To effectively protect a company’s workstations, you must always remain vigilant against malware. Your network’s firewall offers a sturdy first line of defense, but if it fails, infiltrating viruses can easily spread and create additional security vulnerabilities—sometimes without detection. These vulnerabilities always pose an unacceptable risk to business data and operations, and you might not know until it’s too late.
While Apple devices are susceptible to malware attacks, Windows devices are targeted more often. While stronger network protections against malware and overall enterprise security are an important topic that we’ve explored previously, this guide offers a few clear and efficient strategies to rid your device of these pernicious invaders once they’ve already been set loose on your PC.
Antivirus programs alone may not be enough to protect your business. To best protect your Windows device, you must start by understanding the variety of threats posed by malicious software.
Malware is the general term applied to a wide range of specific software that infects and harms data and devices:
Antivirus programs are primarily designed to prevent these types of malware from infecting a PC in the first place. However, most of these programs can also remove malware after it has gained access to your device, but before it’s been activated. The software accomplishes this by flagging and attempting to contain the threat, and you can then direct the program to remove the infected files and/or applications before the virus does any damage to your operating system.
Tools like SolarWinds® Mail Assure include antivirus protection and can help protect a PC specifically against email-borne threats, a major point of failure for many network security systems.
These tools continually “learn” from new threats as they are identified in other users’ inboxes, and are highly effective when coupled with a comprehensive security program like the SolarWinds Threat Monitor. This solution detects threats to the network itself that may have slipped past your first defenses and uses multiple threat intelligence sources to easily correlate and analyze logs for potential intrusions.
It is, of course, preferable to have well-designed antivirus software in place rather than resort to damage control after the fact. But in some cases, antivirus software won’t block the virus. This might be because it’s a more rudimentary product, or because the user has not recently updated the antivirus software. If the antivirus software doesn’t detect and delete the virus before it’s activated, then you should explore other options for removing the threat from your PC.
As malware has become more sophisticated, it’s become better at hiding inside your PC. As a result, it’s no longer safe to rely on basic antivirus tools to find and eradicate these attackers. When malware is left on your device, it can re-emerge later on and cause further damage. If you have an infected PC, you may need to consider a Windows-compatible malware removal tool. These are specifically designed to find and remove malware that has evaded antivirus blockers, regardless of whether those viruses are active or contained.
If you suspect malware may be lingering on your PC, you can deploy the Windows Malicious Software Removal Tool (MSRT) to remove viruses, worms, and Trojans from the most recent Windows operating systems—including Windows 7, Windows 8 and 8.1, and Windows 10. MSRT is not a replacement for an antivirus tool, but it can detect and remove specific, activated, and malicious software.
Trojans are a form of malware disguised as a benign file and downloaded by a typically unsuspecting user. Much like the Trojan horse of Greek mythology, they deliver dangerous content, typically ransomware or spyware, disguised as harmless, executable files.
Trojan malware is widespread, and it’s easy to download by mistake, as it might hitch a ride on what seems like a legitimate software download. What looks like a free download, a pirated music or movie file, a “required software update,” or a normal email attachment might in fact be a Trojan program. While famous early examples like 2000’s ILOVEYOU Trojan were designed to reach the masses, many Trojans today infiltrate specific organizations, and businesses must stay vigilant against attacks.
Once ransomware is holding your system hostage, it’s possible in many cases to remove the threat and even recover all of your data. It’s important to note that each specific type of ransomware presents specific challenges, and not all variants can be successfully removed. The most damaging ones encrypt your data, lowering the chances of file recovery. This only highlights the importance of regularly creating a backup of crucial data.
Scareware is the simplest type of ransomware, and typically appears as an antivirus tool. It claims to have detected threats and requires payment to remove those “threats.” Some of these programs may lock your PC until you’ve paid, while others will relentlessly bombard you with pop-ups. This malware works by playing on your fears and assumptions—a common form of social engineering used by hackers.
Lock-screen ransomware prevents you from using the device at all and displays a threatening message when you try to turn on your computer. That can take the form of a bogus legal threat designed to scare you into paying the “fine.” Whatever you do, don’t submit payment—there’s no guarantee it will work and it only encourages hackers to continue harassing you and other unsuspecting users.
Simple ransomware can be removed fairly easily by booting into Safe Mode and using a basic antivirus tool. That assumes you are able to download the program, which might not be possible with a locked screen.
Another way to access your files in the event of a ransomware attack is the Windows System Restore feature, which should be automatically enabled on your PC. This option won’t erase personal files, but can restore system files to earlier, uninfected versions. To initiate this feature on Windows 8, 8.1, or 10, hold the shift key while pressing the power button, then select Troubleshoot, Advanced Options, and then System Restore. You should then be able to download a recovery tool to completely remove the malware.
If you can’t access Windows, your next option is to run an offline virus scan from a USB drive or bootable CD. You can choose from any number of offline scanners, but if they fail, it may be time for a full reboot of the system, or a complete reinstall of Windows. That’s an absolute last resort, as it’s time consuming and may entail the loss of files.
Once you’ve removed the ransomware, you should investigate whether you can access all of your files. Unfortunately, in some cases the ransomware may encrypt them, leaving you no avenue to recovery. But most users will find that once the malware is removed their files are present, although they may be “hidden” and require some digging to find.
In some cases, conducting several full-system scans with antivirus software or even malware removal tools might fail to identify and isolate a threat you know exists. In such cases, you may wonder if it’s possible to just find and remove the virus manually. In fact, it is! However, it usually takes some time and introduces additional risks.
And it’s not as simple as removing an icon from your desktop, of course—the virus will still exist behind the scenes. Manual removal is more intensive and requires more familiarity with Windows operating systems. Make sure you have a backup of your data before you proceed.
To start, you should identify the type of malware, the name, and the directory location. Sometimes security messages will pop up that include some of this information, and if they do, be sure to record those details. Otherwise, identifying the virus will take some digging.
Once you find a suspicious item, you’ll want to perform some online research on the name. It’s important to identify the specific malware (as well as its version or “flavor”), and you will likely need to complete a number of specific steps to fully eradicate the threat.
To search for the virus, it’s best to start the computer in Safe Mode. Then launch the Windows Task Manager, which will appear if you press Control + Alt + Delete. In the Processes tab, search for anything that seems unfamiliar. You can also use the System Configuration utility to look at the programs that automatically run at startup, which will often include viruses if they’re present.
Digging through your hard drive utility may also uncover the virus, but be sure to display hidden objects. In Windows, you can do this by clicking Start, Control Panel, and File Explorer Options. In the View tab, select the option to show hidden files and folders. Clear the hide options for file extensions and protected system files, then click Apply and OK.
You can then look for the infected file, which takes some time if you don’t have much information at your disposal. When you find the file you can delete it, although be aware that this may or may not fully remove the malware, depending on the type. Also be warned: You’ll want to ensure this is the correct file, as deleting an important operating system file can cause serious malfunctions.
Once you have identified and deleted the virus, you can then restart the computer and run further system scans to ensure that your PC is clean.
In many cases, it’s possible to remove malware from a PC with minimal damage to your files. But even if you remove the threat, it’s possible that sensitive business or personal information has already been leaked. In addition, your company may experience lost productivity while trying to solve the problem.
Your best bet is to create a plan that protects your business from the get-go. That means regular data backups, a more effective firewall, and industry-leading, updated antivirus software for all of your devices. These preventative measures will help your organization avoid the hassle of malware removal and reactive damage control that is all too common and costly for enterprises today.