Virus/Software Cleanup

Spyware/Virus Detection

Your computer is acting “strange”, seems to be running really slow, or you’re getting popups and/or messages about viruses?  Then it’s time to scan the system for possible malware (spyware/viruses, etc).

Professional software packages like Nortons or McAfee should usually do the trick in detecting infections, but you need to make sure the virus definitions are up-to-date.  Even so, it is possible for even the best software to miss some infections, especially if it is a new variant.

Online Scanners

The simplest way to quickly check for an infection is to use run a virus scan.  There are a couple of online scanners for checking your system.  These operate through your web browser:

Kaspersky Virus Scan – Kaspersky seems to do the best job at detecting most infections.   Requires Java, which most browsers already have installed.

Panda ActiveScan – Requires a special plug-in download the first time you use it.

Generally, you want the program to scan your entire disk.  Most infections will be located either in your Windows directory, reside in the cache for your web browser, or as an email attachment.  The full scan will take a while to complete — anywhere from 30 minutes to a couple of hours.

These online scanners will only detect infections, they will NOT fix the problems.   Make sure you save any report or write down the details from the report if any infections are found.

Collecting a Hijackthis Report

A faster method for checking for an active infection (something currently running on your system) is to use a tool called HijackThis.  While the tool can be used to fix some infectionss, you generally only want to use it to collect a report.

As of this writing, HijackThis was being offered by TrendMicro (TrendSecure).  Link to download page. In general, you can just download the executable and run that without having to actually install it.

Run the program and select the option to ‘Do a system scan and save a log file’.  It scans all your active programs and system configuration, then provides you with a text report (usually in Notepad).   Save that report.

You can take things one step further and analyze your log online.  Here is one site that will analyze the results. It usually flags obvious malware, but can also mark a lot of programs as unknown or even false positives.

No Tools Checkup

If you don’t have the time to run an online scan or the HijackThis software, you can still do an  examination.  This may require more effort on your part, but sometimes its the fastest way to make a quick check.

Bring up the Task Manager and look at the process list.  The easiest way to start up the Task Manager is to hold down the Ctrl-Alt-Delete keys.  Once the Windows Task Manager dialog appears, click on the ‘Processes’ tab and make sure the ‘Show processes from all users’ is checked.   This tool shows you all the currently running processes on your system.  Almost all of them have to do with the operating system and utilities running on your system.  You’ll need to examine each process by name.  Usually you can ignore these as part of the operating system:

  • dllhost.exe
  • explorer.exe
  • rundll32.exe
  • services.exe
  • lsass.exe
  • csrss.exe
  • svchost.exe
  • taskmgr.exe
  • iexplore.exe

Look up any unknown entries using Google or try this web site: ProcessLibrary.com

While this quick check may turn up some suspicious entries, do not use it as a way to claim your system is clean.  Some malware can actually hide under one of the legitmate process names (like lsass.exe).  A full system scan is still the best diagnostic.  And many types of malware actually generated randomly named files, making it impossible to search by name.

We provided comprehensive malware scanning and removal — Contact Us when you need help with diagnosis or removal.