select Safe Mode with Networking and press the Enter key.

You will find that your PC runs faster in Safe Mode. If it does, it could be a sign that your system has a malware infection or it could mean that you have a lot of legitimate programs that normally start up with Windows.

Delete your temporary files before starting any other steps. Doing this could speed up the virus scanning, but it will clear the downloaded virus files and lessen the amount the scanners will have to check. You can do this through the Disk Cleanup utility or from the internet options menu.


Note: If you are using windows 10 and instead of seeing the safe mode screens, the system gives a prompt asking for the Windows 10 product code - please use the link below to troubleshoot Windows 10 Black Screens.

The following link takes you to an article with general steps to take you through a removal of the most often encountered Malware types:

Back to Top


Scanning Software


Sometimes running a scanner is enough to remove most malware infections. You've most likely got an antivirus program active on your PC, you should use another scanner for this check.

If your current antivirus software didn't stop the infection, you can't expect it to find the problem now now and we would recommend trying a new program.

SLN292746_en_US__1icon Note: No antivirus program can detect 100 percent of the millions of malware types and variants.

There are two main types of antivirus.

Real-time antivirus programs

They constantly watch for malware.

On-demand scanners

They search for malware infections when you open the program manually and run a scan.

SLN292746_en_US__1icon Note: You should only run one real-time antivirus program on your PC at the one time. However you can keep a few on-demand scanners stored to run scans with multiple programs.

The best course of action is to use an on-demand scanner first and then follow up with a full scan by your real-time antivirus program. There are several free and effective on-demand scanners available. You can find a list of the most common ones in the last section of this article.

Back to Top


Removing the Infection


In this guide I'm going to use Malwarebytes. I'm using this piece of software as it's the one I'm most used to and is freely available. You can find another program to do the same job if you prefer in Section 9 below. If you're following this guide then Download SLN292746_en_US__4iC_External_Link_BD_v1 the Malwarebytes program and install it. You will need to reconnect to the Internet for this. Once the download is complete, disconnect from the Internet again. If you can't access the Internet or you can't download Malwarebytes on your PC, then download it on another system and save it to a USB flash drive or CD/DVD and transfer it to the infected PC.

Run the setup and follow the onscreen installshield wizard. Malwarebytes will check for updates and then launch the user interface (UI).

SLN292746_en_US__1icon Note: If it reports the database being outdated, choose Yes to download the updates and then click OK when prompted that they have been successfully installed.

Keep the default scan option 'Perform quick scan' and click the Scan button.


This program offers a full-scan option, however its recommended that you perform the quick scan first. Depending on your PC specifications, the quick scan can take anywhere from 5 to 20 minutes, but the full scan could take up to 60 minutes or more. You can see how many files or objects the software has already scanned, and how many of those files it has identified either as being malware or as being infected by malware.

If Malwarebytes disappears after it begins scanning and won't reopen, then the infection could be more serious and stopping the scanner from running. There are ways around this if you know the type of infection, however you might be better off reinstalling Windows after backing up your files, as it could be quicker, easier and guaranteed to resolve the infection.

If Malwarebytes' quick scan comes up empty, it will display a text file with the scan results. If you still think that your system may have acquired some malware, consider running a full scan with Malwarebytes and you can try other scanners - such as one of the others above. If Malwarebytes finds the infections, it'll show a warning box. To see the suspect files click the Scan Results button. It should automatically select the ones that are dangerous for removal. If you want to remove other detected items, select them as well. Click on the Remove Selected button to get rid of the selected files.


After removing the infections, Malwarebytes will open a log file listing the scan and removal results. Check to confirm that the antivirus program successfully removed each item. Malwarebytes may also prompt you to restart your PC in order to complete the removal process, which you should do.

If your problems persist even after you've run the quick scan and it has found and removed unwanted files, then follow the advice above and run a full scan with Malwarebytes and the with the other scanners mentioned earlier. If the malware appears to be gone, run a full scan with your real-time antivirus program to confirm that result.

If you can't seem to remove the malware or if Windows isn't working properly, you may have to reinstall Windows. Please see the appropriate link below for a guide to suit your particular situation.

Back to Top


Prevent Re-Infection


To minimise the risk of a repeat infection, please pay attention to the steps below :

  1. Keep your operating system and applications updated with the latest security patches. On Windows Update, these would be the updates marked as critical and security.

