One of the most common posts that you see in various forums is from people who suspect that their computer might be virus infected.  Posts such as, “My computer is crashing, do I have a virus?” or “I just got infected with a virus, what should I do?” are a clear indication that virus infection is a serious problem and that having guidelines on how to tackle such an event is essential.

Determining whether you’re infected

The first step to take when suspecting your computer might be infected is to actually confirm whether it is or not. There a lot of viruses out there and whilst most anti-virus solutions can detect almost all of them, there is always the risk of being infected with a custom virus – something as yet unknown  or even something that your anti-virus solution might not be able to recognize yet. As such if your anti-virus solution is saying that you’re clean, it’s a good sign, but not necessarily a definite one.

What should one do to be sure?

The first step is to take note of when the symptoms that are making you suspect a virus started. Then think about anything that you might have run/installed during that time. (Note: not all infections start with the user running something but it is the majority of cases. This should also include attachments you opened or ran from your received emails.)

If anything from the above exercise raises a red flag in your mind, or might be of dubious origin (such as receiving an email from a friend that didn’t sound like them), then it is definitely worth investigating that file.

We already know that the virus scanner installed didn’t detect any viruses but we need to be sure – so how about testing the file with multiple anti-virus engines?

Using multiple anti-virus engines

Don’t worry, you do not need to buy them all; there is a free service that does exactly this. All you need to do is upload the suspicious file and see if it is detected as a malicious file by any of the virus engines.

If, on the other hand, you have no idea which file might have caused the infection, the only other option is to scan your computer with another anti-virus. Again we do not have to buy any products for now, most anti-virus offer free anti-virus scanning from the web. These will only detect a virus however, they will not clean it. Still, for our purpose, which is finding whether we’re infected and with what, it’s enough.  You can search for online virus scanners or use one from the list below:

http://www.kaspersky.com/virusscanner
http://www.bitdefender.com/scanner/online/free.html
http://home.mcafee.com/Downloads/FreeScan.aspx
http://www.f-secure.com/en_EMEA/security/security-lab/tools-and-services/online-scanner/
http://housecall.trendmicro.com/

Once you’ve finished scanning and you do find a virus, you have three options:

  • Buy the full product of the brand that detected your virus. (This will ensure that at least you will definitely know that it will be detected)
  • Search the web for a free tool that can clean this particular virus or even documentation of how to do it manually. (This is only recommended if you’re an advanced user. Be aware that most of these procedures can be quite advanced and that either not following them correctly or discovering that they have an error in their procedure can make matters worse by breaking your Windows installation)
  • Alternatively if you have backups you can also reinstall your Windows installation. This is a bit inconvenient but it is also the only way to be 100% sure that you got rid of the virus. (Make sure your backups are not infected!)

What if I am unable to find any virus?

If, after scanning with multiple anti-virus engines, you still don’t detect anything, it is likely that the symptoms you’re experiencing are coming from something else – possibly a hardware problem. Of course there is still that small chance that either this virus is still too new or that it is custom built and maybe this was a targeted attack. However, it could be that anti-virus use heuristics to detect infestation; i.e. they try to look for  suspicious routines in software that might indicate that the file contains a virus even though that type of virus was never analyzed before by the anti-virus vendor.

Faulty ram

Let’s assume that there is actually no virus. In this case we must look at what the symptoms are and what’s causing them. What people most often mistake for viruses occurs when the computer freezes. This can happen for a number of reasons. The most common being faulty ram. We can test for this using the free program, memtest86+.

Video card issues

If your screen gets garbled before it freezes, it’s likely to be either a video card problem or a power supply unit problem that is not supplying enough power to the video card. It could also be that the graphic card is over-heating. Playing modern 3D games is the best way to stress the video card so if this happens when you’re playing, and occurs in multiple games, then this is definitely something worth looking into. Some graphic cards include utilities to monitor the temperature and current of the card which are definitely worth keeping an eye on to help diagnose the issue.

Hard Disk Failure

If both the above seem okay, then a third possibility is a hard disk failure. Your computer uses a set amount of hard disk space for swapping (to use as memory when this fills out); if the data is corrupted it can cause the computer to freeze when it is accessed again.

To diagnose this just run a scandisk:
– right click on the drive you want to check in windows explorer
– click properties
– switch to the tools tab
– click check now under error-checking
– make sure the check box ‘scan for and attempt recovery of bad sectors’ is enabled.

If indeed there are bad sectors, then make sure the swap partition is on another drive that has none. It is also very much recommended that you have a backup of the data on that drive and that you replace it as soon as possible as it might get worse and eventually stop working. 

To change the location of the swap file you need to:
– right click on my computer
– choose properties
– go to advanced settings
– click on the advanced tab
– choose settings under the performance group box
– go to the advanced tab
– click on change under the virtual memory group box.

What to consider if your machine is infected

There are a number of things to do if you find that your machine is infected. If your computer is hooked to a network, isolate it as soon as possible to prevent the infection from spreading. This is done either by disconnecting the infected machine from the network or if you need the internet to fix the issue then disconnect the other machines if it is feasible. (Note that when connected to the internet the infected machine might try to infect other machines, send spam or even launch attacks against certain sites – some infections (Trojan horses) can effectively give control of your computer to a malicious third party so in any case the less time online the better).

Some infections are really insidious and acutally modify the operating system to hide from the anti-virus software. These types of infections called root kits can be impossible to detect from the infected system itself.  In this case we’d need to boot from a clean Windows installation and use that to run our scans.  Luckily there are products out there that offer bootable CDs to use in these cases.

Advanced users can even build their own.

Prevention is better than Cure

Here are a few tips on how not to get infected and even how to protect from getting infected again.

  1. It is essential to keep your system up-to-date. Software has bugs and bugs can sometimes be exploited by viruses to infect people’s machines without their intervention. So ensure that your system is up-to-date with the latest security patches. Microsoft for example generally release their security patches on each second Tuesday of the month.
  2. Have an anti-virus solution in place to protect your machine. Businesses can go a step further and install products that protect specific vectors such as web downloads and email using products that scan for multiple viruses using multiple anti-virus engines. Having a firewall set up can also reduce the risk of infection.
  3. Be careful of what you install and run on your machine. Each time you run an application there is a risk of infection; the more unreliable the source the bigger the risk. No source is ever 100% safe as sometimes viruses have been distributed with hardware and even with magazines such as reported in a recent story about the virus that targets the Delphi development environment: W32/InducA. This is not to say that one shouldn’t run any software but it’s good practice to be aware and protected.

We have discussed at length how to confirm whether your machine has an infection or not, as well as what it could be if there are signs that point to an infection but no virus is found. We have also gone through some good tips on how one can protect their system from infection; however, this is a huge area and individual cases  will be different, but if you have any difficulties or situations that haven’t been discussed here, feel free to leave a comment and I will try to help out if I can.

Get your free 30-day GFI LanGuard trial

Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.

Try free for 30 days