How to remove a virus after scanning. Avast

Using the tips "How to clean an infected computer" given in this article, you can remove any type of malware from your computer and return it to working condition

1. Make sure your computer is really infected

Before trying to remove any infection from your computer, you need to make sure that the computer is indeed infected. To do this, please refer to the guidelines that I give in the article "". If this really shows that your computer is infected, then continue with the steps in the next section. Make sure you follow them in the proper sequence.

2. How to clean your computer and make sure it is really clean

Please note that advanced users here can simply skip to the last part on how to clean up the computer appropriately. This is the most powerful approach, but it is also one of the most time consuming. However, if necessary, you can go directly to that section and then go back to the beginning again if the infestation was not completely removed.

2.1 Cleaning your computer with CCE and TDSSKiller

Download Comodo Cleaning Essentials (CCE) from this page. Make sure to select the correct version for your operating system. If you are not sure which operating system your computer is running - 32-bit or 64-bit - see. Also, download Kaspersky TDSSKiller from this page. If you fail to download any of these programs, or if your Internet connection does not work, you will need to do it using another computer and transfer it to the infected one using a flash drive. Make sure there were no other files on the flash drive. Be careful with your flash device as malware can infect it when you insert it into your computer. Therefore, do not connect it to any other computers after transferring these programs. Also, I would like to point out that both programs are portable. This means that once you're done using them, you don't have to uninstall them. Just delete their folders and they will be deleted.

After you have downloaded CCE, unzip the file, open the folder and double-click the file named "CCE". The main window of Comodo Cleaning Essentials will open. If it doesn't open, hold down the Shift key and double-click the file named "CCE". After CCE successfully opens, you can release the Shift key. However, do not release it until the program is fully loaded into memory. If you release it at least during the UAC request, it will not be able to open correctly even with a forced method. Holding Shift will help it open even on heavily infected computers. It does this by suppressing many unnecessary processes that could prevent it from starting. If this still does not help to start it, then download and run a program called RKill. It can be downloaded from this page. This program will stop known malicious processes. Thus, after launching it, CCE should start up perfectly.

Once it is running, do a Smart Scan in CCE and quarantine whatever it finds. This program also looks at system changes that could have been made by malware. They will be shown in the results. I would suggest that you let the program fix that too. Restart your computer when prompted. After restarting your computer, launch Kaspersky TDSSKiller, scan and quarantine what will be found.

Also, if your internet connection did not work before, check if it works now. A valid internet connection is required for the next steps in this section.

Once the CCE scan is complete and you are satisfied that your internet connection is working, open CCE again. Hopefully it will open this time, but if not, then open it while holding down the Shift key. Then from the "Tools" menu in CCE open the KillSwitch. In the KillSwitch, from the "View" menu, select the "Hide Safe Processes" option. Then right click on all processes that are marked as suspicious or dangerous and select the option to remove them. You should also right-click on any unknown processes that remain and select the "Kill Process" option. Do not delete processes marked as FLS.Unknown. Next, in CCE, from the tool menu, launch Autorun Analyzer and select the "Hide Safe Entries" option from the "View" menu. Then disable any items belonging to files that are marked as suspicious or dangerous. You can do this by unchecking the boxes next to the items. You should also disable all items marked as FLS.Unknown, but which you think most likely belong to malware. Do not delete any items.

Now restart your computer. After restarting, check your computer again using the advice I give in the "" article. If all is well, then you can skip to the "" section. Remember, disabled registry entries are not dangerous. Also, note that even if your computer is clean of active infections, there may still be pieces of malware on it. They are not dangerous, but don't be surprised if a scan in another program still finds malware on your computer. These are the dormant remnants of what you just deleted. If you are not satisfied with the presence of these leftovers on your computer, then you can remove the vast majority of them by scanning in the programs mentioned in the next section.

However, if your computer has not yet been cleared of active infections, but at least one of the programs was able to start, go through the steps described in this section again and see if this will remove the infections. But, if none of the programs were able to start, please skip to the next section. In addition, even if repeating the instructions in this section is not enough to clean your computer, you need to move on to the next section.

2.2 If the computer is still not clean, scan with HitmanPro, Malwarebytes and Emsisoft Anti-Malware

If the above steps did not completely eliminate the infection, then you need to download HitmanPro from this page. Install the program and run "Default Scan". If it doesn't install, go to the next paragraph and install Malwarebytes. When a prompt is displayed during HitmanPro installation, I recommend that you select the option to perform only one-time computer scan. This should be fine for most users. Also, if malware prevents it from starting correctly, then open the program by holding down the CTRL key until it is loaded into memory. Quarantine any infection she finds. Keep in mind that this program will only be able to remove infections for 30 days after installation. During uninstallation, you will be asked to activate a trial license.

Once HitmanPro has removed all detected infestations, or if Hitman Pro failed to install, you need to download the free version of Malwarebytes from this page. Note that it has chameleon technology that should help it install even on heavily infected computers. I recommend that you uncheck the "Enable free trial of Malwarebytes Anti-Malware Pro" checkbox during installation. Make sure the program is fully updated and then run a quick scan. Quarantine any infection she finds. If any program asks to restart your computer, be sure to restart it.

