At one point or another, you will deal with someone who got a virus on their computer. Here are some general troubleshooting steps to resolve.
Determine if you can run .exe files, many viruses block these. If you are unable to remote in on a computer, see Jumping To A Computer Through The Network.
Shut the computer down and bring it up in Safe Mode with Networking (usually by tapping F8 on startup).
If the virus is not allowing you to run any tools, start with “R-Kill“, this program clears active processes so that you can run your virus removal tools. Place this file on a mapped drive on another computer that is mapped to the infected computer and have the user run this if you are unable to remote in.
As soon as you get in, start running as many tools as you can. I usually start with “Malware Bytes Antirootkit”, “ESET Online Scanner”, and “RogueKiller”. Always run multiple malware removal programs so that if one doesn’t catch the infection, the others might.
While those are running, check the registry at:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and RunOnce
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and RunOnce
Disable startup entries in Msconfig.exe.
After the scans complete, reboot and start with some other scanners, I usually do “AdwCleaner” and “Malware Bytes Regular” next.
- After those scans complete, reboot and run “CCleaner” and “TFC (Temp File Cleaner)”