Computer Virus Removal - Manual Virus Removal

Why are computer viruses harmful? For the same fundamental reason that biological viruses are: they damage components that keep systems healthy. Some are comparatively benign and only create annoying, childish messages or crash the computer system once, then go away. But many are specifically designed to do significant harm by deleting files needed to run word processing programs or perform vital operating system tasks. Some prime the way for additional attacks by opening up access to administrative functions.

Combating them is easy - install antivirus software, maintain it up to date and running in the background and never open email attachments from unfamiliar sources. That being said, the odds are high that one day your computer system will become infected. vital data will be lost and important program and operating system files will be destroyed. When or if that day comes, how do you go about computer virus removal.

Diagnosis Before Cure

The first thing is not to panic as the chances are that you may not even be infected. As in the medical world, diagnosis comes before cure.

If the computer system is still functioning and you have access to the Internet, search for current, known viruses or even find a website that offers an online virus check. Scan your computer system manually and search the file system for virus programs or infected files. Check the memory as well because viruses can hide themselves in there as well.

Try running and testing multiple programs and operating system functions just in case that it is just one component that has failed or become corrupted.

If the system is not working at all, try booting the computer using the installation diskette or CD that may have come with your computer system when it was purchased. Alternatively, if you have made bootable backup disks or CD's yourself, try using that to boot the system.
Scan the system after booting from diskette or CD and look for any virus or infected files.

If it comes down to the fact that your system is infected and you are running Windows select the boot option: Last Known Good Configuration. It seldom helps, but occasionally you can get lucky. However, that chance will be lost if you have re-booted more than twice

If you are running Windows, check for the presence and dates of key operating system files. Although that list is too long to show here, you can search Microsoft's web site for 'Operating System files'. Alternatively, make a list from the Windows directory and the System or System32 sub-directory, of another computer. Provided that both computers are running the same service pack level, the majority if not all dates should match other files.

Check specifically kernel32.exe and lsass.exe. as hackers love to go for those two. If you find one with a different date, treat it as suspect. Replace those files with known good ones, if needed.

Again for Windows users, it may be the Registry that has been corrupted. There are a number of useful tools available to fix it. Just search for Windows Registry repair utilities and choose one suitable for your version.

If the problem is only a program such as word processing software, email client or browser then remove the faulty program and then reinstall it. This is normally a quite straightforward procedure, and most programs will not delete any user created data files without prompting you first.

In the worst case scenario, lost user data that has not been backed up somewhere, can sometimes be recovered by commericial Data Recovery services. They tend to be costly, but your data may well be worth that cost. It may sound like magic, but these type services can often recover at least some data even though you have searched thoroughly and all appears lost.