Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

How to Identify and Repair Malware or Virus Infected Computers

Summary: This is an article that takes you through identifying and repairing a virus or malware infection on your computer. Dell strongly recommends you recover your system image on theSee more

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content


Symptoms

 


Table of Contents:

  1. What level of support is possible for Malware and Virus infection Issues?
  2. What is the difference between Malware and a virus?
  3. What are the most common symptoms of a Malware of Virus infection?
  4. Malware Detection/system usability steps
  5. Scanning Software
  6. General Removal Guide
  7. Removing the Infection
  8. Other Removal Options
  9. Prevent Re-Infection

 

What level of support is possible for Malware and Virus infection Issues?

 

Dell’s standard practice has historically been to recommend a clean install of the Operating System (OS), once Malware or a Virus has been detected. This resolves an infection issue 100% of the time.

Under a ProSupport warranty, our Technical support should always investigate and identify the infection has taken place. They should attempt to get the computer to a usable state. So that they can run anti-virus scans or determine if a clean reinstall should take place due to the level of infection on the computer.

Note: While some infections, are not serious and can be removed using the right tools. This information is provided for informational and educational purposes. Dell is not responsible for any loss of data from your computer, and you run these tools at your own choice and risk.


Back to Top


 

What is the difference between Malware and a virus?

 

Malware, or malicious software, has become a catch-all term for several different types of infections. Some install themselves and create a simulated infection, corruption, or hardware failure, therefore tricking you into purchasing their product to resolve the issue. This type is known as hostage-ware, ransom-ware, or scare-ware. There are malware infections that redirect your browser to sites that the creator has chosen. Alternatively, they redirect to a website that they are compensated for, based on the number of hits the site receives. Sometimes these infections can hide your entire root drive and all your subdirectories. Sometimes they capture your personal information and communicate back to the creator of the infection.

A virus, which has become a subset of malware, is a program that replicates and attaches itself to services or specific applications. Many malware payloads contain a virus file, such as a Trojan or a Worm, to help root the infection. Viruses were once an exclusive type of infection, but now they have been combined into infection packages of malware. Many malware packages incorporate rootkits to embed themselves into the kernel level of the OS, making them stealthy and more difficult to remove.

Many items are often mistaken for computer infection. These can include tracking cookies, search hooks, or browser helper objects (BHOs). Although the presence of these can indicate infection, there must be an accompanying loader (EXE) file or kernel mode driver to present to confirm infection.


Back to Top


 

What are the most common symptoms of a Malware of Virus infection?

 

Although today’s malware can contain multiple payloads, here are some of the most common signs of infection:

  • Onscreen Warnings about computer infection from a source other than your anti-virus software
  • The browser redirects or a complete hijack of the browser
  • You cannot open any EXE or Microsoft Installer (MSI) files
  • The inability to change wallpaper or any desktop settings
  • All entries under Start>Programs are empty and/or the C: drive is blank
  • The anti-virus icon disappears from the system tray or cannot be started
  • Random pop-ups show on-screen either in or out of the browser
  • Unusual icons, erroneous start menu, or Device Manager entries appear


Back to Top


Cause

 

Malware Detection/system usability steps

 

Here are some steps to perform to confirm infection:

  1. Ask the question. Are there any pop ups, redirects, or messages that have been experienced on the desktop or from the system tray?

  2. Has a recent virus or malware scan been run? If the anti-virus or malware removal tools do not run, then this is a positive sign that the computer may be infected.

  3. If the Internet or computer is inoperative due to infection, boot to Safe Mode with Networking. (using LAN only.) You can use the Process Explorer and Autoruns programs to test with. Most malware infections show themselves easily in these tools if they Run as Administrator in Windows. (Windows XP is always in kernel-mode in an administrator profile.)

Process Explorer example:

SLN292746_en_US__2Process Explorer

Autoruns Example of malware infection

SLN292746_en_US__3Autoruns

  1. These programs or any other malware removal tools do not open, if the shell extension for EXE’s is blocked in the registry. Right-click the .exe file and rename the extension to .com. Attempt to run the tool. If it still does not open, boot to Safe Mode and attempt to run the tool again.

  2. If you have an active anti-virus subscription, you can attempt to remove the block on the anti-virus. Clearing any malicious entries in Autoruns and rebooting may allow EXE files to run again and you can update and scan with your anti-virus. Sometimes a kernel mode driver is installed in Device Manager to block the anti-virus software. It usually shows under Plug and Play Devices, and you must set Device Manager to Show Hidden Devices.