Then download the Emsisoft Emergency Kit from this page. Once it's finished downloading, extract the contents of the zip file. Then double-click the file named "start" and open the "Emergency Kit Scanner". When prompted, let the program update the database. Once it's updated, return to the Security menu. Then go to "Check" and select "Quick", then click "Check". Once the scan is complete, quarantine all detected items. Restart your computer whenever required.

After scanning your computer with these programs, you must restart it. Then check your computer again using the advice I give in the "" article. If all is well then you can skip to the "" section. Remember, disabled registry entries are not dangerous. However, if your computer is still not cleaned, then go through the steps in this section again and see if it helps remove infections. If the programs in section 2.1 were previously not able to work correctly, then you should go back and try to start them again. If none of the above programs were able to start, boot into Safe Mode with Networking and try to scan from there. However, if they were able to start correctly and the threats still remain even after following the advice in this section again, then you can skip to the next section.

2.3 Try these slower methods if necessary

If the aforementioned measures did not completely remove the infection, then some very unresponsive malware is likely living in your machine. Thus, the techniques discussed in this section are much more powerful, but will take more time. The first thing I advise you to do is to scan your computer with another anti-rootkit scanner called GMER. It can be downloaded from this page. Delete anything shaded in red. Be sure to click the Scan button right after the program finishes its quick system analysis. In addition, if you are running a 32-bit operating system, you must download a program to find and remove the ZeroAccess rootkit. Information about this rootkit and a link to a program to remove it from 32-bit systems can be found here at. AntiZeroAccess can be downloaded from the link in the second paragraph.

After scanning in the above programs, next you should open CCE, go to settings and select the option "Scan for suspicious MBR modification". Then click "OK". Now in CCE do a full scan. Reboot when required and quarantine whatever is found. Note that this option can be relatively dangerous as it can identify problems where they are not. Use it with caution and make sure you have backed up anything important. Please note that on rare occasions, scanning with these options may render the system unbootable. This rarely happens, but even if it does, it is fixable. If your computer stops starting after performing this scan, use your Windows installation disc to restore your system. This should help get your computer to start up again.

Once CCE is completely finished, reopen CCE while holding down the SHIFT key. This action will kill most of the unnecessary processes that might prevent you from scanning. Then open KillSwitch, go to the "View" menu and select "Hide Safe Processes". Now, remove all dangerous processes one more time. Then, you should also right-click on any unknown processes that remain and select "Kill Process". Don't delete them. you should follow the advice in this paragraph every time you restart your computer to be sure that the following scans will be as effective as possible.

After completing all processes that were not considered reliable, you should open the HitmanPro program while holding down the CTRL key. Then do a default scan ("Default Scan") and quarantine whatever it finds. Then perform a full scan in Malwarebytes and in the Emsisoft Emergency Kit. Quarantine whatever they find. Then download the free version of SUPERAntiSpyware from this page. Be very careful during installation, as other programs are included with the installer. On the first page, make sure to uncheck both options regarding the installation of Google Chrome. Now select the "Custom Install" option. During the custom installation, you will have to uncheck the two checkboxes from the add Google Chrome option again.

Apart from that, the program will install just fine. When prompted to start a free trial period, I advise you to opt out. Once the program is fully loaded, select the Complete Scan option and click the "Scan your Computer ..." button. Then click the "Start Complete Scan>" button. Delete any detected files and restart your computer when required.

After completing these steps, you must restart your computer. Then check it again using the advice I give in the "" article. If all is well, then you can skip to the "" section. Remember, disabled registry entries are not dangerous. However, if your computer is still not cleaned, then follow the steps in this section again and see if this helps in eliminating the infection. If not, then you need to move on to the next section.

2.4 Make a bootable disk if necessary

If the above methods did not completely eliminate the infection, or if you cannot even boot your computer, then in order to clean your computer you may need a bootable CD (or flash drive), also called a bootable disk. I know this may sound complicated, but it really isn't that bad. Just remember to create this disk on a computer that is not infected. Otherwise, the files may be corrupted or even infected.

Since this is a bootable disk, no malware can hide from it, disable it, or interfere with its work in any way. Therefore, scanning in different programs in this way should allow cleaning almost any machine, no matter how infected it may be. The only exception here is if the system files themselves were infected on the machine. If so, then removing the infestation could harm the system. It is mainly for this reason that you have backed up all important documents before starting the cleaning process. However, sometimes you can get around this by following the advice I give below.

To do this, you must download. It is an excellent program that will allow you to create a single bootable disk with multiple anti-virus programs. It also has many other useful features that I will not discuss in this article. Some very useful tutorials for SARDU can be found here on this page. Be very careful about the additional suggestions now included in the installer. Unfortunately, this program is now trying to fool people into installing additional programs that are mostly unnecessary.