  2. When you are reading your email, do not open messages or attachments sent from unknown senders. If you are unsure, it is better to delete it than to expose your system to reinfection.

  3. Make sure that you have a real-time antivirus program running on your PC and see that it stays updated. If you don't want to spend money on a paid service, then you can install one of the free programs that are available.

  4. Scan any removable media before they are used. (This includes, floppies, CDs, DVDs, Flash USBs and External HDDs.)

  5. Do not download unknown software from the web. The chances of infection from an unknown source is too high a risk.

  6. Scan all incoming email attachments or any other file that decide to download - prior to actually using it.

  7. Do not open files received via email or chat with the following extensions. .exe, .pif, .com, and .src,

  8. In addition to installing traditional antivirus software, you might consider consider reading the guide below for some basic rules for safe surfing online.


Always double check any online accounts such as online banking, webmail, email, and social networking sites. Look for suspicious activity and change your passwords, you can't tell what info the malware might have passed on.

If you have an automatic backup for your files you will want to run virus scans on the backups to confirm that it didn't backup the infection as well. If virus scans aren't possible such as online backups, you will probably want to delete your old backups and save new versions.

Keep your software current. Make sure that you update then frequently. If you receive any messages about this and aren't sure of their validity, then always contact the company in questions support to clarify it.

Back to Top


Other Removal Options


Once an infection is identified, you have decide on your next step.

There are several options for resolution :

  1. We can offer Dell Solution Station for a technician to do the work for you, but this is a pay on point of need service.

  2. We can always reinstall the operating system as well.

  3. If the infection is obvious and can be located easily, then you may be able to attempt a removal.

If you are able to get online or use another system with internet, then you check out the following article and tools for further information :

Links to Dell's Knowledge Base Articles
Link to Microsoft's online Tool
Links to the various publishers security software uninstall tools from the one source
Useful Links to knowledge about the various security software programs that ship with Dell PC's

