How to remove viruses from a computer. How to find a virus in the Windows process list How to detect and remove viruses

Infecting a computer with viruses is not a new topic for every computer user. While loading operating system various information windows appear, some programs do not work correctly, the browser start page changes, various add-ons are installed. It also happens that the computer does not turn on at all or it takes a very long time to load, then it slows down during operation.

If you have at least one of the above signs, then definitely you have caught the virus. Therefore, let's figure out in what ways you can remove the virus yourself from your computer.

Using antiviruses

The first thing to do is to check your computer with the installed antivirus program. I have Avast installed, so I'm showing on it. Find the corresponding icon in the tray and click on it with the mouse.

The main program window will open. Now make sure that you have the latest version of the virus definition: in "Settings" go to the "Update" tab. See when the last update was received, if necessary, click on the Update button.

From the drop down list select "Full Scan" and click "Start". If you have another antivirus installed, find the same item in it and enable a full computer scan.

Thus, we will perform a full computer scan for viruses. This process will take a lot of time - 11 hours, however, it all depends on how much information is stored on the computer - the larger its volume, the longer the verification takes.

When the process is completely completed, try to cure the found threats. If this does not work, then it is better to remove them.

It would be better if we scan the computer for viruses with another anti-virus program: for example, Dr.Web CureIt or AVP Tool. Use for home, but not for commercial purposes, these programs can be completely free. In addition, they do not require installation on a computer - there will be no conflict with the installed antivirus.

You can download Dr.Web CureIt from the official website by clicking on the link:
https://free.drweb.ru/download+cureit+free/

AVP Tool is a utility from the Kaspersky laboratory that cures an already infected user's computer. Download it from the official website at the following link:
http://www.kaspersky.com/antivirus-removal-tool

It is better to download programs from the official site so that Latest updates virus database.

To check the computer with one of the utilities you have chosen, go to safe mode: when loading the operating system, press the F8 button. Now run the program and run a full scan.

At the end of the process, try to cure or remove the found threats. Please note that after deleting certain files, some pirated programs may be broken.

Cleaning a computer from viruses using antivirus programs, does not give us a 100% guarantee that it is now clean. This will require a few more steps.

We remove incomprehensible programs from startup

At this point, you need, or those that you rarely use. Press the combination Win + R and in the line "Run" write the command msconfig and click "OK".

A window will open. Here, checkmarks indicate programs that run with the operating system. Disable the launch of all programs you do not need: uncheck the boxes next to them. Look for strange programs in the list, with an unclear location or manufacturer.

When done, click Apply and OK.

If in doubt whether it is worth disabling a certain item from the list, hover over it with the mouse in the “Command” section and look at the file location. Then find it through the explorer and note the date it was downloaded. If it was in the days when the computer was infected, then you can safely uncheck the box.

Related video:

Checking recently installed programs

To do this, go to "Start" - "Control Panel" – "Programs and Features".

In the next window, click on the "Installed" column and look at the latest installed programs. If among them there are those that you did not install (incomprehensible, unknown name and content) - click on it with the mouse and click "Delete".

So that the utilities do not leave any traces behind them, use it on a PC. This can be done manually, or using special utilities.

Related video:

Checking Processes in Task Manager

Due to workload CPU computer performance may be significantly reduced. If there were no problems and freezes before, and now you are faced with this, then this is probably the result of a malicious program.

Click on the Start button and in the search bar type "Task Manager", then press Enter .

Here, go to the "Processes" tab and make sure that the "CPU" column does not have very large values. If you notice something suspicious, right-click on this line and select from the context menu "Open file storage location".

Through the explorer, the location of the file will open. Look at "date of change" file. If it matches the number when you supposedly caught the virus, then delete given file and go back to "Task Manager", select the desired line with the mouse and click "End Process".

Delete temporary files

At this point, we are in which all temporary files are stored. First you need to turn on the visibility of files and folders. We go "Start" - "Control Panel" – "Folders settings".

In the next window, go to the "View" tab and put a marker in front of the item "Show hidden files, folders and drives". Click "Apply" and "OK".

We are looking for another folder "Temp" on the computer:

C: - Users - Name YOUR Account – AppData – Local – Temp

Delete all files from it too.

Related video:

Checking the hosts file

Sometimes viruses can get to the hosts file as well. Go to the following path:

C:-windows-system32-drivers-etc

Right-click on the file called "hosts", select "Open" and open it with notepad.

For the Windows 7 operating system, the text must be written in the file, as in the figure below.

To reduce queries to the DNS cache and DNS servers, frequently loaded Internet pages can also be registered in the hosts file. If you see suspicious information there, delete it.