After downloading it, unzip the contents and open the SARDU folder. Then run the executable file that matches your operating system - either sardu or sardu_x64. On the Antivirus tab, click the antivirus applications that you would like to burn to the disc you are creating. You can add as much or as little as you see fit. I recommend that you scan your computer at least with Dr.Web LiveCD, Avira Rescue System and Kaspersky Rescue Disk. One of the nice things about Dr.Web is that it sometimes has the ability to replace an infected file with a clean version of it, instead of just deleting it. This will help you clean up some computers without harming the system. Therefore, I highly recommend that you include Dr.Web in your boot disk.

Clicking on the names of various antivirus applications will often direct you to a page from which you can download an ISO image with the corresponding antivirus. Sometimes, instead, you will be given the option to download it directly through SARDU, which can be found under the Downloader tab. If you have a choice, always choose the ISO download option. Also, after downloading the ISO file, you may need to move it to the ISO folder located in the main SARDU folder. Once you've moved the ISOs of all the antivirus products you want to the ISO folder, you're ready to create an emergency boot disk. To do it, go to the Antivirus tab and check that all the antivirus programs you have selected have the checkboxes checked. Now click the create button for either USB device or disk. Any of these options will be acceptable. It only depends on whether you want to run the rescue disk from USB or from CD.

After creating the rescue disk, you will probably need to change the boot sequence in your BIOS settings to ensure that when you insert a bootable CD or bootable flash device, the computer boots it and not the operating system as usual. For our purposes, you should change the order so that the first item is "CD / DVD Rom drive" if you want to boot from CD or DVD, or "Removable Devices" if you want to boot from flash drive. Once this is done, boot your computer from the rescue disk.

After booting from the disk, you can choose with which antivirus you would like to start scanning your computer. As I mentioned earlier, I would recommend starting with Dr.Web. When this program finishes and you restore or delete whatever it finds, you will need to shut down your computer. Then be sure to boot from disk again and then continue scanning in other antiviruses. Continue this process until you have scanned your computer with all the antivirus programs that you have written to your startup disk.

After cleaning your computer with programs that you burned to disk, you now need to try starting Windows again. If the computer is able to start from under Windows, then check it using the instructions that I give in the article "". If all is well, then you can skip to the "" section. Remember, disabled registry entries cannot be compromised.

If your computer is not cleaned yet, but you can boot from Windows, then I would advise you to try cleaning it while in Windows, starting with this article and following the suggested methods. However, if your computer still cannot boot Windows, then try to tidy it up again using the Windows installation disc. This should help get your computer to start up again. If even this does not help to make it bootable, then try adding more antiviruses to the emergency boot disk and then scan your computer again. If doing this still doesn't help, then read on.

3. What to do if the above methods did not help clean your computer

If you have followed all the above instructions and still could not clean your computer, but you are convinced that the problems are caused by malware, we would be very grateful if you leave a comment and explain what you tried to do to clean your computer, and what remained signs that make you think your computer is still not cleaned. This is very important in order to improve this article. In fact, hopefully no one ever gets to this section. This article is intended to give you the ability to completely clean the infected computer.

You can also seek advice on the dedicated malware removal forum. A very useful forum, which is our partner -. However, if, even after asking help on the malware removal forum, your computer is still not free of malware, you may need to format your computer and start it that way. This means that you will lose everything that you did not copy beforehand. If you do this, be sure to fully format your computer before reinstalling Windows. This will eliminate almost any kind of malware. Once Windows is reinstalled, follow the steps in.

4. What to do after all malware is finally identified for removal

After making sure that your computer is cleaned, you can now try to recover anything that was lost. You can use Windows Repair (All In One), an all-in-one tool that fixes a large number of known Windows problems, including registry errors, file permissions, Internet Explorer, Windows updates, Windows Firewall. If, after completing all the procedures, your computer is working normally, then you can also open Comodo Autorun Analyzer and select the option to delete those registry entries that you just disabled earlier. Thus, they will no longer be on your computer at all.

Once you have safely removed all infiltrations from your computer and eliminated the remnants of the devastating consequences, you must take steps to ensure that this does not happen again. For this reason, I wrote a guide "How to stay secure online" (to be published on our site soon). Please read it later and implement the methods that best suit your needs.

After securing your computer, you can now recover any of the files lost during the cleaning process that were previously backed up. Hopefully this step will not have to be done. Also, before restoring them, make sure that your computer is very well protected. If you do not protect your computer sufficiently, you can accidentally infect it, and then you will have to clean up the infection on it again. In addition, if you used a USB device to move any files to the infected computer, you can now insert it back into the computer and make sure there is no malware on it. I recommend doing this by deleting any leftover files on it.

Found a typo? Highlight and press Ctrl + Enter

In this article, we will consider a situation when a message appears on the computer stating that a virus has been detected on it, it is working slowly or with errors, and what actions the user should take in this case, and how to secure their data from loss.

In fact, if the user sees a virus detection message, that's good. This means that the antivirus program has detected a virus and will most likely remove it without user intervention.