Publishers list of Scanner, Cleaner and other Security Utilities

SLN292746_en_US__1icon Note: These are 3rd party tools and are not supported by Dell. We are not responsible for any results from using these tools. Dell agents cannot stay on the line and take you through using these tools on the system. You use these tools at your own risk.
Utility Link
VT Hash Check ZIP  SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
Free Edition Link SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
Hosts-Perm.bat Link SLN292746_en_US__4iC_External_Link_BD_v1
FixExec (/W32) Link SLN292746_en_US__4iC_External_Link_BD_v1
FixExec (/W64) Link SLN292746_en_US__4iC_External_Link_BD_v1
RKill Link SLN292746_en_US__4iC_External_Link_BD_v1
RKill (Download renamed as iExplore.exe) Link SLN292746_en_US__4iC_External_Link_BD_v1
Shortcut Cleaner Link SLN292746_en_US__4iC_External_Link_BD_v1
Unhide Link SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
AntiMalware EXE SLN292746_en_US__4iC_External_Link_BD_v1
Emergency Kit EXE SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
GrantPerms (/W32) Link SLN292746_en_US__4iC_External_Link_BD_v1
GrantPerms (/W64) Link SLN292746_en_US__4iC_External_Link_BD_v1
ListParts (/W32) Link SLN292746_en_US__4iC_External_Link_BD_v1
ListParts (/W64) Link SLN292746_en_US__4iC_External_Link_BD_v1
MiniToolBox Link SLN292746_en_US__4iC_External_Link_BD_v1
Recovery Scan Tool (/W32) Link SLN292746_en_US__4iC_External_Link_BD_v1
Recovery Scan Tool (/W64) Link SLN292746_en_US__4iC_External_Link_BD_v1
Service Scanner Link SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
Defogger Link SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
TDSSKiller EXE SLN292746_en_US__4iC_External_Link_BD_v1
RectorDecryptor EXE SLN292746_en_US__4iC_External_Link_BD_v1
RakhniDecryptor EXE SLN292746_en_US__4iC_External_Link_BD_v1
RannohDecryptor EXE SLN292746_en_US__4iC_External_Link_BD_v1
ScatterDecryptor ZIP SLN292746_en_US__4iC_External_Link_BD_v1
XoristDecryptor EXE SLN292746_en_US__4iC_External_Link_BD_v1
CapperKiller EXE SLN292746_en_US__4iC_External_Link_BD_v1
KidoKiller EXE SLN292746_en_US__4iC_External_Link_BD_v1
FippKiller EXE SLN292746_en_US__4iC_External_Link_BD_v1
SalityKiller EXE SLN292746_en_US__4iC_External_Link_BD_v1
VirutKiller EXE SLN292746_en_US__4iC_External_Link_BD_v1
XpajKiller EXE SLN292746_en_US__4iC_External_Link_BD_v1
ZbotKiller EXE SLN292746_en_US__4iC_External_Link_BD_v1
RadminerFlashRestorer EXE SLN292746_en_US__4iC_External_Link_BD_v1
Kabasiji EXE SLN292746_en_US__4iC_External_Link_BD_v1
Kabasigi EXE SLN292746_en_US__4iC_External_Link_BD_v1
ScraperDecryptor ZIP SLN292746_en_US__4iC_External_Link_BD_v1
PMaxKiller EXE SLN292746_en_US__4iC_External_Link_BD_v1
DigitaCure EXE SLN292746_en_US__4iC_External_Link_BD_v1
CleanAutoRun EXE SLN292746_en_US__4iC_External_Link_BD_v1
Kaspersky Virus Removal Tool EXE SLN292746_en_US__4iC_External_Link_BD_v1
Kaspersky Rescue Disk + WindowsUnlocker ISO SLN292746_en_US__4iC_External_Link_BD_v1
Flashfake Removal Tool ZIP SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
Anti-Exploit Link SLN292746_en_US__4iC_External_Link_BD_v1
Anti-Malware Link SLN292746_en_US__4iC_External_Link_BD_v1
MalwareBytes Pro Link SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
Malicious Software Removal Tool Link SLN292746_en_US__4iC_External_Link_BD_v1
FakeRean Fix it Tool (/W32) Link SLN292746_en_US__4iC_External_Link_BD_v1
Rootkit Revealer (Sysinternals) Link SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
Malware Cleaner Link SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
OTL Link SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
Rootkit Detector ZIP SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
WinPatrol Link SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
Security Check EXE SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
Hitman Pro 3.7 (/32) EXE SLN292746_en_US__4iC_External_Link_BD_v1
Hitman Pro 3.7 (/64) EXE SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
Junkware Removal Tool Link SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
RogueKiller Link SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
AntiRansomware Tool EXE SLN292746_en_US__4iC_External_Link_BD_v1
Anti-Threat Toolkit (/W32) Link SLN292746_en_US__4iC_External_Link_BD_v1
Anti-Threat Toolkit (/W64) Link SLN292746_en_US__4iC_External_Link_BD_v1
Fake AV-Removal Tool GUI (/W32) Link SLN292746_en_US__4iC_External_Link_BD_v1
Fake AV-Removal Took GUI (/W64) Link SLN292746_en_US__4iC_External_Link_BD_v1
Fake AV-Removal Tool CLI (/W32) Link SLN292746_en_US__4iC_External_Link_BD_v1
Fake AV-Removal Took CLI (/W64) Link SLN292746_en_US__4iC_External_Link_BD_v1
HijackThis Link SLN292746_en_US__4iC_External_Link_BD_v1
HouseCall (/W32) EXE SLN292746_en_US__4iC_External_Link_BD_v1
HouseCall (/W64) EXE SLN292746_en_US__4iC_External_Link_BD_v1
Rescue Disk EXE SLN292746_en_US__4iC_External_Link_BD_v1
Rootkit Buster (/W32) EXE SLN292746_en_US__4iC_External_Link_BD_v1
Rootkit Buster (/W64) EXE SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
Adwcleaner Link SLN292746_en_US__4iC_External_Link_BD_v1
Delfix Link SLN292746_en_US__4iC_External_Link_BD_v1

Back to Top

SLN292746_en_US__88Secure  Get general information and guidance to secure your system/data on our Security and Antivirus page.


Article Properties

Affected Product

Desktops & All-in-Ones, Laptops, Inspiron, Latitude, Vostro, XPS, Tablets, Latitude Tablets, Surface, Venue, XPS Tablets, Fixed Workstations

Last Published Date

21 Feb 2021



Article Type


Rate This Article

Easy to Understand
Was this article helpful?

0/3000 characters