Antivirus software is considered one of the basics
that should not be devoid of any computer at the present time, which may
greatly help in securing and protecting the device, including data and files
that may sometimes be very important from electronic attacks. Electronic
attackers and snoopers usually use malware and viruses to infiltrate and
penetrate devices with the aim of reaching further goals, usually represented
in making material profits, either by stealing individuals' and companies'
data, or damaging those devices and encrypting data and critical files,
especially operating system files, to force them to pay sums of money to regain
access to their files.
Antivirus software succeeds in addressing many of
these attacks by detecting and removing malicious software. Still, sometimes
viruses are discovered too late after they have made some changes that remain
in the computer even after they are released. So, let's review the necessary
actions that are recommended to be taken after removing viruses from Windows
devices in order to get rid of the traces left by those viruses and the changes
they caused.
Are viruses different from malware?
Malware and viruses are not considered the same thing,
the first is more general and comprehensive, and when we talk about viruses, we
are talking about one category among several categories of programs that fall
under what is called malicious software, which are programs that are inserted
into computers and mobile phones with the aim of penetrating those devices and
gaining access To the data of its users in order to exploit it, or to encrypt
it and disable their access to various files and services. The virus is a set
of code instructions and commands that are inserted into a legitimate
application or that the user himself downloads in order to be executed when the
application is running on the target device, meaning that it can perform its
work only when that host application is running.
Viruses are commonly used to facilitate cyber
attackers' access to data to steal, exploit, encrypt, and launch ransomware or
denial-of-service attacks. In addition to viruses, the malware also includes
other types of software such as Trojan horses, worms, spyware, rooting tools,
and more. With this in mind, let us now introduce you to the most important
steps after removing viruses and malware from Windows.
Verify that viruses have already been removed
Some types of malicious software have the ability to
copy themselves, hide and hide among system files as soon as they infiltrate
devices such as Trojan horses and bot networks. You must make sure that they
are completely removed from the device first, otherwise, all attempts to return
the files and settings of this device to normal will not succeed as long as the
malicious software is still present and performs its work in secret.
There is more than one way to ensure that your
computer is free of viruses or malware if it is running Windows. One of these
methods can be done by right-clicking on Start and then selecting "Task
Manager". From the window that appears, we check if there are any
suspicious or unfamiliar programs running at the moment, especially if these
"suspicious" processes are consuming A lot of resources such as the
processor and RAM, which raises doubts about what you are doing on the device,
and with a simple search on the Internet, it is possible to know what these
processes are and whether they are related to a malicious program or not.
The Windows system also provides a mechanism for
detecting and removing malicious software through the Windows Security tool,
which can be used by pressing the Win + S keys, and in the search bar, type
“Windows Security” and press Enter. From the window that appears, click on
Virus & threat protection, then click on "Scan options", then
choose "Windows Defender Offline scan", then click on "Scan
now" and confirm that you want to restart the device to perform a comprehensive
scan before booting to Windows.
After you have finished scanning the device well in a
previous way, run the Windows Security tool again, then go to the "Virus
& threat protection" section and click on Protection history to show a
list of recently detected viruses that you can check individually, if you find
any threats that are still active, remove it immediately.
Now that you are sure that your device is free of
viruses and malware, you can try to undo any changes made by the malware or
viruses that have been removed, and there is more than one way to do that,
either you cancel those recent changes that occurred by the malware manually If
you know what to do, or restore a restore point using the System Restore
feature in Windows so that it restores the state of Windows to what it was
before the virus infection.
First: Ensure that the host file has not been tampered with
The host’s file is an important system file in the
Windows operating system. It is a text file that maps host names and associates
them with IP addresses. Viruses and malware in most cases hide the host file to
prevent users from connecting to Microsoft servers and block the websites of
the antivirus software manufacturer so that they cannot remove the virus, and
this is how the computer virus protects itself, so it is necessary for the
beginning to know if whether the host file has been compromised or not, this
can be done by following the following steps.
Open the File Explorer tool, then go to this path
[C:\Windows\System32\drivers\etc] After that, right-click on the "hosts"
file, then choose from the drop-down list "Open With" and then choose
to open with the "Notepad" tool from the list of available
applications, then press "OK" or "Just once".
Now scroll down and notice if there are any new links
added at the end of the file such as microsoft.com or google.com where the
contents of the file should be as shown in the image attached above, so if
there are links like this, remove them.
After completing the deletion of links, click on the
“File” menu, then choose “Save” from the drop-down list that appears in order
for the changes to be saved, but make sure that you are logged in as
Administrator, otherwise, the changes will not be saved in the file.
Second: Reset the network connection
A DNS server or DNS resolver contains a database of
Internet protocol addresses and host names associated with it. Many times,
cyber attackers assign fake IP addresses to the user's browser instead of the
original web addresses by tampering with the local DNS resolver, so when the
user searches A real website is directed to suspicious sites that may endanger
the security of its device, so it is necessary, after removing the malware from
the device, to ensure that it does not affect the local DNS resolver. In
general, once you delete any malicious viruses from your device, you should
perform a reset of the Internet in the device to ensure that there is no
tampering with the original settings.