This message does not mean at all that the computer is infected with a virus. You just downloaded or copied a virus-infected file to your computer and the antivirus program most likely deleted it before problems began to appear from it. In the same way, the anti-virus program can report the detection of a web page that is infected with viruses and the further use of which may lead to problems with the computer.

In other words, the message that a virus has been detected, if the computer is used correctly, does not mean at all that it is already infected or damaged. This means that you must not use an infected page or infected file. The system simply warns you of a potential problem if you use them.

You can also go to the antivirus program and check the quarantine or virus definition logs to see more detailed information about the virus and what actions were applied to it.


If you are not using an antivirus program on your computer

If your computer is not using antivirus software and the computer starts to run slowly or with errors, then there is a high probability that it is infected with viruses. Also, this situation can occur when using an anti-virus program with an out-of-date anti-virus database.

If an anti-virus program is not installed on the computer, then it must be installed as soon as possible. Of course, there are not so many quality free antivirus programs out there. You can consider one of them provided by Microsoft - Microsoft Security Essentials. This antivirus program will protect and clean your computer from viruses.


But keep in mind that the use of this program will only be relevant for Windows versions up to 7 (inclusive). Starting with Windows 8, the operating system already provides for the use of the built-in antivirus program Windows Defender, which is already installed and ready to work.

If the antivirus program did not detect a virus

If antivirus software is installed on your computer, but you have suspicions about the presence of viruses, try installing another antivirus program and scan your computer with it.

Some developers offer free trial antivirus programs or even online versions. Using such programs, you can scan your computer for viruses for free.


More complex computer infections

Some viruses and other types of malicious software penetrate so deeply into the system that it becomes quite problematic to remove them from there. Especially the antivirus programs that were installed after infecting the computer, as the viruses had enough time to multiply and download additional malware.

In this case, you cannot do without booting into Safe Mode. When booting in Safe Mode, Windows does not load third-party applications (which also include viruses). In this way, you can run the antivirus program without virus interference.

To boot into Safe Mode, restart your computer while holding down the Shift key. Run your antivirus program after booting your computer into Safe Mode and restart it again after that.

If cleaning your computer from viruses from Safe Mode does not work, you can also try using Antivirus Rescue Disk - it is used to scan and disinfect infected computers that cannot be cured using antivirus programs that run under the operating system. By loading "Antivirus Rescue Disk", the antivirus program gets a clean space for working with the computer and cleaning it from viruses, which in this case will be inactive.

As a rule, large companies developing antivirus software have “Antivirus Rescue Disk” among their products.

If the malicious software has damaged the system so much that after removing the viruses Windows does not load or continues to work incorrectly, then you can try resetting it to factory settings or performing a clean installation of the operating system.

But keep in mind that doing this on the computer will

This guide is out of date

Computer viruses are life-threatening. They destroy files and entire partitions on disks. Slows down the system. They cunningly use the address book to send copies of themselves to our friends and colleagues. There are many antivirus programs with a rich history of development and glorious names of creators. We are reviewing a popular program called avast !. Like its counterparts, avast! can scan your computer, find and remove viruses, protect the system from infection and automatically receive updates to the anti-virus database via the Internet.

Installing avast!

  • Click on the icon avast! below to go to the developer's site.
  • Select the "Free Antivirus" option and click on the "Download" button.
  • Creators avast! may be redirected to another, Russian site, from where it will be faster to download the program than from abroad. For example, on softportal.ru... We find there a link (links) to download the program, download the distribution file(.exe) and keep it to disk.
  • Run the installer by double clicking.
  • We follow the recommendations of the chapter Installing the program.
  • After installing the program, you can uninstall the distribution.

avast!

About the program

Main function: protecting your computer from viruses

License: free for non-commercial and personal use

Operating system: all Windows versions

The version of the program used here: 6.0

Distribution volume: 92 MB

Possibilities

You shouldn't think that the best antivirus software should necessarily cost a lot of money. Free avast! - a powerful tool in the fight against "computer diseases". The modern user will appreciate the protection against penetration into the computer from the Internet and the blocking of suspicious attachments in emails.

The antivirus user should remember two things:

  • New viruses are constantly emerging. Therefore, you need to keep the anti-virus database up to date. Avast! itself, automatically downloads database updates from the network, the main thing is not to interfere with it.
  • An attempt to run two or more antiviruses at the same time can lead to a serious conflict and freeze the entire system. Before installing avast! Make sure your computer does not have any other antivirus software. If so, it is better to remove it from the system (or at least disable it) before installing avast !.

Alternative programs for GNU Linux, Mac OS and Microsoft Windows

except avast! there are other free antivirus programs for Microsoft Windows, for example:

If your budget allows you to get a commercial (paid) antivirus for Microsoft Windows, this might be a good option. Commercial antiviruses often offer more complete and superior protection.

Although operating systems GNU Linux and Mac OS are considered relatively free of viruses, this danger should not be neglected. You never know at what point a "killer" virus will appear for these operating systems. In addition, it is possible (of course, unintentionally) to be a virus distributor, even though your own computer is not infected.

