Although we have a good antivirus installed on our computer and we pay all the attention in the world to avoid falling into the clutches of viruses, there is always a certain probability of ending up infected by this type of software. There are viruses so subtle, and with such advanced techniques, that neither we are able to recognize them nor antivirus to detect them. At least until it’s too late. What is usually common is that, in a short time, our PC begins to malfunction. And that’s when we start to suspect that we have a virus .
There are a wide variety of different types of malware. Each of them has a purpose and acts in a specific way.
The signs of the viruses from before were very clear. For example, some opened and closed the CD reader, others made a ball appear bouncing across the screen, and others directly erased all the information on the hard drive and voila. That was when they did not force write to a sector and literally burned the hard drive.
However, now things have changed and viruses can become so subtle that it can take weeks or months for the slightest indication that our computer has a virus appears.
For this reason, either by carrying out regular maintenance of the computer or by suspecting that we may be infected by malware, below we explain how to carry out a complete diagnosis of the PC to detect any possible unwanted threat.
Suspicions that my computer has a virus
Depending on the type of virus, our computer may act in one way or another. It may not even do anything weird and make it much more difficult to suspect that we are infected.
Adware and Spyware (danger 4/5)
The adware and spyware are viruses designed to generate income for the hackers at the expense of our data and our personal information. Adware, on the one hand, focuses on displaying advertisements all over the computer, as well as within the web browser, while spyware seeks to collect personal data (passwords, bank details, and everything else) and sends it remotely to the hacker. computer scientist.
The main indications that our computer is infected by this type of malicious software are:
- A lot of advertising appears on our computer. When we have the browser closed, banners appear on the desktop. And when we surf the Internet, the webs show many more ads and windows than normal.
- Taskbars and unknown extensions appear in the web browser.
- Our firewall warns us that some unknown program wants to connect to the Internet.
- Some browser features (such as automatic updates) are disabled.
- We cannot enter the antivirus web pages.
- We get more junk mail than normal.
- The web browser opens without permission and loads webs randomly.
Fake antivirus, fake technical support or “rogueware” (danger 4/5)
Surely we have ever seen fake antivirus or fake tech support apps . These applications try to pretend to be an antivirus or a program to fix errors on our computer and tell us, lying, that we have hundreds or thousands of viruses or errors on our PC. When we try to solve them, it asks us to pay a license or enter our bank details. Everything, in the end, ends up in the hands of hackers.
One version of this type of threat is fake technical support. These generally arrive through malicious web pages created to deceive their visitors. These websites say that viruses or errors have been detected on our computer and ask us to call Microsoft technical support to solve the problem. During the call they will offer us remote control, install a program (a Trojan) and ask to make a transfer or pay money to correct the problem. These fake websites may even block our computer by setting the CPU to 100%, preventing us from closing them.
The signs that show an infection with this type of malware are:
- Messages appear telling us that we have thousands of viruses and errors on our PC.
- Our computer speaks suddenly. The websites usually have phrases that warn us of the problem.
- The computer starts to run slow.
- There are applications that try to access the Internet without permission.
- The computer crashes or restarts frequently.
- Opening programs like Google Chrome or watching videos becomes much slower, and with problems.
- Many programs cannot be opened. Especially those related to security.
- Antivirus and firewall disappear or are disabled.
Trojans (5/5 danger)
The Trojans with wider type of malware. A Trojan can do almost anything on your PC. The most common are RATs, those that seek to allow the hacker to connect remotely to our computer. When this malware infects us, the hacker has full control over our computer and can download files, steal passwords and bank details, and even install other viruses on the PC.
There are also other types of Trojans depending on the purpose of the hackers:
- Backdoor: to enable back doors through which to communicate remotely with our PC.
- Exploits: to exploit flaws and vulnerabilities in our computer.
- Banking: focused exclusively on collecting and stealing bank details.
- Rootkit: focuses on creating persistence. Sometimes it even brings the malware into the PC’s BIOS.
- Downloader: used to update the Trojan, send new versions and add-ons. The “dropper” variant is responsible for downloading other types of viruses and Trojans on our computer.
Normally, a Trojan usually has a specific function with a module that allows hackers, once the computer has been infected, to add functions to it by means of “plugins”.
The symptoms that our computer has a Trojan are:
- Our computer crashes or does strange things.
- Some programs run without permission.
- The computer is slow or takes a long time to start.
- Strange applications and services try to connect to the Internet.
- Some applications do not work. For example, Internet Explorer.
