How to check for viruses

Discussion in 'Windows' started by GreenGrass, Jul 16, 2008.

  1. GreenGrass

    GreenGrass New Member


    Open up Task Manager to get access to you may do this (CTRL + Skrif + ESC) (open command prompt type "taskmgr.exe) (CTRL + ALT + DEL) When you have up your Task Manager go to Processes and check what files so are running on your computer. If you see files with unormal CPU usage or very high resources usage or many files with nearly same name running at the same time. Go to "www.google.com" and type in the name check out what they are.

    You can also go to "msconfig" check out what so is running on your start up. To open msconfig go "START" and "RUN" type "msconfig" If you fine any files so are connected to any Temporaly Internet files like "temp" at your start up you should unceck the mark. Since nothing should be pointed to "temp."

    You should also check out if

    - Command prompt
    - Regedit
    - Task Manager
    - Msconfig
    - System Restore

    If you get up any wierd message like "Its Disabled by Adminstrator" that will normaly indicate that you are infected with some kinda virus.

    When importent Tools are disabled like command prompt and regedit their is way to fix them.

    Why they are disabled is very simple they are very good tools to check out if the computer is infected with viruses many normal users don't know how to open them up again.

    If you see wierd changes with you security tools like Anti-Virus settings is changed to lower security settings This may also indicate that you are infected. Many Viruses today may also lower security changes on the computer. So they should't be so easy to detect. So you should always take a look on the settings on your AV.

    Command Prompt is disabled how to fix it:

    Press "START" and "RUN" type "gpedit.msc" and go to - Adminstrative Template - system "key" is "Prevent access to the Command prompt" you Left click and hit Properties. When you are in Properties you set it to Activated.

    Task Manager is disabled how to fix it:

    Press "START" and "RUN" write "gpedit.msc"
    - Adminstrative templates - system - "Ctrl+Alt+Del Options" and press "Remove Task Manager" Left-click Properties, when you're in there, so you can either disable it or enable it. But press "Enable"

    Press "START" and "RUN" type "REGEDIT.EXE" press ok.
    path: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
    There should be a key named "DisableTaskmgr".
    You can either delete it or you can change the value on it to 1.

    System Restore disabled how to fix it:

    Press "START" and "RUN" type "gpedit.msc" - Adminstrative Template - system - key name should be "Turn off System Restore" Left click and hit properties to Activate it.

    Regedit is disabled how to fix it:

    Press "START" and "RUN" type "gpedit.msc" - Adminstrative Template - system - "key" is "Prevent access to the resgisty edition tool" You left click it, and hit Properties. Now you open the window and you can set it to Activated or Disabled. You set it to Activated.


    You should also check your firewall for open ports. If you have open ports on your computer. This have a very high risk to have open. Hackers may get easy access to them.

    To open "Windows Firewall" go "START" and "RUN" type "firewall.cpl" You can also look at the firewall log file at C:\WINDOWS firewall file is a txt document its named: "pfirewall.log"

    When you have detected the virus you can start to try get it away. You can download software so can do the jobb for you but you can also try to take away the virus by your own. Importent thing is it to take it away so i wont't boot up.

    You should first boot your computer up in safe mode. Their are 2 ways to boot it up in safe mode you may press F8 befor the windows boot up. or you can go to msconfig befor you restart your computer. Press "START" and "RUN" and type "msconfig" go to "BOOT.INI" make a check mark on "/SAFEBOOT" this mean next time you reboot your computer it will go in safe mode to take this away you just take away the check mark when you does't want it to boot up in safe mode.

    When you have Safe mode on go to your Task Manager (CTRL+ALT+DEL) fine the virus Processe.
    Press "End Process" after you have done that you should go to regedit.

    "START" and "RUN" type "regedit" or "regedit.exe"
    you should go to all paths i type below here:

    path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
    path: HKEY_CURRENT_USER\SOFTAWRE\Microsoft\Windows\CurrentVersion\Run
    path: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

    Delete the virus file if you find it. after you go to Command Prompt press "START" and "RUN" type "cmd" type regsvr32 (virus file name) if you find the file exist you must delete it.

    When you get a virus its very importent that you disconenct from the internet some viruses may download software without you knowing anything about it. When you are't on the Internet they can't download stuff.

    You may also to go Command Prompt type "netstat -a" so you list poeple so are trying to connect to you. or is connected to you. Check out the host names.

    Go into your firewall and check what programs so have access to internet if you find programs so you don't want to have internet access block them.

    How to avoid viruses:

    # Remember to patch up your computer and softwares you use.
    # Update your Anti-Virus and Firewall.
    # Never open e-mail from people you do not know.
    # Never download from sources you do not trust.
    # You must always scan files you download from the internet with anti-virus program before you open them.
    # stay away from pages that may contain viruses and other unwanted programs.
  2. There is a virus on my daughter's computer. I am going to try these things when I turned it back on. Right now, when I click on "START", the run command is not there. Is there a way to get to anything without the run command.

    I also tried to start it in SAFE mode, but when I tried, it was asking about the drive. Unfortunately the people who built this particular computer are no longer in business, so I am not sure what I need to do there.

    Any help would be appreciated.
  3. neo_vi

    neo_vi New Member

    Download a good antivirus and make a scan. I prefer Kaspersky..
  4. neo_vi

    neo_vi New Member

    nice article mate.
  5. trinitybrown

    trinitybrown New Member

    Good article as virus attack is very common today and antivirus slow down PC processing speed as well as at the same time they get outdated very soon. The way provided by you is excellent , i will try it and then let you know about the feedback
  6. cutegirl2000

    cutegirl2000 New Member

    AVG antivirus is very Good also , specially the last version , if you search for anything in google search bar , you will find the unsafe websites that the AVG discover it.
    also there is a general removal software to remove all viruses from ur pc with a short time .
    Thanks a lot For your Subject.
  7. regsvr.exe

    regsvr.exe New Member

    Goto start then type notepad. Type command.com on the notepad and save that file name as command.bat. And open the command.bat command promp will be opened enjoy urself