Today, alas, no free anti-virus products that could be recommended with a pure heart for use in Linux and Mac OS... There are, however, a few worthy commercial products, for example:

Installing and registering avast!

Before installing the program, we recommend that you stop and remove other anti-virus tools from the system, if any are installed on your computer. Different antiviruses can conflict with each other and lead to various troubles up to the system freezing.

  • Run the installation file (.exe).
  • Selecting the installation language. Leave "Russian" (default) and click "Next".
  • Welcome window. For security reasons, we recommend that you uncheck the "Get involved in the avast! Community" box. Click "Next".

  • Avast! Recommendations. If you don't have Google Chrome installed, avast! will advise you to download and install it. You do not want? Then select "No" and click "Next".

  • Installation process, the progress of which can be monitored, and an express scan of the system (despite the "express", it can take quite a long time). Installation Complete window. You can click the Finish button. A "corporate" orange circle will appear in the lower right corner of the screen (system tray).

After installing avast! will remind you of registration.

How? Free software - and registration? Yes, it happens. You can use avast! 30 days. Registration is free, just like avast! Itself. In the process, you will need an internet connection.

  • Click on the orange avast! in the system tray (in the lower right corner of the screen).

The main avast! Window will appear in which you will see the phrase "The program is awaiting registration, please register."

    Another colorful window with information, where we are offered a paid version of the program.

Find the gray button "Register" and click on it. Now we have a registration form:


  • For privacy reasons, we advise you to fill in only the required fields (name and e-mail address).
  • We click on the button "Registration for a free license". This completes the registration procedure.

Now you can use the program without "reminders", completely free of charge, for a year. After a year, avast! will ask you to re-register (also free).

Updating avast!

You may ask why we started talking about updating it right after installing and registering the program? The fact is that updates are important for antivirus as for any other program. New viruses appear every day, and it is very important that your protection system is aware of them.

Avast! automatically checks for updates. When a suitable update is found, the program downloads and installs it. In the lower right corner of the screen, a window pops up saying that the program has been updated.

Both the program files and the anti-virus database (the creators of avast! Call it the "virus scanning and detection engine") are subject to regular updates.

Update avast! you can also manually.

  • Click on the avast! in the lower right corner of the screen with the right mouse button.
  • In the "Update" menu, select "Program" (for program files) and / or "Scanning and Virus Detection Module".

If the updates are serious, you may need to restart your computer.

If you do not have good permanent internet access, you can disable avast! attempts to automatically go online and download updates (although we do not recommend doing this).

  • Click on the avast! in the lower right corner of the screen with the left mouse button. The main program window will open.
  • At the top we find the menu and select the "Program Settings" item.
  • In the left column, select the "Updates" item.
  • There are three modes to choose from for both the program and the virus scanning and detection engine. Avast! can itself, automatically, download updates, or ask your permission, or do nothing. In the latter case, you will have to update the program and the anti-virus database manually - perhaps not the worst option, just remember to do it regularly.

Finally, there is the option to download the update from the developer's website

This is useful when there is a need to update the antivirus on a computer where there is no Internet connection at all, or its speed is poor. The file can be downloaded where the speed is good, burned to a disk or a USB flash drive, transferred to the desired computer (with the avast! Program installed) and run the update (this is a regular.exe file).

This is what avast! Looks like if both the program and the scanning module were updated correctly (main program window, menu "Summary" - "Current state".

Scanning your computer for viruses

Even if the presence of a virus is not felt on the computer, this does not mean that the system is free of malicious code. Many viruses do not manifest themselves in any way until certain conditions occur. Therefore, it is useful to run a virus scan of disks from time to time.

Let's take a look at the main program window. (It can be invoked by a simple left-click on the avast! Icon in the lower right corner of the screen).

On the left are large vertical menu buttons.

  • Summary. Here you can find basic information about the components of avast! (including how fresh they are) and usage statistics for avast! to search for viruses on your computer.
  • Scan your computer. Various options for scanning your computer for viruses: right now, when you boot your computer, as well as the results of previous scans.
  • Screens in real time. From here, you can start (or, conversely, disable) protection for various processes, for example, protecting e-mail or viewed web pages.
  • Additional protection. At this point, you can enable and configure the "Sandbox" (sandbox) - this is how the developers of avast! is called the special area created by the program where avast! places programs that seem suspicious so that they do not damage the system files of the computer. Also, here you can enable the module to view the reputation of WebRep websites and block specific sites.
  • Service. We have already talked about updating and registering the program in the previous chapters, and we will talk about Quarantine a little later. In addition, you can find information about the avast! Program here.

Let's try to check your computer for viruses.

In the main window of the program, in the left menu, select "Scan computer" - "Scan".


avast! offers four possibilities.