- We get too much junk mail. Or emails with logins on websites where we have not entered.
- The hard drive is constantly working.
- Not many web pages work.
- Some personal files disappear, or are modified.
- Antivirus and firewall disappear. And they cannot be run or installed again.
Ransomware or extortion software (danger 5/5)
The ransomware is the most dangerous malware that can be found today. Normally this type of malware is usually undetectable by most antivirus and, when we realize that we are infected, it is too late.
The ransomware was born from the police virus. What this virus did was show us a screen in which they indicated that we had been caught doing illegal things on the Internet and asked us to pay a fine. All of it false. But it was just a screen that blocked our computer, but no files or anything was deleted.
However, today’s ransomware acts differently. When they arrive at the computer, what they do is encrypt all our personal data so that we cannot access them. We lose them completely. It also asks us to pay a ransom, in Bitcoin, which allows us to recover the private key to decrypt the data and recover it. Of course, it does not always work, and sometimes we lose money as well as data.
Signs of a ransomware infection are:
- Our personal files have disappeared.
- New files appear with strange names and extensions.
- Text files appear on the desktop and in folders with instructions for recovering data.
- The computer is locked with a screen with instructions to pay and unlock it.
- A program tries to connect to the Internet, or download other components from the network.
Bitcoin and cryptocurrency miners (danger 2/5)
This is another of the malware that has proliferated the most in recent years. Especially when Bitcoin and altcoins started to skyrocket in value. These little programs hide inside other harmless applications, or on web pages, and begin to use our hardware to mine cryptocurrencies. They put the CPU and GPU to 100% and use our resources and our electricity to participate in a mining pool. We pay for everything and the hackers get the profit.
The symptoms to suspect that we are infected by this type of malware are:
- Our computer is slow. The CPU and / or GPU are constantly put at 100%.
- When visiting a web page our computer crashes.
- The computer crashes, even reboots, unexpectedly.
Botnet (danger 3/5)
The botnet, or network of zombie computers, are a set of computers and computers around the world who have been infected with the same malware. This malware, usually a Trojan, opens a back door for the hacker and makes the computer wait for instructions. These networks (made up of millions of devices) are usually used to carry out DDoS attacks or to send mass mail.
The symptoms that our computer is part of a botnet are:
- The computer is very slow, programs take time to open, and Windows takes a long time to start.
- Internet is slow.
How to check your computer for a virus
If we experience any of the signs that we have seen in the previous points, we almost certainly have a virus. And since today’s viruses are very difficult to detect with the naked eye, we just have to trust our instincts.
If we have an antivirus installed, either Windows Defender or a good reliable antivirus (Kaspersky, Bitdefender, Norton, etc.), and the virus has not blocked it, we can use it to scan our computer for viruses. A complete scan of the PC will help us find the virus. Or if not, at least other signs that we are infected (such as other secondary viruses used by a Trojan).
Another way to check if your computer has a virus is to use a program called ” Process Explorer “. This program is programmed by Microsoft with the most advanced users and system administrators in mind, but it has very useful and interesting functions. For example, this alternative task manager allows us to send the hashes of all processes to VirusTotal, checking its integrity and being able to know if it is a virus or is it reliable.
Of course, a very fast way to check if a process is a virus. As it sends its hash (and if it is not in the database it sends the entire process to be analyzed), even if it has a name that tries to impersonate a trusted process, it will not fool you.
If the column “VirusTotal” has a high number of positives, we can see more information about the process to see where it is saved on our computer. We can even go to the result of the VirusTotal analysis to find out what virus it is, learn more about it and be able to eliminate it.
How to eliminate a virus from our computer (and avoid re-infecting ourselves)
Many times the fastest and most effective way to remove a virus from your computer is to format and install Windows 10 from scratch. In this way we make sure that there are no traces of it or persistent copies that could allow it to reproduce again and re-infect our computer. Formatting is undoubtedly the most efficient. Although also the most drastic. But if Windows is very infected and it doesn’t even work, we won’t have another option.
If we don’t want to format, then we can try to remove viruses in various ways. Of course, we must do all of them by restarting the computer in Safe Mode . In this way we will prevent the virus from blocking the following security measures.
Scan the computer with your antivirus
If we have an antivirus installed on the computer, and it works, we can use it to analyze our PC in search of viruses and eliminate those that can be detected. We must verify, of course, that no rules have been created that exclude certain folders from the analysis and that we are using an updated, reliable antivirus with the latest version of the database.
