When a malware is installed, such as Windows 7 Home Security, it will display several security warnings. The most troublesome one is when a program is launched, it states that the fake antivirus software has prevented the program from running because it is infected with a virus.
I have found on numerous occasions that booting to safe mode is not the only answer to this and sometimes you can't access or install the antivirus software in safe mode to begin with.
To alleviate this, I found that if you launch programs right after Windows signs in those programs will not automatically close. Anything launched after the virus loads will either automatically be closed or the virus will prevent it from opening and give a fake warning message about the file.
Here are the steps that have worked every time for me:
1) Turn on the PC
2) Boot up Windows
3) Sign in
4) press ctrl+alt+del
5) start task manager
6) press Window+r and type in "regedit" and launch regedit
7) press Window+r and type in "cmd" and launch cmd
If these steps were followed soon enough, now you can use them to troubleshoot the issue. The virus will continue to load after these programs are launched but it typically will not close them. You can use the command line to kill the virus processes and so forth.
Make sure to see my blog article about taskkill to kill processes and my other blog article about what antivirus software to use. Using these commands and programs will resolve the issue after loading the above three programs and having them active.
And what about using a web browser for troubleshooting? I would recommend having a clean spare laptop around to do web searches on with access to the internet. You never know how the web browser is going to react in a virus infected environment. Otherwise if there is only that one workstation available that is infected, make sure the virus processes are no longer running and then launch the web browser and use it to search for the resolution to the virus if antivirus software did not help.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.