Why trust your PC after a virus!

There is a mobile optimized version of this page, view AMP Version.

I see this time and time again – someone gets a virus on their PC, calls their “techie” friend who immediately goes “oh yeah – I can remove this…”. The “techie” removes some start-up program entries that run the offending EXE – runs some slightly more suspicious “.bat” files that apparently help remove the root of the virus, does a system restore and/or uses a virus scanner to remove the virus…

Okay, my problem with this is… Why trust your machine after a virus has infected it? Especially when that virus is advanced enough to route itself into your explorer.exe, hide itself amongst system files and even INSIDE system files – probably tampered with your firewall / virus scanner / boot sector and is probably wrapping itself all over your Operating System.

The point I’m trying to make is, how to do you know the virus has gone? Just because you no longer get the FBI warning or the weird popups does not mean the virus isn’t still lurking in your system or that your system is not compromised ready for future viruses.

Why is it such a daunting task to just wipe the Operating System and start again? This is the practice I have been accustomed to for almost 10 years now, if I get a virus I immediately boot a Linux OS from a CD – recover anything important and scan it externally (not with the infected computer!), and then re-install the whole Operating System which takes less than 3 hours and gives me complete piece of mind.

Not only does it give you complete piece of mind, but also my computer is “as new”, and it’s nice to have everything clean and fresh – also fixes any weird problems the system picks up over the months/years you have been using it.

I always follow these simple rules:-

  1. Never trust your virus scanner to fix your problems – It’s software too and is just as vulnerable as the Operating System (in fact viruses purposely look for them and target them so they could be seen as MORE vulnerable).
  2. Even if you can stop the virus, don't trust your machine – Viruses are programmed to be smart, they can lay dormant and re-initialize themselves very easily by hooking into other software or even files such as images. Not only this they may have altered your virus software and/or firewall leaving you vulnerable. 
  3. Backup your system externally – Don't use system restore for recovery after a virus, it is really easy for a virus to infect these “backups” and it is just not worth relying on them for this situation, use it for software installations and upgrades which is what is it meant for. Instead use some backup software (you can find free ones on the internet), backup your operating system onto an external drive.
  4. Watch for weird behaviour – Just because you have a virus scanner or malware scanner, does not mean it will tell you instantly when something bad is on your machine, use your initiative and look out for the signs of an infection, such as:-
    • Weird software appearing on your machine.
    • New programs appearing in the process list that you did not install or run (CTRL + ALT + DEL)
    • System becoming sluggish randomly or taking forever to boot (this could also be a hardware / software issue).
    • Network lights flash even when your sat looking at the desktop with no software running.

Author: Dean Williams

I'm a Web Developer, Graphics Designer and Gamer, this is my personal site which provides PHP programming advice, hints and tips

  • Porfirio

    Or better...

    Just install that Linux OS 😉