Use a portable antivirus
If our antivirus does not work, or does not detect anything, then we need a second opinion. And since we cannot have two or more antivirus installed at the same time, then what we must do is resort to portable antivirus.
A portable antivirus is one that can be run from a USB memory without having to install it on the computer. In this way it will not cause problems with the antivirus that we have on the computer and the virus will not be able to block or deactivate it.
Do an offline scan
By the time Windows is loaded into memory, the virus may be doing its thing and complicating its detection.
Windows Defender, and other antivirus, offer the ability to perform offline scans . This type of analysis is carried out from the Windows recovery console, before loading the operating system, so that absolutely no process can block or prevent the antivirus from detecting the virus that is infecting our computer.
If the offline scan is successful, when we start the computer the virus will be gone. Although if it had persistence it could reproduce again. We recommend that you read the final point of the article to prevent this from happening.
Do your own research and remove the virus manually
Security companies usually publish information about all the viruses that appear. This information includes an analysis of behavior, what it does, servers to which it connects and files that depend on it.
With this information we will be able to know more or less where to attack this virus. In addition to deleting its own files, we should also check Windows services to disable any suspicious ones and make sure to erase all registry keys related to this malware. We can also use the Autorun Organizer program to check all the processes that start together with Windows and, in addition, check them with VirusTotal to detect malicious processes.
Also, if you cannot delete the files created by the virus from Windows, you can mount a Linux Live on your computer to delete them from it. Thus nothing will prevent deleting the malware files and cleaning your computer.
What to do when we cannot remove a virus
It may happen that, if we have been the victims of a very complex computer attack, we are not able to eliminate the threat completely. This usually happens when the virus, or malware, has been duplicated throughout the system and very comprehensive persistence methods have been created. Given this, we can choose one of the following options.
Format the computer
Unfortunately, when this happens, the only way to completely eliminate the threat, and to be sure that our PC works normally again, is to format the computer . We will format the Windows hard drive, install the operating system again, and once we have it running, before doing anything, we must analyze all other hard drives connected to the PC to prevent malware from hiding in one of them and re-infect our PC.
However, if we don’t want to go to that extreme, there are some little tricks that can help us eliminate the threat.
Disable system restore
The system restore feature is very helpful in helping us troubleshoot problems. However, it is also very dangerous, as many viruses hide in it, waiting to re-infect the computer. Although we do not have access to the directories saved for restoration, the malware usually copies itself there as soon as it infects the PC so that, if the antivirus removes it, it can be copied back to the system.
We can prevent this from happening by disabling the system restore options. Thus, in addition, we will save disk space. Of course, we must bear in mind that, if something goes wrong, we will not be able to use a restore point to go back.
Check processes at Windows startup
Many viruses copy their own instructions at the start of Windows that cause them to be installed and enabled again when the PC is turned on, even if the antivirus has eliminated it in the previous session. In addition, these instructions do not usually appear in the task manager, so they are often difficult to find.
We can use a Windows startup manager, such as Autorun Organizer, to know everything that runs when Windows starts. If we see any strange instructions then we need to disable it as it is probably the virus.
Try in Safe Mode
Viruses usually all have persistence functions. And, among them, stands out the possibility of avoiding antivirus, and even blocking them. However, if there is a safe place where viruses cannot do anything, it is in Safe Mode. When we restart the PC in this mode we find an environment in which only the drivers and Microsoft libraries load, nothing from third parties.
If we have a virus in Windows, it will not work in Safe Mode. Therefore, we can use an antivirus in this mode (like Windows Defender) to remove it from the system. We can also run an anti-rootkit to eliminate possible instructions that may be in the system MBR.
Tips after disinfecting our computer from a virus
Viruses often create persistence. And this persistence is not eliminated by antivirus. For this reason, it may be that after disinfecting our computer in a short time we will be just as infected as before.
The persistence is usually hidden in various parts of the system. For example, many viruses use restore points to hide. And others even in the recycle bin itself. Therefore, before eliminating a virus we must deactivate the restore points and empty the trash. Thus, when you delete it, it will not be able to reproduce.
The same happens if we have other units connected to the computer . Secondary hard drives, partitions, external hard drives, USB sticks, etc. The virus may have copied itself to these drives and can reproduce from there. For this reason, it is very important to check that there are no rare files in these units, nor any hidden auto-run, that could make us fall into the clutches of hackers again.
If after removing the virus from the computer, it still does not work correctly, just as, in addition to the changes made by the virus, our computer needs to be formatted . After backing up our data and reinstalling Windows, everything should be working normally again.