If positive malware identification is made, you can use one of the options below. Remember if it does not work, we can take you through a clean OS reinstall to resolve the issue.


Back to Top


 

Scanning Software

 

Sometimes running a scanner is enough to remove most malware infections. You have most likely got an anti-virus program active on your computer, you should use another scanner for this check.

If your current anti-virus software did not stop the infection, you cannot expect it to find the problem now. We would recommend trying a new program.

 
Note: No anti-virus program can detect 100 percent of the millions of malware types and variants.
 

There are two main types of anti-virus.

 
Real-time anti-virus programs

They constantly watch for malware.

On-demand scanners

They search for malware infections when you open the program manually and run a scan.

 
Note: Ideally, only run one real-time anti-virus program on your computer at the one time. However, you can keep a few on-demand scanners stored to run scans with multiple programs.
 

The best course of action is to use an on-demand scanner first and then follow up with a full scan by your real-time anti-virus program. There are several free and effective on-demand scanners available. You can find a list of the most common ones in the last section of this article.


Back to Top


Resolution

 

General Removal Guide

 

Disconnect your computer from the Internet and do not use it until you are ready to remove the malware.

Think of it like cutting off all communications or putting a patient into a suspended state.

Boot your computer into Safe Mode. Only the minimum required programs and services are loaded in this option. If any malware is set to startup when Windows starts, booting in safe mode should prevent it.

To boot into Windows Safe Mode. Follow whichever guide below matches your Operating System (OS). This should bring up the Advanced Boot Options menu. Select Safe Mode with Networking and press the Enter key.

You will find that your computer runs faster in Safe Mode. If it does, it could be a sign that your computer has a malware infection. It could also mean that you have a lot of legitimate programs that start up with Windows.

Delete your temporary files before starting any other steps. Doing this could speed up the virus scanning, but it clears the downloaded virus files and lessen the amount that the scanners have to check. You can do this through the Disk Cleanup utility or from the Internet options menu.

Note: Are you using Windows 11, Windows 10? Instead of seeing the safe mode screens, does the computer give a prompt asking for the Windows 10 product code? Use the link below to troubleshoot Windows 10 Black Screens.

The following link takes you to an article with general steps to take you through a removal of the most often encountered Malware types:


Back to Top


 

Removing the Infection

 

This guide uses Malwarebytes. I am using this piece of software as it is the software I am most used to and is freely available. You can find another program to do the same job if you prefer in Section 9 below. If you are following this guide, then Download SLN292746_en_US__4iC_External_Link_BD_v1 the Malwarebytes program and install it. You must reconnect to the Internet for this. However, once the download is complete, disconnect from the Internet again. If you cannot access the Internet, or you cannot download Malwarebytes on your computer. You can download it on another computer and save it to a USB flash drive or CD/DVD and transfer it to the infected computer.

Run the setup and follow the on-screen InstallShield wizard. Malwarebytes checks for updates and then launches the user interface (UI).

 
Note: If it reports the database being outdated, choose Yes to download the updates and then click OK when prompted that they have been successfully installed.
 

Keep the default scan option 'Perform quick scan' and click the Scan button.

SLN292746_en_US__11malwarebytes_scan-5236811

This program offers a full-scan option, however it is recommended that you perform the quick scan first. Depending on your computers specifications, the quick scan can take anywhere from 5 to 20 minutes. However, the full scan could take up to 60 minutes or more. You can see how many files or objects the software has already scanned. It shows how many of the files it has identified either as being malware or as having been infected by malware.

If Malwarebytes disappears after it begins scanning and does not reopen, then the infection could be more serious and stopping the scanner from running. There are ways around this if you know the type of infection. However, you might be better off reinstalling Windows after backing up your files. It could be quicker, easier, and is guaranteed to resolve the infection.

If Malwarebytes' quick scan comes up empty, it displays a text file with the scan results. If you still think that your computer may have acquired some malware, consider running a full scan with Malwarebytes. You can use other scanners - such as one of the others above. If Malwarebytes finds the infections, it shows a warning box. To view the suspect files, click the Scan Results button. It should automatically select the ones that are dangerous for removal. If you want to remove other detected items, select them as well. Click the Remove Selected button to get rid of the selected files.

SLN292746_en_US__12malwarebytes_removal-5236804

After removing the infections, Malwarebytes will open a log file listing the scan and removal results. Check to confirm that the anti-virus program successfully removed each item. Malwarebytes may also prompt you to restart your computer in order to complete the removal process, which you should do.

Do your problems persist even after you have run the quick scan and it has found and removed unwanted files? Follow the advice above and run a full scan with Malwarebytes or with the other scanners mentioned earlier. If the malware appears to be gone, run a full scan with your real-time anti-virus program to confirm that result.

