5 things to do immediately after removing viruses from Windows

11 min read

 

Antivirus software is considered one of the basics that should not be devoid of any computer at the present time, which may greatly help in securing and protecting the device, including data and files that may sometimes be very important from electronic attacks. Electronic attackers and snoopers usually use malware and viruses to infiltrate and penetrate devices with the aim of reaching further goals, usually represented in making material profits, either by stealing individuals' and companies' data, or damaging those devices and encrypting data and critical files, especially operating system files, to force them to pay sums of money to regain access to their files.

 

5 things to do immediately after removing viruses from Windows

Antivirus software succeeds in addressing many of these attacks by detecting and removing malicious software. Still, sometimes viruses are discovered too late after they have made some changes that remain in the computer even after they are released. So, let's review the necessary actions that are recommended to be taken after removing viruses from Windows devices in order to get rid of the traces left by those viruses and the changes they caused.

 

Are viruses different from malware?

 

Malware and viruses are not considered the same thing, the first is more general and comprehensive, and when we talk about viruses, we are talking about one category among several categories of programs that fall under what is called malicious software, which are programs that are inserted into computers and mobile phones with the aim of penetrating those devices and gaining access To the data of its users in order to exploit it, or to encrypt it and disable their access to various files and services. The virus is a set of code instructions and commands that are inserted into a legitimate application or that the user himself downloads in order to be executed when the application is running on the target device, meaning that it can perform its work only when that host application is running.

 

Viruses are commonly used to facilitate cyber attackers' access to data to steal, exploit, encrypt, and launch ransomware or denial-of-service attacks. In addition to viruses, the malware also includes other types of software such as Trojan horses, worms, spyware, rooting tools, and more. With this in mind, let us now introduce you to the most important steps after removing viruses and malware from Windows.

 read more: What is the difference between antivirus and anti-malware programs?

Verify that viruses have already been removed

 

Some types of malicious software have the ability to copy themselves, hide and hide among system files as soon as they infiltrate devices such as Trojan horses and bot networks. You must make sure that they are completely removed from the device first, otherwise, all attempts to return the files and settings of this device to normal will not succeed as long as the malicious software is still present and performs its work in secret.

 

Task Manager

There is more than one way to ensure that your computer is free of viruses or malware if it is running Windows. One of these methods can be done by right-clicking on Start and then selecting "Task Manager". From the window that appears, we check if there are any suspicious or unfamiliar programs running at the moment, especially if these "suspicious" processes are consuming A lot of resources such as the processor and RAM, which raises doubts about what you are doing on the device, and with a simple search on the Internet, it is possible to know what these processes are and whether they are related to a malicious program or not.

 

The Windows system also provides a mechanism for detecting and removing malicious software through the Windows Security tool, which can be used by pressing the Win + S keys, and in the search bar, type “Windows Security” and press Enter. From the window that appears, click on Virus & threat protection, then click on "Scan options", then choose "Windows Defender Offline scan", then click on "Scan now" and confirm that you want to restart the device to perform a comprehensive scan before booting to Windows.

 

After you have finished scanning the device well in a previous way, run the Windows Security tool again, then go to the "Virus & threat protection" section and click on Protection history to show a list of recently detected viruses that you can check individually, if you find any threats that are still active, remove it immediately.

 

Now that you are sure that your device is free of viruses and malware, you can try to undo any changes made by the malware or viruses that have been removed, and there is more than one way to do that, either you cancel those recent changes that occurred by the malware manually If you know what to do, or restore a restore point using the System Restore feature in Windows so that it restores the state of Windows to what it was before the virus infection.

 

First: Ensure that the host file has not been tampered with

 

The host’s file is an important system file in the Windows operating system. It is a text file that maps host names and associates them with IP addresses. Viruses and malware in most cases hide the host file to prevent users from connecting to Microsoft servers and block the websites of the antivirus software manufacturer so that they cannot remove the virus, and this is how the computer virus protects itself, so it is necessary for the beginning to know if whether the host file has been compromised or not, this can be done by following the following steps.

 

Open the File Explorer tool, then go to this path [C:\Windows\System32\drivers\etc] After that, right-click on the "hosts" file, then choose from the drop-down list "Open With" and then choose to open with the "Notepad" tool from the list of available applications, then press "OK" or "Just once".

 

Now scroll down and notice if there are any new links added at the end of the file such as microsoft.com or google.com where the contents of the file should be as shown in the image attached above, so if there are links like this, remove them.

 

After completing the deletion of links, click on the “File” menu, then choose “Save” from the drop-down list that appears in order for the changes to be saved, but make sure that you are logged in as Administrator, otherwise, the changes will not be saved in the file.

 

Second: Reset the network connection

 

A DNS server or DNS resolver contains a database of Internet protocol addresses and host names associated with it. Many times, cyber attackers assign fake IP addresses to the user's browser instead of the original web addresses by tampering with the local DNS resolver, so when the user searches A real website is directed to suspicious sites that may endanger the security of its device, so it is necessary, after removing the malware from the device, to ensure that it does not affect the local DNS resolver. In general, once you delete any malicious viruses from your device, you should perform a reset of the Internet in the device to ensure that there is no tampering with the original settings.

