People ask how my laptop has never been affected by any computer virus, even though I do not have any antivirus installed. I always say ‘if you know how thief is going to do his crime, you can stop him from doing it easily‘, same with virus. If you know how virus works and spread you can protect your system without any antivirus. Learn how to detect a virus and delete it without antivirus:
Most of the times these virus spread via external drives like your pen drives or external harddisk.
Always Disable Autorun
Autorun is a function of your operating system which makes your external drive able to do something when it is connected to your system. Virus creates a file on external drive named ‘autorun.inf’ and put instructions in this file to execute itself automatically when the drive is connected. When you connect your external drive, system take instruction from ‘autorun.inf’ on the drive and execute them. So virus gets executed and affect your system.
So disable the “autorun’ function. You can do it from ‘group policy option’ or from ‘registry’. Search ‘how to disable autorun using registry’ on google.
Or if you don’t want to disable it then you can hold shift key on your keyboard while you are connecting your external drive to your system. By holding shift the autorun.inf file on your external drive will not be automatically executed.
Show Hidden & System Files
Go to Control Panel -> Folder Options -> View tab. Uncheck “hide extension of file” option, means you should always know that what is the extension of file that you are accessing. Then check “show hidden files” option and uncheck “hide system files” option. Now a days most of the virus hide itself as hidden and system file, so you better not let them be Mr India on your system.
(This will help you if virus has not affected your system yet. if your system is already affected then maybe this option won’t work, I mean the folder options settings will be reset every time automatically.)
Check Whether Your System Is Infected
If your external drive is affected then probably there is a autorun.inf file looking like hidden and system file. Try to delete it normally. If its get deleted then it will be easy, and if not then go to its properties and uncheck hidden and read only, then open it in notepad and remove everything and save it, or just delete file.
If still not working or error occurred that ‘access denied or read only file’ then
Close file and start CMD (Press ‘Win’+’R’, type ‘cmd’, press enter).
Now go to your drive (suppose its ‘e’ then)
Type e: and press Enter
Now change the attribute of autorun.inf file by typing
attrib -h -s -r “autorun.inf”
(h for hidden, s for system and, r for read only)
Now you can delete it by typing
del “autorun.inf”
Or just open your drive and delete it. it will get deleted (in 99% case).
(u can use dir/ah command to find files)
Now delete all the suspicious file in drive, like ‘looking like a folder but with .exe extention’ or any suspicious file with size 67kb or 128kb or 2kb… any file which you found suspicious can be deleted after you delete autorun.inf file.
If Your System Is Already Affected
Well there is many thing you can do to make it good from worst.
So there are many kind of symptoms, like
- cmd (not able to start)
- task manager (not able to start
- folder option (get reset every time)
- registry (not able to start)
- msconfig (not able to start)
- Now what to do to make those work..
So here are some steps that you can try
- Start system in safe mode. (work in most cases)
- If safe mode isn’t working then try to use safe mode with cmd prompt.
- Create a new user and check in that new user account if cmd can be open or not.
- Always keep some software (like tune up utilities) from which you can check date of any service created. Use one of them and start cmd any how.
Now, after you are able to start them.
- First start task manager(CTRL+SHIFT+ESCAPE) and end all suspicious services.
- Then end explorer.exe also
- From new task start msconfig.
- In msconfig go to service tab and uncheck any suspicious or unwanted service.you can guess by manufacture or by thinking that did you have installed something related to that service or not.
- Go to startup tab. check for service which look unknown or cross check with tune up ( on which date service is created) or any service that you can say its virus.
- Check location of that service from where it is started, you can find location within startup tab under COMMAND.. it will show you the path of the file
- Again open cmd..
- Go to that location..
- Change attribute of the file..( as i shown above)
- DELETE it
- Do it for every file that look like virus to you. Be care full, you will need some experience, because if you delete some important file then it can cause problem in related application.
No comments:
Post a Comment