  • Express scan. Recommended as the fastest way to make sure that the main components of the system are not infected with viruses.
  • Full scan. If you have the time and want to do a deep scan of all files, this option is for you.
  • Removable media scanning. It is useful if a USB flash drive is connected to your computer, which cannot be said for sure that it is "clean".
  • Select a folder to scan. Full scan, but not the entire computer, but a separate folder. Convenient if you suspect that the virus is located there.

For more information on each scan option, click on the "Details" link.

You can also configure the scanning parameters there (this option is more likely for advanced users).

To start express scanning, just click on the "Start" button.

Scanning starts.


At the end of avast! will show you how the scan went. If a threat is detected, the picture will look something like this:

Click on the button "Show results"


The rest of the scans are performed in the same way.

In the Scan at Startup menu, you can enable virus scanning by clicking the Schedule button.

Every next time you boot your computer, avast! will scan your hard drive (or drives) for viruses. Why is it important? In this case, avast! scans the hard drives of the computer before loading most programs and even the drivers of the Microsoft Windows operating system itself. Viruses do not have time to get into the RAM and activate, avast! ahead of them, which allows him to more efficiently do his job. If you suspect that a virus is "hosting" your computer, one of the usual recommendations for such cases is to run avast! in the "Scan at boot" mode.

What to do if avast! found an infection on your computer?

If this happened in the "Scan at boot" mode, you will see a blue screen with text in front of your eyes (after all, the Windows graphical interface has not been loaded yet). avast! will prompt you to delete, move, disinfect the infected file or ignore the problem. (The latter option, however, can hardly be considered reasonable).

In other modes, you will have the following choice:

  • Treat. avast! will try to get rid of the malicious code in the infected file without any loss for you and for the system. It doesn't always work, but it's worth a try.
  • Move to quarantine. Do not delete, but isolate the infected file so that the virus cannot harm other system components (see below for more details).
  • Delete. avast! simply deletes the infected file. This can be the simplest and most effective way to solve the problem - of course, if you are sure that the file does not represent any value to you or to the operating system.
  • Do nothing.

A little more about quarantine. It may happen that a pest has "infiltrated" one or another important file. It is not part of your plans to delete this file, on the contrary, it is very important, and you cannot cure it. For these cases, the authors of avast! and came up with "Quarantine". The program isolates the file from the system, preventing the virus from spreading and giving you the opportunity to think and decide what to do next. By the way, there are situations when even the best anti-virus program misfires and takes for a virus a completely normal file (which, from the point of view of this program, demonstrates "suspicious behavior"). Careless deletion of such an "innocent" (but important for the system) file can be fraught with trouble. And you can always extract it from Quarantine.

In this example, avast! after a successful scan, he localized the virus and suggested options for further action.

Select "Move to Quarantine" and click the "Apply" button. avast! executes the command, although it produces no results. When you close the window, avast! insistently suggests that you enable scanning when you start your computer. You can see the file in the "quarantine" if you select "Maintenance" - "Quarantine" in the main program window.

A quarantined file with a virus looks like this:

By right-clicking the mouse, you can perform various actions with the file, for example, delete, restore "as it was" (before avast! Intervention), save it to another folder on the disk, etc.

Like any decent antivirus package, avast! includes not only a scanner (which runs periodically), but also a resident (resident in memory) anti-virus "screen". This helps to constantly monitor the "health" of the computer and prevent viruses from entering the system.

To be precise, avast! there are several resident program modules that the developers call "screens". In the main program window, they are listed in the "Live Screens" menu.

By clicking on the name of the screen in the menu, on the right we get more detailed information about it. Each screen can be turned on and off using the Start and Stop buttons.

There are eight screens in total:

  • File system screen. The main avast! Screen scans files when they are opened (in particular, programs at startup) .. In particular, it is he who scans programs when they are launched.
  • Mail screen. Scans incoming (and at the same time outgoing) mail, including, of course, attachment files. Very useful if you are using an email client such as Mozilla Thunderbird.
  • Web screen. Protection for the Internet while browsing the websites.
  • P2P screen. Used for point-to-point or peer-to-peer programs. It is useful if you have applications running on your computer that exchange data over the network with other computers directly (for example, torrent clients).
  • Internet chat screen. Useful if you use ICQ, for example.
  • Firewall. Protection against network attacks from the outside, for example, from a computer that (by hook or by crook) has connected to your local network.
  • Scenario screen. Intercepts all scripts executed on the system.
  • Behavior screen. Reveals unusual and suspicious behavior of programs (and draws the user's attention).

Most screens are customizable. To do this, click on the "Advanced settings" button in the corresponding screen window.

The example below is the sensitivity level settings for the web screen.


As you can see for yourself, avast! offers quite a few settings, which are more likely for an advanced user, and we leave them outside the scope of this guide. An inquisitive reader will deal with them without much difficulty: avast! offers not only hints next to each field and button, but also an intelligent help system in Russian. To access it, just press the F1 key on the keyboard or the button with a question mark in the program.

Sometimes the protection they provide avast!, Comodo Firewall and Spybot turns out to be insufficient. Despite our desperate efforts, malicious code still infiltrates the system. Then you have to look for more effective ways.

