What is a computer virus?
A computer virus is a small software program that spreads from one computer to another computer and that interferes with computer operation. A computer virus may corrupt or delete data on a computer, use an email program to spread the virus to other computers, or even delete everything on the hard disk.
Computer viruses are most easily spread by attachments in email messages or by instant messaging messages. Therefore, you must never open an email attachment unless you know who sent the message or unless you are expecting the email attachment. Computer viruses can be disguised as attachments of funny images, greeting cards, or audio and video files. Computer viruses also spread by using downloads on the Internet. Computer viruses can be hidden in pirated software or in other files or programs that you may download.
More information about viruses
Symptoms that may be the result of ordinary Windows functions
A computer virus infection may cause the following problems:
Note These problems may also occur because of ordinary Windows functions or problems in Windows that are not caused by a computer virus.
- Windows does not start even though you have not made any system changes or even though you have not installed or removed any programs.
- Windows does not start because certain important system files are missing. Additionally, you receive an error message that lists the missing files.
- The computer sometimes starts as expected. However, at other times, the computer stops responding before the desktop icons and the taskbar appear.
- The computer runs very slowly. Additionally, the computer takes longer than expected to start.
- You receive out-of-memory error messages even though the computer has sufficient RAM.
- New programs are installed incorrectly.
- Windows spontaneously restarts unexpectedly.
- Programs that used to run crash frequently. Even if you remove and reinstall the programs, the issue continues to occur.
- A disk utility such as Scandisk reports multiple serious disk errors.
- A partition disappears.
- The computer always crashes when you try to use Microsoft Office products.
- You cannot start Windows Task Manager.
- Antivirus software indicates that a computer virus is present.
Symptoms of a computer virus
If you suspect or confirm that your computer is infected with a computer virus, obtain the current antivirus software. The following are some primary indicators that a computer may be infected:
- The computer runs slower than usual.
- The computer crashes, or it locks up frequently.
- The computer crashes, and then it restarts every few minutes.
- The computer restarts on its own. Additionally, the computer does not run as usual.
- Applications on the computer do not work correctly.
- Disks or disk drives are inaccessible.
- You cannot print items correctly.
- You see unusual error messages.
- You see distorted menus and dialog boxes.
- There is a double extension on an attachment that you recently opened, such as a .jpg, .vbs, .gif, or .exe. extension.
- Antivirus software is disabled for no reason. Additionally, the antivirus software cannot be restarted.
- Antivirus software cannot be installed on the computer, or the antivirus software will not run.
- New icons appear on the desktop that you did not put there, or the icons are not associated with any recently installed programs.
- Strange sounds or music plays from the speakers unexpectedly.
- A program disappears from the computer even though you did not intentionally remove the program.
Note These are common signs of infection. However, these signs may also be caused by hardware or software problems that have nothing to do with a computer virus. Unless you run the Microsoft Malicious Software Removal Tool, and then you install industry-standard, up-to-date antivirus software on your computer, you cannot be certain whether a computer is infected with a computer virus or not.
Symptoms of worms and trojan horse viruses in email messages
When a computer virus infects email messages or infects other files on a computer, you may notice the following symptoms:
- The infected file may make copies of itself. This behavior may use up all the free space on the hard disk.
- A copy of the infected file may be sent to all the addresses in an email address list.
- The computer virus may reformat the hard disk. This behavior will delete files and programs.
- The computer virus may install hidden programs, such as pirated software. This pirated software may then be distributed and sold from the computer.
- The computer virus may reduce security. This could enable intruders to remotely access the computer or the network.
- You receive an email message that has a strange attachment. When you open the attachment, dialog boxes appear, or a sudden degradation in system performance occurs.
- Someone tells you that they have recently received email messages from you that contained attached files that you did not send. The files that are attached to the email messages have extensions such as .exe, .bat, .scr, and .vbs extensions.
What is Spyware?
Spyware can install on your computer without your knowledge. These programs can change your computer’s configuration or collect advertising data and personal information. Spyware can track Internet searching habits and possibly redirect website activity.
Symptoms of Spyware
When a computer becomes affected by Spyware, the following may result:
- Slow internet connection.
