Do you think you can only find a virus and get rid of it with an antivirus? But no, no. Now I will describe to you how you can get rid of it with straight hands. We will use the program to search for files using various parameters.

First you need to understand what a virus is.
Virus is an executable file. Those. it has an exe or dll (very rare). If you think logically, such files are not created randomly while working on a computer. Of course, unless you downloaded it from the Internet installation file programs or did not copy something with such an extension. But you know and remember this, and viruses work on the sly.

All that remains is to find it. A free portable utility will help you with this. SearchMyFiles. We will not use it for its direct meaning, but only use its ability to search by date and time.

By the way, the main features of the program are searching by templates, time of creation/modification/access (created/modified/accessed), attributes, sizes, contained text or binary fragments, and others. The results can be saved to a file in text/html/csv/xml format.

To start the link:

Initially, the search window looks like this:

After installing the Russian language (just unpack it into the program folder), it changes:

I think many have already guessed what needs to be done here. If not, look at the screenshot:

So:
- indicate the folders where you should search (usually this is system disk fully).
- specify the mask for files (*.exe;*.dll).
- indicate the file time. If you know the time when the virus was discovered, you can indicate it. There are many different parameters there. I recommend specifying either Yesterday, or specify the interval from which to which date. You can specify both access and creation.

This method is suitable for more experienced and advanced users who know the file names.
This method of searching for viruses is also good because it does not depend on the relevance of the antivirus database.
Well, if you consider that this program does not require installation, then you can imagine how useful it is.

For example, your computer was blocked by SMS ransomware or a windows blocker. Are you loading from

without using any antivirus programs

Here we will show you how you can independently detect and then remove files that can harm your computer or viruses yourself (manually) without using any antivirus software.

It is not difficult . Let's start!

How to remove a virus yourself

Action is necessary with administrator rights.

First you need to open the command line. To do this, press the keyboard shortcut WINDOWS+R and in the window that appears, in the line enter cmd and press OK .

cmd command command line

Or by clicking the button Start in the lower left corner of the monitor screen, in the search bar, start typing “ command line", and then click on the result found right click mouse and select " Run as administrator».

Calling the command line via search

Run Command Prompt as Administrator

Briefly about the goals of our future actions:

Using the command attrib you need to find files that should not be among system files and therefore may be suspicious.

In general, in C:/drive should not contain any .exe or .inf files. And in the folder C:\Windows\System32 also should not contain any files other than system ones, hidden or read-only with attributes i, e S H R.

So, let's begin a manual search for suspicious files, that is, probable viruses, on our own, without using special programs.

Open command prompt and paste cmd. Run this file as administrator.

Opening cmd

We write in the line cd/ to access the disk. Then enter the command attrib. After each command, do not forget to press ENTER:

Team attrib on the command line

As we can see from the last picture, files with extensions .exe or .inf not detected.

And here is an example with detected suspicious files:

Viruses in Windows

Disk C does not contain any files .exe and.inf, Bye you won't download these files manually yourself. If you find any file similar to the ones we found and it displays S H R then it could be virus.

Here we found 2 such files:

autorun.inf

sscv.exe

These files have extensions .exe and. inf and have attributesS H R . This means that these files can be viruses .

Now dial attrib -s -h -g -a -i filename.extension. Or in our example this:

attrib —s—h -G -a -i autorun.inf

This command will change their properties, making them regular files. Then they can be deleted.

To delete these files, enter delfilename.extension or in our case:

del autorun.inf

The same must be done with the second file:

Removing viruses manually

Now let's go to the folderSystem32.

Enter CDwin* and press ENTER.

Enter again s system32. Press ENTER.

Then enter the command attrib. Press ENTER.

Here's a long list:

Enter the command below again attrib, don't forget to click later ENTER:

And we find these files:

Suspicious files in the Windows folder

The screen moves very quickly when moving up and down, so when something new flashes, pause and go back to check each file without missing a single one.

Suspicious files in the Windows folder

We write down everything we find SHR files:

1. atr.inf
2. dcr.exe
3. desktopini
4. idsev.exe

Run the command attrib 3 or 4 times to make sure you have checked everything.

Here you go. We independently found as many as 4 malicious files! Now we need to remove these 4 viruses.

C:\Windows\System32> attrib -s -h -r -a -i atr.inf

C:\Windows\System32> del atr.inf

C:\Windows\System32> attrib -s -h -r -a -i dcr.exe

C:\Windows\System32> del dcr.exe

C:\Windows\System32> attrih -s -h -r -a -i desktop.ini

C:\Windows\\System32> del desktop.ini

C:\Windows\System32> attrib -s -h -r -a -i idsev.exe

C:\Windows\System32> del idsev.exe

Removing viruses from your computer yourself

A similar operation must be carried out with other folders nested in the Windows directory.