If you have entered desired folder and the hosts file was not found there, then this is probably due to a virus. Turn on visibility hidden files and folders as described above. Then open the appeared host file and see that the text that should be the default is written there.

If it is changed, write everything as it should be. In the event that the file cannot be edited, create a new one with the .txt extension and the name hosts and write all the text as in the figure above - for the Windows 7 operating system. For other operating systems, the text is different, so look on the Internet.

We clean the registry

This should be done if you removed a suspicious program via "Programs and Features", or completed the work of an incomprehensible file in the processes.

In order to open the registry editor, press the combination Win + R. Next, in the "Run" window, write the command regedit and click "OK".

Now on the "Edit" tab, select "Find" or press the combination Ctrl + F. In the search bar, enter the name of the program, or part of the name that you deleted through "Programs and Features" or "Installation and removal of programms". In the search bar, you can also enter the name of the file whose work you have completed in the processes.

If either a registry branch or a parameter is found by name, it will need to be deleted - select the parameter or registry branch with the mouse and click Delete.

Clear browser cache and add-ons

If the virus is related to the browser, then first we will check where the shortcuts created on the desktop lead. To do this, right-click on the browser shortcut and go to "Properties".

Here, in the "Object" field, check that the link leads to the drive and folder where the browser is installed. If the link leads to a suspicious file, delete the shortcut and recreate it.

To clear the browser cache, use a special program, such as CCleaner. Download, install and run it on your computer. Then, in the "Cleaning" section on the "Applications" tab, check the necessary items, click "Analysis", then "Cleaning".

Now go to the tab "Extensions", if extensions are installed there that have incomprehensible names, or you did not install them yourself - click "Delete".

Creating a Live CD

This will come in handy if your computer is blocked by a virus: it turns on, but the operating system does not load. How to burn a Live CD to a flash drive or disk and clean up your computer, read the article by clicking on the link.

To do this, you will need another computer from which you can download the image, blank disk or flash drive. You will also need to change the boot priority in the BIOS. You can also read the article on this by clicking on the link.

Read about the symptoms that indicate the presence of a virus on the computer. How a computer, antivirus program or browser reacts to viruses. Malware or viruses can throw your computer into chaos. They can deactivate your antivirus program and make your computer vulnerable to other malware. software, interfere with the normal functioning of the computer, or corrupt operating system files.

Ransomware viruses encrypt user data in such a way that it is almost impossible to decrypt or recover it. Viruses can get access to any data, be it personal files, banking data or user passwords, as well as create duplicate accounts.

What to do to protect yourself and your computer from viruses? You need to start by installing an antivirus program. It also does not hurt to master the skills of safe use of a PC. A common cause of computer infection with viruses or other malware is the lack of computer literacy of the user, which is also worth tightening up.

New types of viruses and malware appear all the time, so they may not always be detected by every antivirus program, at least until they are entered into the virus signature database. Such fresh viruses can get into the system and go through all software protection.

If you accidentally download a suspicious file that contains a virus or click on an email attachment, your system may be infected with viruses such as: Trojan, Rootkit, Worm, Backdoor, junkware or Malware. Therefore, before clicking on an unknown file or link, it is better to think twice and make sure that the anti-virus program installed on your computer is up-to-date with the latest anti-virus signatures.

So, how can you tell if your computer is infected with viruses? Here are a few tell-tale signs that you may have viruses or other malware on your computer:

And now in detail:

These are just the most common ways to determine if a computer has viruses, malware or ransomware, and their symptoms. And how quickly the user can deal with such programs on his PC depends on the safety of his data and files.

So, today we will talk with you about how to remove a virus manually from a computer. In addition, let's see what Trojans can be found, how they manifest themselves and from where they can be brought onto a computer. Let's quickly start studying our topic today.

Types of viruses

Well, before manually removing a virus from a computer, it is worth talking to you about what kind of infection is generally found on a computer. Indeed, in most cases, it depends on how the treatment should be carried out. So let's get started.

The first virus is a Trojan. It is a malicious file that "settles" in the operating system, and even harms it. For example, it damages or destroys important documents. Now there are a lot of them.

The second fairly common type of virus is a variety of ransomware. These are files that get into the system and block it. But not destroying, but only encrypting documents. At the end of such a cipher, as a rule, the creator's e-mail is left, to which a certain amount of money must be transferred in order to return the documents to their original form.

The third virus that can be picked up is, of course, a variety of browser add-ons, or spam. As a rule, they are very strong and even interfere with the work on the Internet. This is due to the fact that the user's start page may change, plus everything, advertising banners will be located everywhere in the browser. When users see this picture, they think about how to manually find viruses in a computer, and then remove them. Now we will try to deal with this.