 

To do this, open the Settings application in Windows through the Start menu, then go to the "Network & Internet" section and click on "Advanced network settings" there you will find the "Network reset" option, click on it, then follow the command by pressing the "Reset now" button. Now if a confirmation window appears press “Yes” and after a few moments the device will reboot and all network connections will be reset to factory settings.

 

Third: Clean the registry from malware

 

Some malicious programs also modify the keys of the Windows Registry, or as it is known as the "Registry", through the Registry Editor tool, which allows it to regain access to the operating system's settings and data again even after removing it from the device. Therefore, it is necessary, after removing the malicious software from the device, to ensure that it has not modified or added new keys to the registry so that it cannot infect the device again, and this can be verified by following the following steps.

 

Clean the registry from malware

First, open the Registry Editor tool in administrator mode, to do that press Win + S keys and type in the search bar “regedit” and in the results section click on Run as administrator. After the tool window appears on the screen, press the Ctrl + F keys to open the search window in the registry, where you write in the “Find what” field the name of the malicious program or virus that you just removed from your device, then press Enter and wait for the search to finish and then if it is found On any suspicious keys with strange names or somehow related to the virus or malicious program that you removed from the device, right-click on them and select "Delete" to remove them from the registry.

 

Care should be taken while performing the previous steps and avoid random deletion of registry keys, as random deletion of keys may cause the operating system to collapse, damage, and eventually fail to operate the device. Therefore, it is advised to make a backup copy of the registry before proceeding with any modification or removal of it.

 

Fourth: Ensure that the web browser is not hacked

 

Some users also overlook that some viruses and malware tend to penetrate web browsers and cause some changes in them when they infect devices, and even after removing them from devices, these changes may still be a means that allows malicious programs to regain access to the device again through the Internet when returning to using the same web browser. Therefore, it is necessary, after removing malicious software and viruses from the device, to ensure that it does not penetrate the web browser.

 

This can be verified by opening the program that you usually use to surf the Internet and making sure that there are no new unknown additions that you did not intentionally add recently. You should also make sure that you don't add a new search engine and set it as your default search engine or default homepage without your knowledge. Also, check that no suspicious web pages of unknown origin have been added to your browser's startup settings. Finally, undo any changes the malware made to your browser, and reset all your web browser settings and tools to their previous state before the malware infiltrated your device.

 

For example, to set Microsoft Edge browser settings, all you have to do is open the program and press the menu button (...) at the top, then choose Settings, and from the side menu, press Reset Settings, and finally click on the option "Restore settings to their default values" and confirm that you want to reset Reset the browser by pressing the "Reset" button. Of course, the steps differ according to each browser, so a simple search can be done on the Internet to find out the correct steps according to the browser you are using.

 

Fifth: Turn off all unknown processes and services

 

The final recommended action to be taken after removing viruses and malware from the device is to disable and terminate all services and processes added by that malware in order to enable it to regain access to the device again after removal, but it is also important to be careful while disabling those services and processes, and not to do so Unless the user is able to correctly identify the disruptive processes and services, as in the case of registry keys, improper termination of processes can cause Windows to crash.

 

Turn off all unknown processes and services

And it is possible to terminate the processes that occur due to the malicious program in the device by pressing the right mouse button on Start and then choosing “Task Manager” from the list, after that, you go to the “Startup” section and check the processes and programs that you see in front of you if you suspect that there is a malicious program. Click on it with the right mouse button and select "Disable".

 

As a confirmation, press the Win + S keys and type in the search bar “System Configuration” and press Enter. In the window that appears, go to the "Services" section and put a checkmark next to "Hide all Microsoft Services". Now browse the list at the top and remove the check mark from all services that you suspect the malicious program has added. Then finally press OK to save the changes.

 

As we always note, the best way to avoid the damage that any malicious program can cause on a computer is to always be careful to avoid the infiltration of this type of program into our devices, to be careful when browsing websites and to avoid opening links and attachments of spam emails or installing applications And games of unknown origin or connecting peripheral devices before making sure they are free of viruses, and of course installing strong protection programs to combat viruses and malware.

 

summary | Some viruses and malware are still able to affect the computers that infect them even after antivirus software succeeds in detecting and removing them, due to the ability of this malicious software to hide itself among the files of the operating system and to make some changes in the settings and programs of this system in order to be able to restore access to the device and infect it again after removing it.

 

So, the virus removal process can sometimes be useless unless some important action is taken. As for computers running the Windows operating system, there are five necessary procedures to get rid of the impact of these viruses and malicious software after their removal, but first, it is necessary to make sure that these viruses and malicious software are actually removed from the device. The user starts examining the host file and verifying that it is not hacked. It checks the network connection and resets it, then checks the browser and gets rid of the additions and default search engines that were added recently without the user's knowledge.

 

The user is also required to clear suspicious registry keys from the system registry editor, disable services and terminate processes that the malicious program may have performed on the device.

You may like these posts

Post a Comment