Virus Removal Support | Jason Palmer, CPA, CITP

It is not a question of if your computer will get infected a Virus, Trojan, or some form of Malware/Spyware, it is just a matter of when. The Microsoft Windows family of operating systems are targeted by hundreds of thousands of malicious software programs regularly. Even with the most up-to-date Antivirus software, infections do happen. No Antivirus software can catch every attack and variant all the time.

If you can still access the Windows “Start” button, access the Internet, and install Programs, the Antivirus Scan and Removal Tools listed in my article, “What did your Antivirus Software Miss?” will usually resolve and remove the minor infection from the offending software.

If the virus has taken your computer desktop hostage and is holding it ransom, telling you to click on a link to access a web site to make a payment for an “unlock” code – which will magically “fix” your computer, then more drastic measures are required.

Such is the case with a recently encountered, “File Recovery” virus that has started to make the rounds this past week.

Note: The majority of viruses, even Root Kits, can be removed and your Computer restored to its’ “pre-infection” state. It may just take an incredible amount of time and patience to go through the steps required to remove the virus.

This would be a great time to remind everyone that if they had an “Image Backup” of their computer prior to the infection, they could simply perform a “Restore” and roll-back the computer to a time BEFORE it was infected. See my article, “Image Backup – True one-click Restore for Disaster Recovery.”

As an example, the “File Recovery” virus encountered displays fake alerts and warnings claiming a number of hard drive errors and that failure of the hard drive is imminent. In reality, NONE of these warnings are real. The entire purpose of the malicious program is to scare you in to purchasing the “File Recovery” software and stealing your personal financial information. (You will presumably be entering in a credit card number to make the purchase.) In addition to bogus alerts, it changes the Windows desktop to solid black, hides any desktop shortcuts, and hides all of the program files and many other folders. It definitely gives the appearance that all of your programs and data are missing. The File Recovery Self-Defense tactics block access to the Windows Task Manager, Windows Registry, and all Windows system utilities.

Just for reference, a sample screen shot of the fake warning page is shown below.

Regardless of if it is the “File Recovery” virus or some other nasty virus, they all tend to exhibit many of the characteristics described above. Most importantly, to the average individual, they strike a sense of fear and panic hoping you will pay them the ransom to “clean your computer” of the dreaded infection. DON’T.

Instead, start by seeing if you can figure out which specific malicious software program is infecting your computer. For example, in the screen shot above, the title in the window on the upper left hand side is called “File Recovery.”

Visit your favorite search engine, like Google.com and type in “File Recovery Virus”. You will immediately see dozens of sites with instructions on how to remove the File Recovery Virus. In most cases, the steps are well documented for removal. Many include screen shots and instructions telling you exactly what to click and type and the expected response from the computer after each step.

Here is an example of the comprehensive instructions which I used to remove and clean up after the “File Recovery” virus infected one client computer this week.

http://malwaretips.com/blogs/file-recovery-virus

Most of the well-known Antivirus vendors provide hundreds dedicated removal programs for specific well known viruses that are available free-of-charge from their support sites. Each specialized removal program is optimized to disinfect your computer from a specific virus infection.

In addition, most of the vendors provide some level of advanced “Rescue” Antivirus scanners and removal tools that are available free from their web sites to assist in extreme lock-out cases. These are programs that run in command line mode or have a custom boot image that bypasses the severely infected Windows operating system so that the Antivirus program can “kill” the malicious program BEFORE Windows starts.

For example, even if the computer seems to lock you out in Windows “normal” mode, many viruses can be tricked or stopped by restarting the computer in Windows “Safe Mode with Networking.” In extreme cases, when the only thing you can do is restart the computer in Windows “Safe Mode Command Line Prompt”, the “Rescue” utilities are the solution of last resort and will start you on the path to recovery.

Much of the above depends on not on your technical ability but on your willingness to methodically follow a specific set of instructions and be patient. From any given search, there will be dozens of responses. Review a number of them to make sure that your situation applies, (based on the symptoms) and see if they are all basically providing the same steps to remove the virus. Then pick one and stay with it until completed. In my example with the “File Recovery” virus, the instructions had screen shots, told me exactly what to type at each step of the way, and the responses I should expect to see if successful.

Depending on the Antivirus software product you use, the vendor may provide advanced virus support removal assistance. With some vendors this is free, like Vipre from GFI.com, with others, like Trend Micro there is a $50 support charge for assistance. Do not expect to find live human support if you are using one of the many “free” versions of Antivirus software such as AVG, Avira, Avast, or ClamAV.

Understanding the support and virus removal services provided and associated fees, if any, available from your Antivirus vendor should be a major consideration in choosing your Antivirus Software.

I personally like Vipre from GFI.com for their outstanding, free virus removal support available via Web Chat and Telephone. GFI/Vipre Support has helped me remove the nastiest of virus infections at no additional cost. Support was included with the nominal cost annual virus update subscription which every vendor requires for you to obtain and download the latest threat definition databases to the Antivirus software.

Finally, there are a number of well-known sites that specialize in providing free virus removal assistance and tools through a community of volunteers. Most provide support and response that exceed that of the major Antivirus vendors. Realize that with rare exception, any virus infection on your computer has been seen before by the “community at large” and therefore Google.com will have a wealth of references to sites with information on how to remove it.

If you are faced with a complex virus problem or would just like some professional guidance on what to do after your computer has become infected, feel free to contact me for assistance. “The Doctor” is always in.