To effectively protect a company’s workstations, you must always remain vigilant against malware. Your network’s firewall offers a sturdy first line of defense, but if it fails, infiltrating viruses can easily spread and create additional security vulnerabilities—sometimes without detection. These vulnerabilities always pose an unacceptable risk to business data and operations, and you might not know until it’s too late.
While Apple devices are susceptible to malware attacks, Windows devices are targeted more often. While stronger network protections against malware and overall enterprise security are an important topic that we’ve explored previously, this guide offers a few clear and efficient strategies to rid your device of these pernicious invaders once they’ve already been set loose on your PC.
Can antivirus software remove malware?
Antivirus programs alone may not be enough to protect your business. To best protect your Windows device, you must start by understanding the variety of threats posed by malicious software.
Malware is the general term applied to a wide range of specific software that infects and harms data and devices:
- Viruses are a type of malware that infect, delete, and corrupt files.
- Trojans are disguised as legitimate software and often open a backdoor in your device for other malware to exploit.
- Spyware tracks your passwords, credit card numbers, and online behavior.
- Worms are network malware that infect multiple connected devices.
- Ransomware, or scareware, “locks” the computer while demanding payment, and will delete your files if payment isn’t made
- Adware displays unwanted advertisements (pop-ups) and can open your network up to additional vulnerabilities, much like Trojans.
Antivirus programs are primarily designed to prevent these types of malware from infecting a PC in the first place. However, most of these programs can also remove malware after it has gained access to your device, but before it’s been activated. The software accomplishes this by flagging and attempting to contain the threat, and you can then direct the program to remove the infected files and/or applications before the virus does any damage to your operating system.
Tools like SolarWinds® Mail Assure include antivirus protection and can help protect a PC specifically against email-borne threats, a major point of failure for many network security systems.
These tools continually “learn” from new threats as they are identified in other users’ inboxes, and are highly effective when coupled with a comprehensive security program like the SolarWinds Threat Monitor. This solution detects threats to the network itself that may have slipped past your first defenses and uses multiple threat intelligence sources to easily correlate and analyze logs for potential intrusions.
It is, of course, preferable to have well-designed antivirus software in place rather than resort to damage control after the fact. But in some cases, antivirus software won’t block the virus. This might be because it’s a more rudimentary product, or because the user has not recently updated the antivirus software. If the antivirus software doesn’t detect and delete the virus before it’s activated, then you should explore other options for removing the threat from your PC.
As malware has become more sophisticated, it’s become better at hiding inside your PC. As a result, it’s no longer safe to rely on basic antivirus tools to find and eradicate these attackers. When malware is left on your device, it can re-emerge later on and cause further damage. If you have an infected PC, you may need to consider a Windows-compatible malware removal tool. These are specifically designed to find and remove malware that has evaded antivirus blockers, regardless of whether those viruses are active or contained.
If you suspect malware may be lingering on your PC, you can deploy the Windows Malicious Software Removal Tool (MSRT) to remove viruses, worms, and Trojans from the most recent Windows operating systems—including Windows 7, Windows 8 and 8.1, and Windows 10. MSRT is not a replacement for an antivirus tool, but it can detect and remove specific, activated, and malicious software.
Trojans are a form of malware disguised as a benign file and downloaded by a typically unsuspecting user. Much like the Trojan horse of Greek mythology, they deliver dangerous content, typically ransomware or spyware, disguised as harmless, executable files.
Trojan malware is widespread, and it’s easy to download by mistake, as it might hitch a ride on what seems like a legitimate software download. What looks like a free download, a pirated music or movie file, a “required software update,” or a normal email attachment might in fact be a Trojan program. While famous early examples like 2000’s ILOVEYOU Trojan were designed to reach the masses, many Trojans today infiltrate specific organizations, and businesses must stay vigilant against attacks.
Can you remove ransomware?
Once ransomware is holding your system hostage, it’s possible in many cases to remove the threat and even recover all of your data. It’s important to note that each specific type of ransomware presents specific challenges, and not all variants can be successfully removed. The most damaging ones encrypt your data, lowering the chances of file recovery. This only highlights the importance of regularly creating a backup of crucial data.
Scareware is the simplest type of ransomware, and typically appears as an antivirus tool. It claims to have detected threats and requires payment to remove those “threats.” Some of these programs may lock your PC until you’ve paid, while others will relentlessly bombard you with pop-ups. This malware works by playing on your fears and assumptions—a common form of social engineering used by hackers.
Lock-screen ransomware prevents you from using the device at all and displays a threatening message when you try to turn on your computer. That can take the form of a bogus legal threat designed to scare you into paying the “fine.” Whatever you do, don’t submit payment—there’s no guarantee it will work and it only encourages hackers to continue harassing you and other unsuspecting users.
Simple ransomware can be removed fairly easily by booting into Safe Mode and using a basic antivirus tool. That assumes you are able to download the program, which might not be possible with a locked screen.
Another way to access your files in the event of a ransomware attack is the Windows System Restore feature, which should be automatically enabled on your PC. This option won’t erase personal files, but can restore system files to earlier, uninfected versions. To initiate this feature on Windows 8, 8.1, or 10, hold the shift key while pressing the power button, then select Troubleshoot, Advanced Options, and then System Restore. You should then be able to download a recovery tool to completely remove the malware.
If you can’t access Windows, your next option is to run an offline virus scan from a USB drive or bootable CD. You can choose from any number of offline scanners, but if they fail, it may be time for a full reboot of the system, or a complete reinstall of Windows. That’s an absolute last resort, as it’s time consuming and may entail the loss of files.
Once you’ve removed the ransomware, you should investigate whether you can access all of your files. Unfortunately, in some cases the ransomware may encrypt them, leaving you no avenue to recovery. But most users will find that once the malware is removed their files are present, although they may be “hidden” and require some digging to find.