- Changing your web browser’s home page.
- Loss of internet connectivity.
- Failure to open some programs. This includes security software.
- Unable to visit specific websites. This may include redirecting you to another one.
What are rogue virus alerts?
Rogue security software programs will try to make you think that your computer is infected by a virus and usually prompt you to download or buy a removal product. The names of these products usually contain words like “Antivirus,” “Shield,” “Security,” Protection,” “Fixer,” so that they seem to be legitimate. They will frequently run immediately when you download them, or the next time your computer starts. Rogue security software can prevent applications from opening. This includes Internet Explorer, and may display legitimate and very important Windows files as infections. Some typical error messages or pop ups you may receive may contain the following phrases:
Warning!
Your computer is infected!
This computer is infected by spyware and adware.
A good sign that the software is not good for you is that when you try to close the window it will continually pop-up warnings that resemble the following:
Are you sure you want to navigate from this page?
Your computer is infected! They can cause data lost and file corruption and need to be treated as soon as possible. Press CANCEL to prevent it. Return to System Security and download it to secure your PC.
Press OK to Continue or Cancel to stay on the current page.
We strongly recommend that you don't download or purchase any kind of software that advertises in this manner.
How to remove a computer virus and spyware
Even for an expert, removing a computer virus or spyware can be a difficult task without the help of computer malicious software removal tools. Some computer viruses and other unwanted software reinstall themselves after the viruses and spyware are detected and removed. Fortunately, by updating the computer and by using malicious software removal tools, you can help permanently remove unwanted software.
For additional information about how to remove a computer virus and spyware, view the following article in the Microsoft Knowledge Base:
2671662
(http://support.microsoft.com/kb/2671662/
)
Microsoft resources and guidance for removal of malware and viruses
To remove a computer virus and other malicious software, follow these steps:
Install the latest updates from Microsoft Update:- For Windows Vista and Windows 7:
- Click Start, and then type Windows Update in the search box.
- In the results area, click Windows Update.
- Click Check for Updates.
- Follow the instructions to download and install the latest Windows Updates.
- For Windows XP:
- Click Start, and then click Run.
- Type sysdm.cpl and press the Enter key.
- Click the Automatic Updates tab, and then click the Automatic (recommended) option.
- Click OK.
Use the Microsoft Safety Scanner
Microsoft offers a free online tool that will scan and remove potential threats from your computer. To perform the scan, visit the following Microsoft website:
Install and run Microsoft Security Essentials
Microsoft offers a free malicious removal program; Microsoft Security Essentials that will also help protect your computer from being infected. To install Microsoft Security Essentials, follow these steps:
- Visit the following Microsoft Security Essentials website:
- Click Download Now.
- If your browser prompts you to save or run the file, click Run.
- Follow the steps to install Microsoft Security Essentials.
- After installation, restart your computer and open Microsoft Security Essentials.
- On the Home tab, select the Full scan option, and then click Scan now.
Install Windows Defender Offline Beta
Windows Defender Offline Beta is a malware tool designed to remove difficult to eliminate viruses that start before Windows boots. To use Windows Defender Offline Beta, follow these steps:
- On an uninfected computer, visit the following Microsoft website:
- Click Download the 32 bit version or Download the 64 bit version, depending on which operating system you are running. If you're unsure of which operating system that you are running, visit the following Microsoft website:
- When you are prompted, click Save As. Save the file to a removable media source, such as a DVD, CD, or USB drive.
- On the infected computer, insert the DVD, CD, or USB drive and restart the computer.
- When you are prompted, press the key to select boot options, such as F12, F5, or F8, depending on the BIOS.
- Use the arrow key to scroll to the drive that contains the Windows Defender Offline Beta file. The computer starts Windows Defender Offline Beta and immediately starts to scan for malware.
For more information about how to remove a computer virus, visit the following Microsoft website:
How to protect your computer against viruses
To protect your computer against viruses, follow these steps:
- Turn on the firewall.
- For information about how to turn on your firewall with Windows XP, visit the following Microsoft website:
- For information about how to turn on your firewall with Windows Vista, visit the following Microsoft website:
- For information about how to turn on your firewall with Windows 7, visit the following Microsoft website:
- Keep your computer up-to-date.
