I have a virus on my computer that’s blasting out spam emails. This has been
going on for the past two months and I’ve tried every kind of tool out there
and have not been able to get rid of it. I have spoken with Microsoft senior
tech’s at length trying to get the infection off the computer. After lengthy
discussions they recommended I re-install Windows. With over a quarter of a
million files and folders on the computer I was reluctant but I did it.
The problem is still there. The computer is back down to a crawl even after
this a clean install.
What can I do?
Reinstalling the operating system is the safest and frequently the only
course of action after a serious malware infestation.
But as you’ve seen here, what if the malware comes back right away?
Become a Patron of Ask Leo! and go ad-free!
There’s one school of thought that once your machine has become infected,
the only solution is to reformat and reinstall. The problem is that
you may know you’re infected, but there’s no way to guarantee that the
infection has been completely removed. The only guaranteed way to erase the
virus is to erase everything – i.e. reformat your hard disk – and then
However, reinstalling is painful, so naturally we try to avoid it whenever
possible. Certainly for certain types of well known viruses we do, pretty much,
know what they do and what needs to be removed. There’s no blanket guarantee
that we get it right, but the risks are often fairly small.
Sometimes, though, a reformat really is the only answer. And it can take a
lot of work and time. And even then there are risks.
Here are some of the things I can think of that could result in the symptoms
The problem here is that there is a large class of viruses that propagate
simply and quickly if you connect to the internet without protection. With your
firewall down, and particularly with an older unpatched version of
Windows, I recall hearing that you can be infected within just a couple of
minutes of being connected to the net.
“… any backup taken after an infection occurs is
You didn’t patch Windows immediately. After getting
connected to the network the very first thing you should do is visit Windows
Update and take all the updates offered.
The problem here is that even with the firewall up, or a NAT router in
place, there are vulnerabilities that may be exploited should you start to try
and use your computer normally. Get it up-to-date first.
Your anti-virus software is out of date. This applies to
your anti-spyware software as well. It’s not enough to get it and run it if you
don’t keep the database of known malware up to date. Most anti-malware programs
have an option to automatically update those databases, and it’s critical that
you do so. I prefer doing so daily; that’s how quickly new viruses and
Similarly, if your anti-malware program is in the form of a subscription,
and you let that subscription lapse, then you’re likely not getting the latest
updates to that database. Re-subscribe, or switch to one of the free
With an out-of-date database, you could easily think you’re protected when
you’re not. Your machine could quickly get infected with a virus that appeared
after the last time you updated your malware database.
You backed up and then restored the malware. This is an
easy one to overlook. The scenario works like this: you have an infected
machine; you know you’re going to reformat, so you back everything up including
programs and data; you reformat and you reinstall everything; unbeknownst to
you, the malware was in a program that you restored and ran – and it reinfected
Unfortunately the hard cold truth is this: any backup taken after an
infection occurs is suspect.
It’s not perfect, but at a minimum you must virus scan the backup before
restoring it. Quite often that means copying the contents of the backup to
a location where is does not run, but can be scanned by your anti-virus
software. External or additional hard drives are perfect for this kind of
A safer solution is never restore software from suspect backups.
Always reinstall software from their original CDs, DVDs or re-download them.
Then restore only your data from your backup. (After virus scanning
It was your behavior that caused the problem, and your behavior
hasn’t changed. Particularly in the case of spam-sending viruses or
“bots”, if you regularly open attachments from people you don’t know, or fall
for phishing and other scams, there’s nothing about a reformat that’s going to
fix that. The first time you run that unknown attachment, your machine isn’t
yours any more – it’s infected.
You cannot count on automated solutions to protect you from yourself. All
those are meaningless if you invite the intruder back into your newly cleaned
Is that all a pain in the ass?
Absolutely, it is. That’s why prevention is so much easier than the
cure. The cure is a pain in the … well, you know.
The good news in all this is that prevention isn’t that hard. Take
a couple of tools (anti-malware and firewalls), mix in a little bit of common
sense, add a dash of healthy skepticism and you’ve got a recipe for safety. It
really is that simple.