FANDOM


Description: Edit

At one point or another, you will get a virus on your computer. Here are some general troubleshooting steps to resolve.

To Resolve: Edit

1. Determine if you can run .exe files, many viruses block these. If you are unable to remote in on a computer, see Jumping To A Computer Through The Network.

2. Shut the computer down and bring it up in Safe Mode with Networking (usually by tapping F8 on startup).

3. If the virus is not allowing you to run any tools, start with "R-Kill", this program clears active processes so that you can run your virus removal tools. Place this file on a mapped drive on another computer that is mapped to the infected computer and have the user run this if you are unable to remote in.

4. As soon as you get in, start running as many tools as you can. I usually start with "Malware Bytes Antirootkit", "ESET Online Scanner", and "RogueKiller". Always run multiple commands so you don't get situations like these:

General-troubleshooting-1

5. While those are running, check the registry at:

a. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and RunOnce

b. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and RunOnce

General-troubleshooting-2

6. Disable startup entries in Msconfig.exe.

7. After the scans complete, reboot and start with some other scanners, I usually do "AdwCleaner" and "Malware Bytes Regular" next.

8. After those scans complete, reboot and run "CCleaner" and "TFC"

Example: Edit

Notice the "Adobe Css5.1 Manager" on startup. Every time I killed it, it started back up. The virus was placing that file in the startup. Virus tools removed it. After reboot, I had to go in the registry and manually remove that entry. Also Shift+Delete the folder in the directory mentioned. 

General-troubleshooting-3
 

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.