To do this, open the Settings application in Windows
through the Start menu, then go to the "Network & Internet"
section and click on "Advanced network settings" there you will find
the "Network reset" option, click on it, then follow the command by
pressing the "Reset now" button. Now if a confirmation window appears
press “Yes” and after a few moments the device will reboot and all network
connections will be reset to factory settings.
Third: Clean the registry from malware
Some malicious programs also modify the keys of the
Windows Registry, or as it is known as the "Registry", through the
Registry Editor tool, which allows it to regain access to the operating
system's settings and data again even after removing it from the device.
Therefore, it is necessary, after removing the malicious software from the
device, to ensure that it has not modified or added new keys to the registry so
that it cannot infect the device again, and this can be verified by following
the following steps.
First, open the Registry Editor tool in administrator
mode, to do that press Win + S keys and type in the search bar “regedit” and in
the results section click on Run as administrator. After the tool window
appears on the screen, press the Ctrl + F keys to open the search window in the
registry, where you write in the “Find what” field the name of the malicious
program or virus that you just removed from your device, then press Enter and
wait for the search to finish and then if it is found On any suspicious keys
with strange names or somehow related to the virus or malicious program that
you removed from the device, right-click on them and select "Delete"
to remove them from the registry.
Care should be taken while performing the previous
steps and avoid random deletion of registry keys, as random deletion of keys
may cause the operating system to collapse, damage, and eventually fail to
operate the device. Therefore, it is advised to make a backup copy of the
registry before proceeding with any modification or removal of it.
Fourth: Ensure that the web browser is not hacked
Some users also overlook that some viruses and malware
tend to penetrate web browsers and cause some changes in them when they infect
devices, and even after removing them from devices, these changes may still be
a means that allows malicious programs to regain access to the device again
through the Internet when returning to using the same web browser. Therefore,
it is necessary, after removing malicious software and viruses from the device,
to ensure that it does not penetrate the web browser.
This can be verified by opening the program that you
usually use to surf the Internet and making sure that there are no new unknown
additions that you did not intentionally add recently. You should also make
sure that you don't add a new search engine and set it as your default search
engine or default homepage without your knowledge. Also, check that no
suspicious web pages of unknown origin have been added to your browser's
startup settings. Finally, undo any changes the malware made to your browser,
and reset all your web browser settings and tools to their previous state
before the malware infiltrated your device.
For example, to set Microsoft Edge browser settings,
all you have to do is open the program and press the menu button (...) at the
top, then choose Settings, and from the side menu, press Reset Settings, and
finally click on the option "Restore settings to their default
values" and confirm that you want to reset Reset the browser by pressing
the "Reset" button. Of course, the steps differ according to each
browser, so a simple search can be done on the Internet to find out the correct
steps according to the browser you are using.
Fifth: Turn off all unknown processes and services
The final recommended action to be taken after
removing viruses and malware from the device is to disable and terminate all
services and processes added by that malware in order to enable it to regain
access to the device again after removal, but it is also important to be
careful while disabling those services and processes, and not to do so Unless
the user is able to correctly identify the disruptive processes and services,
as in the case of registry keys, improper termination of processes can cause
Windows to crash.
And it is possible to terminate the processes that
occur due to the malicious program in the device by pressing the right mouse
button on Start and then choosing “Task Manager” from the list, after that, you
go to the “Startup” section and check the processes and programs that you see
in front of you if you suspect that there is a malicious program. Click on it
with the right mouse button and select "Disable".
As a confirmation, press the Win + S keys and type in
the search bar “System Configuration” and press Enter. In the window that
appears, go to the "Services" section and put a checkmark next to
"Hide all Microsoft Services". Now browse the list at the top and
remove the check mark from all services that you suspect the malicious program
has added. Then finally press OK to save the changes.
As we always note, the best way to avoid the damage
that any malicious program can cause on a computer is to always be careful to
avoid the infiltration of this type of program into our devices, to be careful
when browsing websites and to avoid opening links and attachments of spam
emails or installing applications And games of unknown origin or connecting
peripheral devices before making sure they are free of viruses, and of course
installing strong protection programs to combat viruses and malware.
summary | Some viruses and malware are still able to
affect the computers that infect them even after antivirus software succeeds in
detecting and removing them, due to the ability of this malicious software to
hide itself among the files of the operating system and to make some changes in
the settings and programs of this system in order to be able to restore access
to the device and infect it again after removing it.
So, the virus removal process can sometimes be useless
unless some important action is taken. As for computers running the Windows
operating system, there are five necessary procedures to get rid of the impact
of these viruses and malicious software after their removal, but first, it is
necessary to make sure that these viruses and malicious software are actually
removed from the device. The user starts examining the host file and verifying
that it is not hacked. It checks the network connection and resets it, then
checks the browser and gets rid of the additions and default search engines
that were added recently without the user's knowledge.
The user is also required to clear suspicious registry
keys from the system registry editor, disable services and terminate processes
that the malicious program may have performed on the device.