We need to scan a few more directories such as Appdata And Temp. Use the command attrib as shown in this article, and delete all files with S H R attributes that are not related to system files and can infect your computer.

The problem of infected images and viruses disguised as them is quite important due to the existing threat search algorithms used in most antiviruses. Antiviruses that use predominantly signature analysis, and are endowed with all the advantages and disadvantages of this technology, are often forced to ignore binary files to save high speed scanning. It is this feature of antiviruses that leads to convenient opportunities for attackers to infect web resources and servers by hiding infections in binary files and, most often, in image files. In this article, we will look at the most common types of such infections, methods for detecting such files and methods for eliminating or cleaning them, and we will also talk about how Virusdie helps in the fight against such files.

Often, the pattern of infection of sites and servers involves infection of executable files or the creation of new ones. At the same time, a separate group should include infections that masquerade as image files or upgrade them. The difficulty of finding and eliminating such infections lies not only in the very principle of their detection, but also in the consequences that they can lead to. automatic elimination or simply deleting files.

A malicious file disguised as an image

Cases like the one described below occur quite often. The attacker uploads a file with a typical image extension (for example, *.ico, *.png, *.jpg, etc.) and containing code to the server.

The call to a malicious file is written in one of the files executed when the CMS site is running. This can be either the main index.php file or one of the CMS template files. Visually detecting a similar file is quite easy. Usually, the very name of such a file can even suggest to an untrained user that it is suspicious, for example, favicon_9b3623.ico. You can easily verify that a file is malicious by simply opening it in an editor. In case you open an image file and see a meaningful code, - file harmful.

However, if in this case identifying the most malicious object is not difficult, eliminating such an infection requires special attention. In most cases, simply deleting the file will result in the website not working because the non-existent file is being called in one of the CMS files. In order to eliminate the found infection without consequences, you can search the site files by specifying as a search object a piece of content containing the file name of the found threat (for example, favicon_9b3623.ico).

After finding files containing a call to an infected object, you just have to delete the lines of access to the infected file. In this case, removing the infection masquerading as an image file will be painless for the operation of your site.

Malicious code in a real image file

Cases of infection of real image files are much more rare than the creation of malicious files containing explicit PHP code and only having an extension corresponding to the image. But the danger of such infections lies in their difficult detection, which almost eliminates the possibility of detecting such files manually.

Often, a fragment is appended to the end of a binary image file. The name of the file itself remains unchanged, and often the original time of the last legal modification of the file is preserved to avoid detection based on identifying modified files on the server over a certain period of time. The described case is quite non-trivial to detect and, even more so, to eliminate.

With problems of this class, different antivirus agents work various methods, many of which are based on an integrated approach that takes into account various factors. For example, during the scanning process, both reputation methods and heuristic and, in some cases, even signature methods are simultaneously applied to a file.

In most cases, the best option eliminating the identified infection will, as in such a case, be the restoration of the unmodified file from backup copy or eliminating a piece of code. However, you should be careful and first check that the original copy of this image file does not contain malicious inclusions.

Virusdie's approach to image file analysis

On April 5, 2018, we are launching a program for testing new algorithms that allow us not only to detect the cases of infection described above, but also to eliminate most of them automatically without consequences for the performance of sites. Initial testing will be carried out on the entire Virusdie product line, but found files will be marked as “Suspicious”. Also, during testing of the new detection logic, automatic elimination of found objects will not be available in order to avoid disruption of client web resources.

To eliminate found infections, you can always use our tips given above in this article.

Hello everyone Do you think you have a virus? Or do you want to somehow check whether it is there or not? Honestly, I don’t know what to tell you here, the fact is that there is no such program to simply check whether there are viruses or not. You can really do it differently, you can download an anti-virus utility and scan your computer, but if there are viruses, do not remove them. Here you will get what you wanted, that is, you will find out whether there are viruses on your computer or not. But I think that you agree with me that this is some kind of stupid nonsense, well, such a check, without removing the viruses themselves, in case they are found.. In short, nonsense, don’t you agree?

But are there any symptoms, so to speak, that there is a virus living on the computer? Well, what can I tell you, on the one hand there are, on the other hand they may not exist at all.. The fact is that earlier viruses could play around, do some nonsense, play mischief, so to speak.. But today they are already smarter and they are programmed, so to speak, to work covertly, that is, to make them impossible to notice.