Signs of infection

So, before you manually find viruses and get rid of them once and for all, let's try to figure out what may indicate to you the presence of a computer infection in the system. After all, if you detect signals in time, you can avoid damaging a large number of files and losing the OS.

The first, most obvious sign is nothing but messages from your antivirus program. She will "swear" at some documents and files, giving you the name of the alleged virus. True, sometimes an antivirus behaves this way in relation to various cracks and "pills" for computer games. However, this cannot be ignored.

The second scenario - your computer starts to "slow down". It is then that users begin to actively think about how to remove the virus manually, especially if they do not have an antivirus. So, as soon as you notice that your system has become "slow-thinking", start sounding the alarm.

The next scenario is that new programs began to appear on the computer that you did not install. A fairly common move among computer infections.

In addition, ads in the browser may also indicate infection of the computer. Changing the start page without the possibility of recovery, advertising banners everywhere and everywhere - all these are quite alarming signals. So, let's quickly see how it happens from the computer manually.

Search

Well, the first step is to start by looking for those places where the infection lies. Sometimes it is very difficult to do this. Especially if you don't have an antivirus program. In general, let's see what can be done in this situation.

So, when you decide to overcome the virus yourself, you will have to find the folder on the computer in which it is stored. Sometimes the infection itself impersonates itself by creating its own processes in Open it (Ctrl + Alt + Del), then go to the "processes" tab. Now find any suspicious line there (it will be somehow strangely named, or even signed with hieroglyphs) and click on the "show file location" button. Done, the virus is found.

True, not everything is always so easy and simple. If you are thinking about how to manually remove a virus from a computer, then you should also know that a computer infection is often well hidden. In the folder display, check the "show folders" box. Now it will be much easier to search.

Remember that very often they "settle" in the Windows folder. For example, most Trojans are found in System32. Some infection is able to "register" in the host file. We know the favorite places of viruses. But how do you get rid of them?

Checks

The first scenario is the removal of the infection automatically. More precisely, semi-automatically. We are talking about the presence of viruses with the help of an antivirus program.

In order to provide yourself with reliable data protection, stock up on a good antivirus. Dr.Web is great. If you don't like it, you can also try Nod32. He also does a pretty good job.

Do a deep check. After the program gives you the results, try to disinfect the documents automatically. Did not work out? Then erase them. True, if you are thinking about how to manually remove a virus from a computer, then most likely antivirus checks did not help you. Let's see what else can be done.

Erase programs

The second step towards healing the system is, of course, removing the various content that the virus instructed you. This is a fairly common occurrence. So, look in the "control panel", and from there proceed to "add or remove programs". Wait a while for the content check to complete on your computer.

When a list of programs appears in front of you, remove everything that you do not use. Pay special attention to content that you did not install. Or the one that appeared as a "trailer" after the installation of some other "program" was completed. Right-click on the desired line, and then select the "delete" command. Ready? Then you can think further about how to remove the virus manually from your computer.

Total Scan

And now let's resort to some services and techniques that will definitely help us. If you know the name of the virus (especially if you encounter spam), then you can search for an infection using the computer registry.

In order to go to the required service, press the key combination Win + R, and then run the "regedit" command. See what's in front of you. On the left side of the window are folders with long and incomprehensible names. It is in them that viruses often hide. But we will simplify the search task a bit. Just go to "edit" and then click on "search". Type the name of the virus, then run the scan.

After receiving the results, all the lines that appear must be erased. To do this, click on each of them in turn, and then select the desired command. Everything is ready? Then restart your computer. Now you know how to manually remove a virus from a computer.

When something is wrong in the system or we just want to check the effectiveness of the antivirus installed on the computer, we usually press the three cherished keys Ctrl, Alt, Del and launch the Task Manager, hoping to detect the virus in the process list. But in it we see only a large number of programs running on a computer, each of which is represented by its own process. And where is the virus hiding? Our article today will help you answer this question.

In order to determine whether there is a virus in the processes or not, you need to look very carefully at the list of processes. In the operating room Windows system Vista, be sure to click the "Show processes of all users" button, otherwise you won't really see anything. First of all, pay attention to the description of the process in the "Description" column. If there is no description or it is somehow “clumsy”, this should alert you. After all, software developers have a habit of signing their creations in understandable Russian or English.
Having noted processes with a suspicious description with a glance, we turn our gaze to the next column - “User”. Viruses are usually launched on behalf of the user, less often in the form of services and on behalf of the system - SYSTEM, LOCAL SERVICE or NETWORK SERVICE.

