So you went into safe mode, ran a cleaner (ccleaner or bleachbit) and ran an anti-malware program and when you restart, your PC becomes infected again. So what happened?
Many times, the virus is in the startup group and has been copied to your program files or programdata folder. Even though the cleaners removed the virus, the virus may be dynamic and when restarted, it spawns (polymorphic) and reinfects the computer. The virus has cloned itself and is basically regenerating itself when Windows reboots.
You can get to the source of the problem and delete the virus and left over files just after you clean it in safe mode.
- Run msconfig from the search box
- Locate the virus – it will usually be a string of numbers and letters
- Navigate to the folder it is in and delete the virus manually.
- Run your anti-virus and malware again to insure it has been removed (traces)
- Run a registry cleaner such as MV-Regclean
- Update and use a quality anti-virus program
MSConfig (Finding the rogue software)
MSConfig Close-up
Navigate to the folder and delete the files. You will see a pattern of odd files.
Properties of the file
Note: Executing the file by identically clicking on it will reinfect the computer. If single click is on (Mouse), turn off the single mouse click option prior to navigating to the folder containing the virus.
Skilled professionals can capture the virus and practice removing the virus by using an old pc or a virtualized operating system in an educational environment. This should be in a controlled lab. Anytime you work with viruses (removal or educational), it must be controlled and infected computers should be backed up and removed from the network.
How do I remove the virus and what programs should I use? Link
(Above pics by Michael M. -Bama)
TCAT Shelbyville - ITIM 