How do I recover from a bad virus infection?

Home » Viruses and Malware

Summary: Recovering from a bad virus infection isn't always easy, but there are some easier things to try before drastic measures need to be taken.

Over the past weeks on my older Windows XP machine:

I've had frequent re-infections of some virus or Trojan that resets my IE home page, disables Task Manager, and blocks my access to System Restore.
Several times each day, I run AdAware, Spybot, and my virus program (Panda) to remove identified infections and spyware.
I read where disabling System Restore and then running a virus scan would clean out any virus strands that were inadvertently being backed-up with each shutdown/startup cycle.
My virus and spyware programs sometime identify Services.exe and Winlogon.exe as viruses. When this happens, these files are referenced as being in located in the C:\Windows\inetdata sub-directory (which is not where they should be).

Did I royally screw things up by disabling System Restore? I understand by doing this, I erased all existing restore points so that wouldn't surprise me.

First let me say this...

YIKES!

You've got a serious infection here. In all honesty, I'm not sure the patient will survive. But let's run through some options.

•

Here's how I'd proceed:

disconnect from the network
boot in safe mode
run the system file checker
run your AV and Spyware scans. Turn on any "immunize" options in the spyware checker
Reboot in normal mode.

If things work properly at this point skip the next two steps
Reinstall Windows XP. When you reinstall, you should have the option of doing a "repair" install or an install "on top of" the existing installation.
If things work properly at this point skip the next step.
If things are so bad that it's still not working properly, in your shoes I'd reformat the machine and rebuild it. Trying to coerce it into working again may just be more effort than it's worth. Be sure to save the data you care about first, of course.
Enable or get behind a firewall
Reconnect to the network.
Update your anti-virus software's database and your spyware scanner's database and run scans again.
Visit Windows Update, and do take SP2.

It concerns me a great deal that you're getting reinfected so quickly and so often. If you're not doing something silly, like opening unidentified attachments, or visiting malicious web sites, then that shouldn't be happening at that rate.

Related:

Ask Leo! - What is the System File Checker, and how do I run it?
Ask Leo! - Do I need a firewall, and if so, what kind?
Ask Leo! - How do I keep my computer safe on the internet?

Article B1839 | Posted January 30, 2005

•

Recent Comments

28 Comments

Hi.
I recently got a virus from Msn messenger.
My friend sent this link and it send "hey check out these pics of us on myspace" and then had a link.
So I clicked it and now while I am on msn it opens all my contacts and writes in that same thing and I cant talk to anyone unless i sign out and back in agin. please help.
Hannah

Posted by: Hannah at June 13, 2006 2:50 AM

i know this isnt in the article above but i dont know what to do!!! i use avg and have been told that sometimes it stops my internet connection.Can i fix this without having to buy a different security program

Posted by: junelle at June 29, 2006 3:48 PM

a comment on my computer keeps sayin your computer is infected! windows have detected a spyware infection. what do i do about it please help

Posted by: charlotte at July 28, 2006 8:26 AM

hey i need help i have had 22 trojan horses and now my pc is realy slow it wont let me do anthing on it and things kep going missing i dont thinnk that the viruses have gone i use McAfee. plz help thank you

Posted by: sarah at December 22, 2006 4:57 AM

My virus/ spyware is gone! My computer goes way slower now even though my virus is gone. How do I get back to normal?

Posted by: Laura at March 24, 2007 9:32 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I don't understand what's "gone". You believe you've cleared yourself from
infection, but things are still slow? Then I'd have you read this article:
http://ask-leo.com/why_is_my_machine_slowing_down.html

Your anti-virus and anti-spyware programs are gone? Reinstall them.

Leo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)

iD8DBQFGBrZfCMEe9B/8oqERAsavAJ9RiQvdYzIiR3HZ+ubQKlS+EB1ODgCfRm84
NsgwNrPmp+YX2aNe5/M8sZQ=
=IZUQ
-----END PGP SIGNATURE-----

Posted by: Leo Notenboom at March 25, 2007 10:50 AM

My computer started shutting down on its own after about 5 minutes. I was able to download an antivirus software that I bought from office depot and when it said restart, it shut down again but now it won't come on at all. It sounds like it is running and one green light lights up but that is it. WHAT DO I DO, PLZ HELP.

Posted by: Josh at June 13, 2008 1:05 PM

Hello,

I got some Trojan Viruses by email, machine would not even boot up, ran system recovery instead of system restore.

Can I go back and run system restore now.

Posted by: JL at August 28, 2008 10:53 AM

I think I may be virused - very odd things have been happening, though I used AVG and other products!

Basically opening files seems to take much longer, and every time I open a folder the system hangs slightly. This never happened before, I got the system built to spec so I could do plenty of photo and music editing! I am running windows XP as well.

ALso folders on the desktop seem to just go missing. My concern is that nothing seems to pick up anything wrong - is there any way I can check for sure I am being virused and are the steps there what you would reccomend in this instance?

Thank you!

Mr.Will

Posted by: Mr.Will at October 21, 2008 6:42 PM

A Few Days Ago When I Had Norton Security scan i found 42 cookies and 8 Bugs, I thought i got rid of them, and they came back, why wont they go? i system restored but they still came back. Plz Help!

Posted by: Tiffany at December 7, 2008 3:57 AM

See all 28 comments...

Post a comment on "How do I recover from a bad virus infection?":

Name: (Required)

Email Address: (Required)

(Email Address will not be published.)

Remember Me? YesNo

By popular demand...
my tip jar

Buy Leo a Latte!

Comments: (you may use HTML tags for style)

New!

Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored.
Comment only on this article. Use the Google search box at the top of the page if you have a question about something else.
Don't include personal information in the comment. No email addresses. No phone numbers. No physical addresses.
Don't ask me to recover lost passwords or hacked accounts. I can't, and those comments will be deleted.

I can't respond to every comment. And I can't vouch for the accuracy of others who do.
Read Why didn't you answer my question? for hints on getting an answer.
By posting a comment you agree to the Terms of Service. Don't agree? Don't post.
Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored. Yes, I'm saying this twice; you'd be amazed.

Please wait. Your comment is being processed ...