*****ITS IS HIGHLY RECOMMNEDED TO INSTALL AN ANTIVIRUS PRGORAM ON A COMPUTER PREFERABLY SEP /SAV *****
*****DO NOT TRY TO UNINSTALL /UPGRADE AN ANTIVIRUS PROGRAM IN CASE OF A VIRUS OUT BREAK****
When a virus/threat attacks a computer it can impact the system in many ways then one, They can either be minimal for example create annoying pop ups or message , or misdirect to other sites ect. But some may do a bigger damage to the system. They may delete files needed for an application to work or perform vital operating system tasks. Some may open ports on the machine and make the system vulnerable. They may also get necessary information from the system and may pass them over to the hackers.
The best way to deal with them is install an AV program and make sure it is updated on a daily basis. Because prevention is always better then cure.
There could a scenario where there is no AV program installed or we are not able to install one or the threat might have corrupted the Antivirus program itself. Neither we are able to run any removal tool. In that case either we have to map the drive to a different computer and then scan it or try to remove the virus/threat manually.
Going with the manual removal is the last resort what you need to follow. If there is no way out then go with the manual removal.
1.The first important thing that you need to do is be calm and don’t panic as there could be a possibility that the you may not even been infected.
2. Disconnect the machine from the network so that other machines are not infected by the infected machine.
3. Open the Task manger and look for unfamiliar process that are running try to find information about them , if you do not get any information then kill the process
4. Do the same thing in add remove program , Uninstall any application and delete the related files if you are not able to identify the program.
This will help to unhook the registry.
Take the backup of the registry .Now look for the .exe that you have terminated from the Task manger , if you find any instance of that then delete that key.
6. Delete all Temporary Internet files from the browser .
7.Nvigate to
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects and delete all subfolders and then reboot the machine.
9.Try to run other programs , application and operating system functions just to confirm that it is just one component that has failed or become corrupted.
10.If the system is not working at all, try booting the computer using the installation disk or CD. Or try to boot the machine using bootable backup disks or CD's that you have. Scan the system ( if the Antivirus Program is functional ) after booting from disk or CD and look for any virus or infected files.
11. If that also does not work then try to the boot option: Last Known Good Configuration.
12. In Windows, check for the presence and dates of key operating system files. Although that list is too long to show here, you can search Microsoft's web site for 'Operating System files'. Alternatively, make a list from the Windows directory and the System or System32 sub-directory, of another computer. Provided that both computers are running the same service pack level, the majority if not all dates should match other files.
13. Check specifically kernel32.exe and lsass.exe. as hackers love to go for those two. If you find one with a different date, treat it as suspect. Replace those files with known good ones, if needed.
If you are able to remove the threat from the computer then Install SEP / SAV and then run a full scan in safe mode.
If you are not able to install the program , download the Norton Security Scan and then Run a Scan.
Last if nothing is working and if you have a backup of the data then rather then wasting time in trying to fix the system .Format the machine. But before Formatting the machine run the LoadPoint Diagnostic Tool and submit the suspected files to the Symantec security Response.