So, having found a process with a suspicious description, launched on behalf of the user or it is not clear on whose behalf, right-click on it and select "Properties" in the context menu that appears. A window will open with the properties of the program that launched this process. Pay special attention to the "Details" tab, which contains information about the developer, file version and its description, as well as to the "Location" item of the "General" tab - the path to the running program is indicated here.

If the "Location" path leads to the Temp directory, Temporary Internet Files, or some other suspicious place (for example, to the folder of a certain program in the Program Files directory, but you are sure that you did not install such a program), then this process MAYBE belongs to the virus. But all this is just our guesswork, for detailed information, of course, it is better to turn to the Internet. There are good process lists at what-process.com http://www.tasklist.org and http://www.processlist.com. If, after all the searches, your fears about a suspicious process are confirmed, you can rejoice - a virus, trojan or other malware has settled on your computer, which needs to be urgently eliminated.

But the window with the properties of the file that launched the process from the Task Manager may not open. Therefore, in addition to standard means Windows needs to use various useful utilities that can provide maximum information about a suspicious process. One of these programs - Starter - we have already considered (http://www.yachaynik.ru/content/view/88/).

In Starter, the "Processes" tab provides comprehensive information about the selected process: a description of the program and the name of the file that launched the process, information about the developer, a list of modules (software components) involved in the process.

Thus, there is no need to delve into the properties of the file that launched the process - everything is as it is in the palm of your hand. However, this does not prevent you from right-clicking on the suspicious process and selecting "Properties" to get detailed information about the process file in a separate window.

To get to the program folder that the process belongs to, right-click on the process name and select "Explorer to Process Folder".

But the most convenient option in Starter is the ability to start searching for information about the process right from the program window. To do this, right-click on the process and select "Search the Internet".

After you receive full information about the file that launched the process, its developer, purpose and opinion about the process on the Internet, you can quite accurately determine whether the virus is in front of you or a peaceful workaholic program. The same principle applies here as in the Task Manager. Suspicious are those processes and process modules for which the developer is not specified, in the description of which there is nothing or something indistinct is written, the process or the modules involved by it are launched from a suspicious folder. For example, Temp, Temporary Internet Files, or from a folder in Program Files, but you remember for sure that you did not install the program indicated there. And, finally, if the Internet clearly states that this process belongs to a virus, rejoice - the malware did not manage to hide from you!

One of the most common misconceptions of beginner dummies concerns the svchost.exe process. It is written exactly this way and nothing else: svshost.exe, scvhost.exe, cvshost.exe and other variations on this theme are viruses masquerading as a good process, which, by the way, belongs to Windows Services. More precisely, one svchost.exe process can start several system services at once. Since the operating system has a lot of services and it needs them all, there are also a lot of svchost.exe processes.

On Windows XP, there should be no more than six svchost.exe processes. Five svchost.exe processes are normal, but already seven are a 100% guarantee that malware has settled on your computer. AT Windows Vista there are more than six svchost.exe processes. I have, for example, fourteen of them. But there are a lot more system services in Windows Vista than in the previous version of this OS.

Another useful utility, Process Explorer, will help you find out which services are started by the svchost.exe process. Download latest version Process Explorer you can from the official Microsoft website: technet.microsoft.com

Process Explorer will give you a description of the process, the program that launched it, the name of the developer, and a lot of useful technical information that only programmers can understand.

Hover your mouse over the name of the process you are interested in and you will see the path to the file that launched this process.

And for svchost.exe, Process Explorer will show a complete list of services related to the selected process. A single svchost.exe process can run multiple services or just one.

To see the properties of the file that started the process, right-click on the process you are interested in and select "Properties" ("Properties").

To search for information about the process on the Internet using a search engine Google systems, just right-click on the process name and select "Google".

As before, suspicions should be caused by processes without a description, without the name of the developer, launched from temporary folders (Temp, Temporary Internet Files) or from a folder of a program that you did not install, and also identified on the Internet as viruses.

And remember, in order for the Process Explorer and Starter programs to work properly in Windows Vista, they need to be run with administrative rights: right-click on the program's executable file and select "Run as administrator".

However, I want to disappoint you, only very stupid viruses impersonate themselves in the process list. Modern virus writers have long since learned to hide their creations not only from the eyes of users, but also from anti-virus programs. Therefore, in case of infection with a well-written malware, only good antivirus with fresh bases (and even that is not a fact!), the presence backup with all your information and a Windows distribution disk to reinstall the system. Nevertheless, it is still worth looking into the list of processes from time to time - you never know what scvhost or mouse.exe is hiding there.