It should be drilled into you by now: Use antivirus software! These programs—from the amazing free tools to the fee-driven antivirus utilities—keep tabs on your Windows PC with scans, real-time monitoring, even heuristic analysis of files and processes so new threats can be identified. It’s imperative, especially with Windows, that you have some kind of antivirus installed.
But even the best antivirus isn’t 100 percent foolproof. A device already compromised by malware could get on your network, people can personally place malware on a system, and some malware, a Remote Access Trojan, lays dormant waiting to attack at just the right time. And no one can protect entirely against social engineering or phishing schemes that trick you into clicking on or downloading an infected link or attachment. Hell, there are even rogue programs out there that look like antivirus or antispyware, but when you install them, you get infected! Always download from the source—avoid the third-party download sites.
Sometimes, it’s hard to tell when you’re initially infected with the badness. But there are plenty of signs you should keep an eye out for—incredibly slow performance where once the PC zipped along, browser pop-ups when no browser is even open, scary warnings from security programs you didn’t install, and many more.
If you suspect, or absolutely with a certainty know, you’ve got a malware infection, here are the steps to take, immediately.
Install or Update Your Antivirus
First, make sure your existing antivirus software is fully updated with the latest virus definitions—that’s how the software IDs existing malware, based on what has come before. Antivirus vendors are constantly updating these lists as they encounter new viruses and Trojans in the wild and in the lab. If your software is even a day out of date, you run the risk of an infection.
If you don’t have any antivirus installed, well…sheesh. Re-read the first paragraph above and immediately download one of our top-rated free antivirus tools: Avast Free Antivirus, AVG AntiVirus Free, or Panda Free Antivirus.
If you need to fix an infected PC for a business, super-sheesh, and also, you’ll probably have to spend some money to get a full security suite. Our top-rated options include: Symantec Norton Security Premium, Bitdefender Internet Security, Bitdefender Total Security, Kaspersky Internet Security, and McAfee LiveSafe. All of the above get 4.5 stars in reviews this year from PCMag’s security expert, Neil J. Rubenking.
Then run the deep, thorough scan. Let it run for as long as it takes, and hope that it finds and fixes the problem. That’s your best-case scenario. The problem is, if the malware is good at its job, then it probably deactivated the antivirus to get there in the first place.
Also, make sure you’ve got a software firewall running on all PCs. The firewall running in your home or business router is nice and all, but it’s not enough. Our top pick is the Check Point ZoneAlarm Free Firewall, or get the paid Pro version that does even more.
Revert to the Old or the Safe
If you’ve got System Restore points set in Windows, you could use this opportunity to reset the system. It could do the trick but probably will not. The malware, again, if it was written by someone smart, will be ready for this trick. You can try running RKill, a program designed to kill any known malware processes in play.
If that doesn’t work, you need to boot Windows in a way that won’t let the malware get started. That’s called Safe Mode. Enter into the Windows Safe Mode by restarting the PC, then, in Windows 8 and 10, hold down the shift key during the boot sequence. When you’re asked for troubleshooting options, enter Safe Mode.
You should delete temp files—they permeate Windows after a while, and could be where malware hides. At the Start menu, type in Disk Cleanup and it’ll check the C: drive for what you can safely delete among all the temps. Then download and run an antivirus on-demand scanner: Malwarebytes Anti-Malware is always highly recommended at this point in the process. Hopefully, it does the trick and your PC is back to normal after the scan and another reboot.
Malwarebytes Anti-Malware is sometimes called “second opinion malware scanner,” because it’s a second line of attack against the bad guys if your initial antivirus fails. Other options include HitmanPro and Kaspersky TDSKiller. The latter is particularly good at sniffing out rootkits that run at a level that makes them hard to find by regular antivirus software.
Cut the Internet
If you’ve got a RAT aboard, that means someone is remotely accessing your PC. That’s bad news, so your first step has to be getting off the Internet. Pull the Ethernet on the PC, turn off the Wi-Fi, even turn off the router if you must. That’s your only guarantee the PC is disconnected (make sure it’s not using a neighbor’s or business’s Wi-Fi to stay online on the side).
Not being online makes it hard to stay up to date with antivirus definitions, of course. You’ll have to get the latest software from a third-party PC (probably at a different location) then get it to the infected system using a USB flash drive. You can also boot the computer with a CD, sometimes called a “Live CD” or “rescue CD,” running a full anti-malware utility. Of course, you might need a CD reader on the PC, which isn’t always a given these days, especially on newer laptops. Then again, many of these tools can boot from a USB flash drive, as well.
Get Portable Antivirus Help
When all else fails, it could be the OS that’s against you, thanks to the infection—you may not be able to even install new antivirus tools. You need to get around the OS and let the antivirus take control.
There are many portable apps you can put on a USB drive that don’t require direct installation, including some that do antivirus, like Microsoft Safety Scanner, ClamWin, McAfee Stinger, or Kaspersky Security Scan. Try a mix—they won’t conflict since you run each scan individually.
If you prefer to boot into a utility that will then do a deeper scan on the entire hard drive, get a third-party PC on which to burn the goods, then find a rescue CD image to burn from antivirus vendors like AVG, Avira, Bitdefender, F-Secure, Kaspersky, Panda, Sophos, and Trend Micro.
You’ll need ISO or IMG file burner software utility to make that disk or drive that’s bootable; in Windows 7, 8, and 10, insert the empty CD, DVD, or USB drive, double click the ISO or IMG file and select Burn disc image. Or download a tool like ImgBurn to get more control over it.
There is specialized software out there, like Spybot, that goes after spyware, or Symantec’s Norton Power Eraser, which specifically targets “crimeware,” the kind of malware that runs scams and scares the crap out of you. This one comes with a warning that it’s as aggressive as hell when it goes after a problem, and therefore the risk of collateral damage is high. The warning says specifically, “there is a risk that it can select some legitimate programs for removal.”
Risking a few programs is worth it compared to the nuclear option: reformatting your hard drive and reinstalling the operating system and all programs (you do have an image of your clean OS install backed up that you can use for restoration, right?). That’s necessary less and less these days, compared to the days of Windows 95 on up to Vista; but still a viable method of resetting the system, sans malware.
Living in the Aftermath
Dealing successfully with an infection is like being at home after you’ve been burglarized; it takes a while to feel safe again. Take steps, like you would after being robbed: enhance your security. Get the best, highest rated security suite, read up on how to avoid getting scammed/phished, and then go on a purge: uninstall any programs you’re not using on a regular basis or don’t trust. Be ruthless. And be careful.