- For information about how to set Automatic Updates in Windows, visit the following Microsoft website:
- Install Microsoft Security Essentials and keep it up to date.
- For more information about how to install and use Microsoft Security Essentials, visit the following Microsoft website:
For more information about how to protect a computer against viruses, visit the following Microsoft Web site:
How to remove rogue software
If you feel you have rogue software on your computer Microsoft has offered a number of ways to help you remove it.
Use the free Microsoft Safety Scanner
Microsoft offers a free online tool that will scan and remove potential threats from your computer. To perform the scan, visit the following Microsoft website:
Download and install Microsoft Security Essentials
Microsoft Security Essentials is a free tool that will help prevent rogue software, viruses, and other malicious programs from installing on your computer and also remove them. As soon as you have finished using the Microsoft Safety Scanner, install Microsoft Security Essentials. To do this, follow these steps:
- Visit the following Microsoft Security Essentials website:
- Click Download Now.
- Follow the steps in the Installation Wizard to install Microsoft Security Essentials.
Manually remove the rogue software
If the rogue software cannot be detected or removed by using Microsoft Safety Scanner or Microsoft Security Essentials, try the following steps to locate the offending program and delete it:
- Note the name of the rogue software. For this example we'll call it XP Security Agent 2010.
- Start Windows in Safe Mode with Networking:
- Restart your computer.
- When you see the computer's manufacturer's logo, press and hold the F8 key.
- When you are prompted, use the arrow keys to highlight Safe Mode with Networking and press the Enter key.
- Click Start and check whether the rogue software appears on the Start menu. In this case, we'll call it XP Security Agent 2010. If it's not listed there, click All Programs and scroll to find the rogue software's name.
- Right-click the offending program, and then click Properties.
- Click the Shortcut tab.
- In the Properties dialog box, check the path of the rogue program that is listed in Target. For this example, it is displayed as: C:\Program Files\XP Security Agent 2010.
Note The folder name will often appear as a random number. - Click Open File Location.
- In the Program Files window, click Program Files in the address bar.
- Scroll until you find the offending program folder. For this example, it will be named XP Security Agent 2010.
- Right-click the folder, and then click Delete.
- Restart your computer.
- Visit the following Microsoft Safety Scanner website:
- Follow the steps to run the scan and remove the offending rogue software.
If you suspect that your computer is infected with rogue security software that is currently not detected with Microsoft security solutions, you can submit samples using the
Microsoft Malware Protection Center submission form
(https://www.microsoft.com/security/portal/Submission/Submit.aspx)
.
For more information about rogue security software, visit the following Microsoft websites:
How to reset your Internet Explorer proxy settings
Malicious software may change Windows Internet Explorer proxy settings, and these changes can prevent you from accessing Windows Update or any Microsoft Security sites.
To change your Internet Explorer proxy settings, follow these steps:
- On an uninfected computer, visit the following Microsoft website:
- Go the Fix it for me section.
- Click the Fix it button. Save the file to a flash drive or a CD when you are prompted.
- Insert the flash drive or CD in the infected computer.
- Start Windows, click Start, and then click Run.
- Click Browse.
- Select the location of the flash drive or CD. The file should be displayed. Double click the file, and then click Open.
To change the settings yourself, follow these steps:
- Click Start, and then click Run.
- In the Run text box, copy (CTRL+C) and paste (CTRL+V) or type the following: reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
- Click OK.
- Click Start, and then click Run.
- In the Runtext box, copy (CTRL+C) and paste (CTRL+V) or type the following: reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
- Click OK.
How to obtain computer virus and security-related support
For United States and Canada
Help protect your PC from viruses and malware:
Help installing updates:
Security solutions for IT Professionals:
Local support by country:
For locations outside North America
To obtain computer virus and security-related support for locations outside North America, visit the following Microsoft Web site:
Windows Live
Facebook
Twitter
Linkedin
Digg it
Yahoo
Delicious
StumbleUpon
Yammer
Reddit
Technorati
FriendFeed
Email
Back to the top