Antivirus CD / DVD

Some antivirus vendors offer tools for creating custom CD / DVDs. With their help, you can perform a "clean" (virus-free) computer boot and deal with infected hard drives. A CD / DVD can usually be downloaded in one ISO file (called a "disc image"). ISO is a universal format, it is "understood" by various programs for working with CD / DVD. With the help of such a program, you can turn an ISO file into a bootable CD or DVD, which is necessary for fighting viruses.

The sequence of steps is as follows:

  • We are downloading a program that will help you deal with malicious code, such as those described in our guide.
  • Create bootable anti-virus CD or DVD. To create (sometimes they say "burn" a disc), you can use some free program, for example, ImgBurn.
  • We insert the disc into the floppy drive of the infected computer.
  • Turn off the computer (as usual). Disconnect it from the Internet - physically remove the wire or disconnect the wi-fi adapter, depending on the method of connecting to the Internet.
  • We turn on the computer and boot it from the CD / DVD.

Advice for advanced users. Your computer (depending on configuration) may have a "hard drive first, then CD / DVD" boot sequence. In this case, the computer will always boot from the infected hard drive. To change the sequence to "CD / DVD first, then hard drive", you need to enter the computer BIOS and change the corresponding parameter. The BIOS is entered most often by pressing the Del key or another key at the very beginning of the boot (when the first information appears on the black background of the screen). BIOS manufacturers prefer different interfaces that are always displayed in English. If you are not confident in your abilities, it is better to turn to a knowledgeable person. ATTENTION! Incorrect BIOS settings can prevent your computer from booting properly!

Some very old computers may not be able to boot from CD / DVD at all. Then, unfortunately, the method described in this subsection cannot be applied. Fortunately, these computers are getting smaller.

  • We turn on the Internet connection and let the anti-virus program download the latest updates.
  • We scan the hard disk (s) of the computer for viruses.

Here are some examples of "anti-virus CDs":

After performing a clean boot, you can use other scanners:

  • HijackThis and other tools from the Trend Micro Clean-up Tools.
  • RootkitRevealer from Microsoft's Sysinternals suite.

To deal with the malicious code for sure and finally, you can use several such utilities in sequence.

Reinstall Microsoft Windows

The last resort against viruses (when other methods have already been tried) can be a complete reinstallation of the operating system. This is a relatively long process, but it allows you to "start from scratch". If you do everything carefully (nothing is fundamentally difficult), you will not lose any of your work files. Reinstalling Windows only affects the system files of the operating system itself, not user data.

I must say that on other computers, reinstalling Windows helps to solve other problems "in one fell swoop", for example, system overload with installed and out of place programs, errors in the registry, etc. It turns out something like a "general cleaning".

ATTENTION! Before reinstalling Windows, make sure that you have at hand all the license keys and serial numbers for paid programs installed on your computer, as well as for the distribution of Windows itself. You should be aware that when you completely reinstall Windows, all installed programs will be removed, they will have to be reinstalled. Therefore, remember (write down) the settings of the most important programs.

The sequence of steps is as follows:

  • We create a backup copy of user data (documents, spreadsheets, email files, etc.).
  • We boot the computer from the Windows distribution to CD / DVD.
  • Install Windows, following the instructions on the screen, formatting the system hard drive.
  • Let Windows download and install the updates necessary for the operating system.
  • Install avast! (or another antivirus program), let it download and install the updates it needs.
  • Install (and, if necessary, update) other programs.
  • Only after that we connect the disk with the data backup to the computer. We scan it for viruses and other malicious code.
  • Restoring data from a backup.

Questions and test

Questions

Question: I have a lot of files on my computer. Will it take too long to scan these files every time you boot your computer?

Answer: May be. It might be worthwhile to settle for a single scan of the entire system at boot, then disable this option and rely on avast! 'S resident protection.

Question: Should I install two antiviruses (or more) on my computer to provide more reliable protection?

Answer: Not worth it. Antivirus programs can conflict with each other. One of them may consider the behavior of the other suspicious or even dangerous, and the user will have problems. Use the program that you like more, which you trust.

Question: I've heard that antivirus ... is better than avast !. This is true?

Answer: It happens that anti-virus programs behave differently in critical situations. What one antivirus could not "cure" or even did not detect, another will be able to, and vice versa. In general, modern advanced antivirus tools (such as avast!) Cope with the vast majority of viruses with approximately equal success. If you don't like avast !, you can uninstall it and install another antivirus, even a commercial one, since such programs are usually inexpensive.

Mini test

1. Registering avast! allows you to work with the program for free for ...

  • 1 month
  • 6 months
  • 12 months
  • 24 months

2. How to register a program?

  • Fill out a questionnaire in the avast! Program and the program will do everything by itself
  • Fill out a questionnaire on the developer's website and wait for the key by email
  • Fill out a questionnaire on the developer's website and copy the key from the screen
  • Fill out the form in a text file, send it to the developer by email and wait for the key by email

3. We are faced with the task of updating the avast! (module for scanning and virus detection). Which statement is wrong?