If you cannot seem to remove the malware or if Windows is not working properly, you may have to reinstall Windows. See the appropriate link below, for a guide to suit your particular situation.


Back to Top


 

Other Removal Options

 

Once an infection is identified, you have to decide on your next step.

There are several options for resolution:

  1. We can offer Dell Solution Station for a technician to do the work for you, but this is a pay on point of need service.

  2. We can always reinstall the operating system as well.

  3. If the infection is obvious and can be located easily, then you may be able to attempt a removal.

If you can get online or use another computer with Internet, then you check out the following article and tools for more information:

 
Links to Dell's Knowledge Base Articles
   
Link to Microsoft's online Tool
   
Links to the various publishers security software uninstall tools from the one source.
   
Useful Links to knowledge about the various security software programs that ship with Dell computers.
   

Publishers list of Scanner, Cleaner, and other Security Utilities

 
Note: These are third-party tools that are not supported by Dell. We are not responsible for any results from using these tools. Dell agents cannot stay on the line and take you through using these tools on the computer. You use these tools at your own risk.
 
Utility Link
VT Hash Check ZIP  SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
Free Edition Link SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
Hosts-Perm.bat Link SLN292746_en_US__4iC_External_Link_BD_v1
FixExec (/W32) Link SLN292746_en_US__4iC_External_Link_BD_v1
FixExec (/W64) Link SLN292746_en_US__4iC_External_Link_BD_v1
RKill Link SLN292746_en_US__4iC_External_Link_BD_v1
RKill (Download renamed as iExplore.exe) Link SLN292746_en_US__4iC_External_Link_BD_v1
Shortcut Cleaner Link SLN292746_en_US__4iC_External_Link_BD_v1
Unhide Link SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
AntiMalware EXE SLN292746_en_US__4iC_External_Link_BD_v1
Emergency Kit EXE SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
GrantPerms (/W32) Link SLN292746_en_US__4iC_External_Link_BD_v1
GrantPerms (/W64) Link SLN292746_en_US__4iC_External_Link_BD_v1
ListParts (/W32) Link SLN292746_en_US__4iC_External_Link_BD_v1
ListParts (/W64) Link SLN292746_en_US__4iC_External_Link_BD_v1
MiniToolBox Link SLN292746_en_US__4iC_External_Link_BD_v1
Recovery Scan Tool (/W32) Link SLN292746_en_US__4iC_External_Link_BD_v1
Recovery Scan Tool (/W64) Link SLN292746_en_US__4iC_External_Link_BD_v1
Service Scanner Link SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
Defogger Link SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
TDSSKiller EXE SLN292746_en_US__4iC_External_Link_BD_v1
RectorDecryptor EXE SLN292746_en_US__4iC_External_Link_BD_v1
RakhniDecryptor EXE SLN292746_en_US__4iC_External_Link_BD_v1
RannohDecryptor EXE SLN292746_en_US__4iC_External_Link_BD_v1
ScatterDecryptor ZIP SLN292746_en_US__4iC_External_Link_BD_v1
XoristDecryptor EXE SLN292746_en_US__4iC_External_Link_BD_v1
CapperKiller EXE SLN292746_en_US__4iC_External_Link_BD_v1
KidoKiller EXE SLN292746_en_US__4iC_External_Link_BD_v1
FippKiller EXE SLN292746_en_US__4iC_External_Link_BD_v1
SalityKiller EXE SLN292746_en_US__4iC_External_Link_BD_v1
VirutKiller EXE SLN292746_en_US__4iC_External_Link_BD_v1
XpajKiller EXE SLN292746_en_US__4iC_External_Link_BD_v1
ZbotKiller EXE SLN292746_en_US__4iC_External_Link_BD_v1
RadminerFlashRestorer EXE SLN292746_en_US__4iC_External_Link_BD_v1
Kabasiji EXE SLN292746_en_US__4iC_External_Link_BD_v1
Kabasigi EXE SLN292746_en_US__4iC_External_Link_BD_v1
ScraperDecryptor ZIP SLN292746_en_US__4iC_External_Link_BD_v1
PMaxKiller EXE SLN292746_en_US__4iC_External_Link_BD_v1
DigitaCure EXE SLN292746_en_US__4iC_External_Link_BD_v1
CleanAutoRun EXE SLN292746_en_US__4iC_External_Link_BD_v1
Kaspersky Virus Removal Tool EXE SLN292746_en_US__4iC_External_Link_BD_v1
Kaspersky Rescue Disk + WindowsUnlocker ISO SLN292746_en_US__4iC_External_Link_BD_v1
Flashfake Removal Tool ZIP SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
Anti-Exploit Link SLN292746_en_US__4iC_External_Link_BD_v1
Anti-Malware Link SLN292746_en_US__4iC_External_Link_BD_v1
MalwareBytes Pro Link SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
Malicious Software Removal Tool Link SLN292746_en_US__4iC_External_Link_BD_v1
FakeRean Fix it Tool (/W32) Link SLN292746_en_US__4iC_External_Link_BD_v1
Rootkit Revealer (Sysinternals) Link SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
Malware Cleaner Link SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
OTL Link SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
Rootkit Detector ZIP SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
WinPatrol Link SLN292746_en_US__4iC_External_Link_BD_v1
 
