What to do If you allow malware to install itself
If you allow the malware to install, the best way to get rid of it is to restore a recent backup or system image.
You should schedule the backup tool you use to create regular backups or system images. Note that unless you make separate copies of files, if you restore a backup that is not recent, you will lose files or programs that were added after the backup was created.
Many users still do not create backups/system images. If you are one of them, to get rid of a malware infection, you should update and run your usual malware scanner (AVG, Avast, Windows Defender, etc.). You should also install and run a suitable second removal tool, such as Malwarebytes Anti-Malware. The free version cannot monitor the system in real-time but allows itself to be updated and run by the user.
If the malware prevents Windows from booting, try booting using the Safe Mode with Networking boot option, which is one of several boot options made available when you press the F8 key repeatedly just before Windows starts to load. It allows the web access you need to download the tool if you don’t have it installed or update it if it is installed. The malware won’t be able to operate in Safe Mode, so it can be removed by running a suitable tool.
Any security message should only ever come from the Windows Notification Area, usually in the bottom right corner of the screen. Never click on any OK or even a Cancel button in a security message that appears outside of it, just press the Ctrl + Alt + Del key combination immediately.
Doing that brings up the Windows Task Manager (in Windows XP) or which allows you to choose to open it (in Windows Vista/7/8.1/10). CTRL+SHIFT+ESC opens the Task Manager directly in all versions of Windows.
Use it to shut the browser down if a webpage you visit regularly (or even for the first time) suddenly produces a security message (outside the Notification Area) that a named or unnamed virus scanner has detected a serious virus infection. Or a message comes up such as this one: “Warning!!! Your system requires immediate antiviruses scan! Desktop Security can perform fast and free virus and malicious software scan of your computer.”
By just visiting a genuine website my PC/computer got infected with the infamous Security Shield malware that warned me I had 20 or more viruses is a Q&A on this website that describes how one of these ‘scareware’ problems can dealt with.
I misspelled a website once that opened a Russian website that brought up a webpage that seemed to be doing a very rapid security scan of my computer, using graphics that made it look like a genuine view of My Computer in Windows XP, showing the drives and a scan of them taking place and reporting a massive infection of viruses and malware.
Of course, it was just a phony webpage set up to show a phony infection. I didn’t click on any of the prompts it produced. Instead, I pressed the Ctrl + Alt + Del key combination to bring up the Windows Task Manager and shut down the page under the Applications tab.
There was no need to run an antivirus scan because there was no real infection, but, just in case, I ran several scans and none of them showed any infection.
I then ran CCleaner, which cleans all Internet files, but discovered that the phony webpage reappeared in any web browser that I ran and ran its phony scan immediately. I shut the browser down as before, rebooted the system and then pressed the F8 key repeatedly before Windows started to load to bring up the boot menu.
I chose the Safe Mode with networking option that provides web access in Safe Mode. When I opened Internet Explorer, it opened my usual Home Page and the phony webpage didn’t come up automatically. In any case, I was going to run CCleaner from Safe Mode, but couldn’t find it under Start => All Programs, which was very peculiar because it could be run in normal Windows mode and was installed when I used Windows Explorer (right-click Start button => Explore) to find its folder under Program Files. So, to open it, I double-clicked on its executable file – ccleaner.exe. I ran the program and then restarted. The phony webpage didn’t open by itself.
The spam containing attachments usually entices the user into opening them by saying that they contain naked images of celebrities. It is also possible just to visit an infected website for your system to pick up a Trojan virus. Therefore, you should never consider installing any security software unless it is reviewed on a reputable site such as:
https://www.trustedantiviruscompare.com/best-free-antivirus
By browsing websites that provide articles and images of celebrities, I have encountered websites that suddenly seem to be running a virus scan of the computer that can only be stopped by closing the web browser. A scan is not running, just a video on the page. A window can then presents itself that looks just like the My Computer window used by Windows XP that shows the hard-disk and DVD drives used by the computer and it changes to show that your whole system is infected by many viruses, but that too is just a webpage running a video. There is no real virus infection. You are asked to download and install a virus scanner that you have to pay for with a credit card. Needless to say, you should just ignore this and close the browser. If it won’t close, turn the computer itself off. Restart and run a virus scan with your real scanner, such as the free Microsoft Security Essentials, which scans for all kinds of malware (viruses and spyware, etc.).
You used to have to get virus and spyware scanners and a software firewall (free or paid-for) for adequate protection. However, the major Internet security companies have changed the way in which their software works. They are addressing all of the different kinds of threats from the web at the same time. Instead of using separate programs, Internet security suites combine all of their scanners into one application, which is more efficient than having three or more separate scanners scanning the system.
Page 5. – Protection against malware