  • Avast! can automatically download updates by itself
  • The update can be done "manually"
  • The update can be downloaded from the developer's website as a file
  • Updates are only available with the new, fresh version of avast!

4. What is the purpose of "quarantine"?

  • This is the virus database from where avast! draws information from scanning
  • It is an "isolator" for files that avast! marked as infected
  • This is an intermediate buffer into which the infected file is placed immediately before deletion.
  • This is a harmless demo program that introduces the user to the symptoms of a virus infection on a computer.

5. What security system do we call "resident"?

  • Demo protection (demonstrates protection capabilities to familiarize yourself with the program)
  • Protection, which is constantly in memory and monitors the actions of viruses and suspicious programs
  • The protection that is triggered when starting avast! in manual scan mode
  • "Deep" scanning of disks and files

6. Why is avast! as many as eight "screens"?

  • Each screen is designed to solve a different problem
  • They provide different levels of protection
  • They are required for compatibility with avast! with other programs
  • These are language modules (avast! Interface in different languages)

7. While in the avast! Resident protection settings, you can ... (find the error)

  • ... turn off all screens
  • ... turn off one screen
  • ... install a new screen
  • ... customize each screen individually

8. Find a feature that is not among the main features of avast !:

  • Checking email attachments
  • Securing ICQ connections
  • Scanning boot sectors of floppy disks
  • Spam filtering

Probably, you purchased an extension for Dr.Web Anti-virus, which does not include these components, or you simply downloaded the wrong distribution kit.

    In the first case, you need to purchase a Dr.Web Security Space license or exchange the Dr.Web Anti-virus license for the desired product by paying the difference in cost or getting a new license for a slightly shorter period.

    To do this, on the main page of drweb.ru in the section Support click on the button Create a support request... On the page that opens, select a topic Purchase / renewal / additional purchase... Submit a support request.

  • If you downloaded the wrong distribution, on the drweb.ru home page, in the top menu, select Download and click on the button Download Dr.Web... On the page that opens, enter in the form your serial number and the email address you provided when registering it. Go to Download Wizard, download and install Dr.Web Security Space.

Dr.Web anti-virus for Windows includes many programs. Which of them protects me from viruses, and which only auxiliary programs?

Dr.Web anti-virus is a whole complex of programs, each of which protects its own "area of ​​defense" of your computer. Removing (uninstalling) or disabling at least one protection component significantly reduces the reliability of anti-virus protection as a whole, therefore we strongly advise not to disable any of the program components unless absolutely necessary.

The auxiliary programs of the complex are the Automatic Updates Utility and the Scheduler.

Dr.Web only removes Trojans? Doesn't he heal them?

To answer this question, you need to understand what is the difference between a virus and a Trojan horse. As a rule, a virus adds (appends its code) to a file it infects, and thus a virus-infected file consists of a “healthy” file itself and a virus-infected part added to it. Together they form a virus-infected file. The Dr.Web anti-virus can (and does) disinfect most of these files. Moreover, we are not talking about "curing a virus", but about "curing a file" infected with a virus.

A Trojan horse is inherently malicious in its entirety. The Trojan does not add itself to files, it lives an independent life of a full-fledged computer program, so there is no cure for it - only deletion. Some Trojans corrupt various system objects, such as the Windows Registry. In this case, we can talk about the possibility of disinfecting the system (but not the Trojan program), which consists, in particular, in removing the Trojan itself, as well as in restoring the objects corrupted by it.

What is the scanner for? Isn't the SpIDerGuard anti-virus monitor, which always monitors all file accesses, is not enough?

Dr.Web Scanner for Windows scans files either at the user's command or according to the schedule specified in the Scheduler. Not all files are scanned (unless such a very resource-intensive scan mode is not set by the user), but only those specified in the scanner settings. You can view the current settings of the scanner through the menu bar of the main program window by selecting the "Settings" item through the "Change settings" option. By default (i.e. according to the settings specified by the anti-virus developers) files are scanned by format - files in archives, packed files and mail files, as well as RAM and all autorun files. If desired, you can set the scan of individual logical disks, directories, scan by file types, by a specified mask, or scan all files.

I have a suspicion that a virus has sneaked onto my computer. How can I start the scanner?

There are several ways to launch the scanner.

  • When Dr.Web was installed on a computer, an icon with a spider on a dark green background appeared on the Desktop - a scanner icon. Click on it with the mouse and the scanner will start.
  • In the lower right corner of the display (system tray) there is an antivirus icon in the form of a black spider on a gray background. Click on it with the left or right mouse button. In the context menu that appears, select the "Scanner" item, then select the required scan mode: fast, full or custom.
  • Through Windows Explorer to scan a specific object (file or folder). Click on the selected object with the right mouse button. In the context menu that opens, select the Check Dr.Web item with an icon in the form of a black spider on a gray background. The scanner will start immediately and the file will be scanned.