Utility Link
Hitman Pro 3.7 (/32) EXE SLN292746_en_US__4iC_External_Link_BD_v1
Hitman Pro 3.7 (/64) EXE SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
Junkware Removal Tool Link SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
RogueKiller Link SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
AntiRansomware Tool EXE SLN292746_en_US__4iC_External_Link_BD_v1
Anti-Threat Toolkit (/W32) Link SLN292746_en_US__4iC_External_Link_BD_v1
Anti-Threat Toolkit (/W64) Link SLN292746_en_US__4iC_External_Link_BD_v1
Fake AV-Removal Tool GUI (/W32) Link SLN292746_en_US__4iC_External_Link_BD_v1
Fake AV-Removal Took GUI (/W64) Link SLN292746_en_US__4iC_External_Link_BD_v1
Fake AV-Removal Tool CLI (/W32) Link SLN292746_en_US__4iC_External_Link_BD_v1
Fake AV-Removal Took CLI (/W64) Link SLN292746_en_US__4iC_External_Link_BD_v1
HijackThis Link SLN292746_en_US__4iC_External_Link_BD_v1
HouseCall (/W32) EXE SLN292746_en_US__4iC_External_Link_BD_v1
HouseCall (/W64) EXE SLN292746_en_US__4iC_External_Link_BD_v1
Rescue Disk EXE SLN292746_en_US__4iC_External_Link_BD_v1
Rootkit Buster (/W32) EXE SLN292746_en_US__4iC_External_Link_BD_v1
Rootkit Buster (/W64) EXE SLN292746_en_US__4iC_External_Link_BD_v1
Utility Link
Adwcleaner Link SLN292746_en_US__4iC_External_Link_BD_v1
Delfix Link SLN292746_en_US__4iC_External_Link_BD_v1


Back to Top


 

Prevent Re-Infection

 

To minimize the risk of a repeat infection, pay attention to the steps below:

  1. Keep your operating system and applications updated with the latest security patches. On Windows Update, these would be the updates that are marked as critical and security.

  2. When you are reading your email, do not open messages or attachments that are sent from unknown senders. If you are unsure, it is better to delete it than to expose your computer to reinfection.

  3. Ensure that you have a real-time anti-virus program running on your computer and see that it stays updated. If you do not want to spend money on a paid service, then you can install one of the free programs that are available.

  4. Scan any removable media before they are used. (This includes, floppies, CDs, DVDs, Flash USBs, and External HDDs.)

  5. Do not download unknown software from the web. The chance of infection from an unknown source is too high a risk.

  6. Scan all incoming email attachments or any other file that decide to download - before you use it.

  7. Do not open files that you receive by email or chat with the following extensions. .exe, .pif, .com, and .src,

  8. In addition to installing traditional anti-virus software, you might consider reading the guide below for some basic rules for safe surfing online.

 

Always double check any online accounts such as online banking, webmail, email, and social networking sites. Look for suspicious activity and change your passwords, you cannot tell what info the malware might have passed on.

If you have an automatic backup for your files, run virus scans on those backups. Confirm that it did not backup the infection as well. If virus scans are not possible such as online backups, most people decide to delete their old backups and save new versions.

Keep your software current. Ensure that you update then frequently. If you receive any messages about this and are not sure of their validity, then always contact the company in questions support to clarify it.


Back to Top


Additional Information

SLN292746_en_US__88Secure  Get general information and guidance to secure your system/data on our Security and Antivirus page.
 

Article Properties


Affected Product

Desktops & All-in-Ones, Laptops, Inspiron, Latitude, Vostro, XPS, Tablets, Latitude Tablets, Surface, Venue, XPS Tablets, Fixed Workstations

Last Published Date

05 May 2022

Version

6

Article Type

Solution