But there are also viruses that are noticeable, so guys, here is a list of common signs by which you can understand that you have a virus:

1. your computer or laptop behaves strangely, sometimes it may regularly freeze, slow down, and visible reasons no, that is, sometimes the computer works normally, sometimes it’s strange;
2. you are sitting in a browser, watching the Internet, but advertising is not quite the same as it was before; There may also be advertising where it has never existed before, for example search engines, they have their own branded advertising, so to speak, and there should not be any left-handed advertising;
3. the advertising is not entirely standard, that is, you can notice that most of the advertising is in a foreign language, this means that the virus shows foreign advertising, because the virus itself is from there and, in principle, it was not made for Russian-speaking users, well, something like this;
4. after loading Windows, something else happens, that is, the disk rustles, something is happening there, although there is no reason for this;
5. sometimes or regularly the mouse changes its icon to a waiting icon, that is, as if some action is being performed and its completion is expected; in most cases, this is a sure sign that something is wrong with the computer and most likely there is a virus;
6. antivirus sites are blocked, you cannot download any antivirus or antivirus utility; if you notice this, then alas, it is also very, very similar to a virus;
7. It’s unclear why you can’t log into your mail or VKontakte or another social network; at the same time, you did not change the password, that is, it is not clear why, but you cannot log in; in this case, the phone is no longer suitable for restoration, well, this is in case it was tied; or vice versa, the phone works and you can restore access, but then the situation may repeat itself; this all suggests that either you have a virus or an attempt was made to extract your password in a fraudulent way, so to speak, for example, using phishing;
8. files do not open, that is, for example, you have music, that is, music files and so you try to open them, but there is exactly zero response, this is also a sign of a virus;
9. pop-up messages on the computer itself, usually a small window appears and there is an incomprehensible advertisement in it; it is precisely this window that the viral process is responsible for;
10. malfunctions in the operation of programs, for example, your browser opens as if you had just installed it;
11. you cannot save the file in the browser, that is, you try to save, but there is zero response, or vice versa, the save dialog pops up, but then nothing downloads; I had this happen and to be honest, I still didn’t understand whether it was a virus or not, because then I went and cleaned Windows antivirus utility, after which everything was normal;

These are, so to speak, approximate signs that you have either a virus on your computer or a program with viral behavior. What is also interesting is that not all antivirus programs with viral behavior are classified as dangerous. Often such programs live in peace, and you don’t even suspect that they only slow down the work of the computer, and such programs can also download other programs, also viral, so to speak, colleagues in the shop.

What to do in this case? I’ll be honest, believe it or not, the best thing is not to look for viruses yourself, not to remove any suspicious programs, but just use two programs, these are AdwCleaner and Dr.Web CureIt!, they are free and best tools to search for viruses. I’ll tell you about them today, I think that everything will be clear to you and you will know how to clean your computer from viruses

So guys, I will show everything in Windows 7, but for other Windows everything is similar. Let's start with AdwCleaner, you can download this utility here:

There you click on download and that’s it, then you launch it, there you will also need to click I agree, well, it’s like license agreement. And that’s it, then the program will start, you won’t even need to install it, look how it looks:

Oh, I completely forgot to write something about why the AdwCleaner utility is needed! This utility is needed to search for virus programs, that is, not full-fledged viruses, but programs that only harm the computer, such programs are also called ad viruses. In general, I advise you to scan your computer with the AdwCleaner utility, which means clicking on the Scan button in the window and waiting for the scan to finish. During the scan, everything possible will be checked, this includes browser extensions, there may easily be virus extensions, everything will also be checked system folders, services, registry, browser shortcuts, scheduled tasks, in general, everything you need will be checked, believe me. The check itself is very thorough. Then, when the AdwCleaner utility checks everything, you will need to click the Clean button so that all virus debris is removed (before that, you can look in the tabs to see what was found and where, if you are interested, of course):

Then a message will appear saying that the AdwCleaner utility will close all programs itself, so save everything that may be lost when closing the program. In short, you better close all the programs you can and then click OK in this message:

Then the removal of viral debris will begin. By the way, it’s funny, but not a lot of viral garbage was found, but not very little either. Do you know what is most interesting about this? I have Avast installed on my computer.. But he didn’t notice anything like that... That’s a joke.. Well, in short, then a message will appear, it’s just informative in nature, but I advise you to read everything that’s written there, it will still be useful info for you:

Well, then there will be another message, this is about the fact that a reboot will be done (without it there is no way):

After the reboot, a report will open in which it will be written what was done, that is, what was deleted, what folders and files were there, in short, you can read it in principle, here is the report that opened for me:

Well, we’ve done the first part, we checked the computer with the AdwCleaner utility, now it’s time to check the computer with the Dr.Web CureIt! utility, which is already aimed at searching for serious viruses, like Trojans, worms and all that. This means the Dr.Web CureIt! you can download it from here:

There you click Download for free, there’s nothing complicated

By the way, what I also really like is that the Dr.Web CureIt! will download with a random name, this is specifically so that viruses do not understand that you are downloading an anti-virus utility! Yes, such viruses exist and this is not a joke! For example, I downloaded the utility with this name:

So, we downloaded the utility, run it, this window will appear, this is Windows security, then click Run (you may not have this window at all):

Then a window will appear, there you will need to check the box that you are taking part in the quality improvement program, without this you will not be able to click on the Continue button:

And only then you can scan your computer for viruses; all you have to do is click the Start scan button:

The search for viruses will begin:

There will be a small sign at the bottom, viruses will be indicated there, of course, if they are found. The scan itself may take some time, since all files, all folders are checked, in general, the more files you have on your hard drive, the longer the scan will take. If you have a non-standard HDD, and SSD, then the check should be an order of magnitude faster. Now the check is over, I found some viruses and virus programs, here they are, look:

In general, I click the Defuse button and the process of removing all this virus begins:

Well, look, please, the utility worked just fine and that’s it, look for yourself, everything that was found was all deleted:

Well guys, what are your thoughts? It seems to me that the Dr.Web CureIt utility worked superbly! and I think that you agree with me! Then, when you close the Dr.Web CureIt! window, it will be written that in order to complete the job, you need to reboot:

Do you know that? Don’t put off this reboot, but do it better right away! Before rebooting, save all the data, close the documents, programs, so that you don’t lose anything, maybe you were doing something on the computer, save this, and then click the Restart now button

I have to write something else important. After a reboot, your computer may load a little slower, this will happen once and it seems to me that this is somehow connected with Dr.Web CureIt!, then when I rebooted again, everything was normal!

As I already wrote, it may be that you cannot download antivirus utilities. This is, so to speak, a very rare and unpleasant bummer, and you know what? Guys, I had it, but it was a long time ago! What should be done in such cases? Well, here I will say this, you need to check your computer in any way, try downloading the utility from a friend on a flash drive, and then run the utility on your computer. Yes, this is still a hassle, but you can also try to look for some utilities that you can still download! In such cases, it’s very good to turn to the security forum, the guys there often help in any way they can..

Well guys, it’s time to summarize a little, so to speak. What did we do, what did I write to you about here? I told you about two utilities that allow you to find out whether there are viruses on your computer or not, and of course, if there are any, then it is better to remove them; the utilities can do this too. These two utilities are really effective tools against almost all viruses and advertising nonsense. I highly recommend using these utilities; if you have a desire, you can also look at the HitmanPro utility, I wrote about it here:

Well, guys, that’s all, I hope that everything was clear to you here, and if something is wrong, then I’m sorry. Good luck in life and may everything go well for you

24.12.2016

Friends, in this article you will learn how a computer will behave when infected with a virus, and how to carry out treatment using system recovery.

Today, diversity computer viruses The Internet is amazing, but the creators of antiviruses are also not asleep - they do not allow us to carry out the maximum attack on our iron brainchildren.

Signs of a computer infection

Unfortunately, antiviruses are not perfect and there are times when a virus creeps onto a computer, which is what we’ll talk about today.

First of all, we pay attention to the behavior of the computer. The following signals may indicate that your computer is infected with a virus.

1. Programs start without your intervention.
2. The computer produces unexpected beeps.
3. Friends argue when they receive letters from you with viruses.
4. If you yourself often receive mail without a return address.
5. The computer slows down and often freezes.
6. Programs freeze and close randomly.
7. Windows takes a very long time to load or does not load at all.
8. In the Task Manager, on the Processes tab, you see csrcs.exe? This Trojan horse, just don't confuse it with system process one letter difference csrss.
9. The browser loses half of its manual control - it opens pages on its own, is glitchy, and behaves inappropriately.

Treatment methods

If you notice that the computer behaves as described above, then do the following:

First of all, we scan the system installed antivirus. If the virus cannot be detected, we try other antiviruses: Avast, Kaspersky or Nod32.

Video about viruses

How to remove a virus using system restore

If the antivirus was unable to detect or remove the virus, we try to restore the system. Restart the computer and press the F8 key. In the download options window, select Boot to safe mode.

You can run System Restore alternative way. In the window with system boot options, select boot in safe mode with command line support. After loading, enter in the command line and press Enter:

• for Windows 7 or Vista: %systemroot%\system32\rstrui.exe;
• for Windows XP: %systemroot%\system32\restore\rstrui.exe.

After launch, follow all the instructions of the program for successful recovery. If this does not help, it will be easier to reinstall Windows.

How to detect and remove a virus from a computer in video