Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

My computer's infected with a virus, how do I clean it up?

Question:

As a Mom of a couple teens, I get viruses all of the time. This latest one I
cannot find a solution to; here goes – my control panel is GONE! There is a
popup every time I start the ‘puter with the filename of “mustafx2.exe” I can’t
find it anywhere in English. I am using AVG, Ad Aware and Spy-Bot as well as
Windows Defender. I have Windows XP version – never mind; can’t look that up
anymore either….UGH! Nothing has helped. Got any clues?

I have a couple of reactions to this question.

One, of course, will be the steps I’d take to try and recover in this case.
I’ll outline those in a second.

But first, my other reaction, which you may not like Smile.

Become a Patron of Ask Leo! and go ad-free!

“… I get viruses all of the time.”

This is unacceptable.

In my opinion you must change that mindset. Getting a virus, any
virus, should be considered a very serious thing. Your teens, or whomever is
using your computer in such a way as to get infected by these viruses,
must learn to use the computer safely and properly.

There’s simply no substitute for that.

If this is a computer you share with your teens, I’d be doubly concerned. In
fact, in your shoes I’d be barring their access … letting them allow your
machine to become infected with viruses is putting everything on your
computer at risk. You could lose everything stored on your computer.

“The only way to absolutely, positively clean a machine
from a virus is to completely reformat the machine and reinstall the operating
system, updates, applications and data from scratch.”

So why am I so passionate about this?

It’s simple really: consider the possibilities after you’re infected with a
virus:

  1. Your anti-virus program successfully cleans it off.

  2. Your anti-virus program thinks it successfully cleans it off, but
    in fact the virus has hidden itself so well that it remains. You’re still
    infected, and you don’t know it.

  3. Your anti-virus program doesn’t catch it and doesn’t even try to clean it
    off. You’re still infected, and you don’t know it.

  4. Your anti-virus program fails to clean it off and tells you. You’re still
    infected, but at least you know.

Because we trust that #1 will happen all the time, it’s easy to become
complacent. It’s easy to assume that viruses are a fact of (teenage?) life, and
that we can just clean them up after they happen.

That’s just not true. A lot of malware can’t be so simply swept away.

The only way to absolutely, positively clean a machine from a virus
is to completely reformat the machine and reinstall the operating system,
updates, applications and data from scratch.

Re-read that sentence. It’s important and absolutely true.

Most of the time we don’t do that. We assume, we hope, that the anti-malware
software we have running will clean things up for us. But there’s actually no
way to know for sure.

Each time we allow an infection to happen, each time we then use
anti-malware software to clean off an infection, we’re gambling. Most of the
time, we’re ok. But sometimes we’re not. (I do have to mention that finding a
virus on your machine and finding a virus installed on your machine
are two different things. Anti-virus programs will report both, but it’s the
later case that is the problem scenario.)

Rant over.

Let’s look at your situation.

As you can guess by now the only guaranteed way to rid yourself of
this malware is to reformat your machine and reinstall everything. That’s very
painful and something I know that most people would want to avoid, including
me.

So here are steps I would try first:

  • Backup your system.
    Yes, we’re backing up the infected system, but in case subsequent attempts go
    horribly wrong we’ll always then have this backup to revert to as we attempt
    other approaches to recovery.

  • Run the System File
    Checker
    . Many viruses operate by replacing system components – the System
    File Checker will attempt to restore them. Make sure to have your original
    Windows installation CD ready, as SFC will typically ask for it if it finds it
    needs to restore files.

  • Perform a repair install
    of Windows. This works very much like an full install, replacing and updating
    system files and other components, but it attempts to preserve all data and
    installed programs in the process.

If those don’t work … well, by now you know what’s next.

Once your machine is clean, I’m going to strongly recommend you implement a
frequent backup regimen. Daily would be nice, making sure that you save each
day’s information so that if necessary you can revert to a backup from “x days
ago”.

The reason I say this is that as much as we might want to make sure that
your teens never, ever allow your machine to get infected again (and that
should absolutely be the goal), the practical reality is that it ain’t
gonna happen. At least not right away.

With a sequence of daily backups, if you do get infected again you could
simply restore the machine to the most recent backup prior to the infection.
Yep, you’ll lose any changes made after that backup, but my guess is that’ll be
a lot less painful than a full reinstall.

And it might even act as an incentive to avoid infections in the future.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

57 comments on “My computer's infected with a virus, how do I clean it up?”

  1. Hi Leo-
    As the poster of this problem, I want to thank you for your candor. Sure, I’m sad/frustrated that it’s happened and the reversal of the problem is arduous, but I now I have somewhere to start.
    Thanks Again!

    Reply
  2. Hi Leo — Another excellent article and advice. I would not allow anyone, regardless of age, to use my computers if I did not know they were competent and careful. And I would get the “kids” their own computer so that they could learn the hard way the results of carelessness. — Al

    Reply
  3. Great answer Leo!!! And I agree with Al, the easiest way to stop kids from messing up your PC is never allow them to use it. Get them their own PC.

    Then, to reduce Malware by 90%, put their PC somewhere where you, Mom, can watch everything they do on it, like the dining room.

    You do know they are going to Porn, illegal music and illegal video websites because no one is watching them and that’s where most of the malware is coming from.

    Reply
  4. * Choice I
    1. Update your virus definition (symantec,mcafee,avg)
    2. restart your computer and go to safe mode
    3. run virus scan
    3. clean up registry by use “registry clean expert ” software
    4. reboot
    * Choice Two :
    1. Take out your hard disk
    2. connect your hard disk as slave hard disk with other computer that have no virus and make sure the other pc virus scan up to date
    3. scan your hard disk
    4. clean registry entry

    Reply
  5. Mom of teens here, this all sounds so very painfully familiar. I found the worst offender for the kids downloading viruses and such was an Instant Messaging program, in their case it was MSN Messenger. I set it up to run all incoming files through my Norton AntiVirus, but more importantly I taught the kids not to accept ANYTHING from anyone they didn’t know and to check with me first if it was someone they did know. Even files that look legit can be infected and one of their friends was infected and didn’t know it so her machine was sending out files unbeknownst to her. Hope that helps, we usually think of web pages and email as being the culprits (and they can be) but with the way teens rely on IM programs, you might find that’s where your security leak it.

    Reply
  6. Sure, but creating a Local Restricted User account without any administrator Rights should take care of the problem upto 80%. She shoul password protect the system. Or Go for Vista, It has a lot to defend / combat such things,

    Anyways those are my views.

    Ravi.

    Reply
  7. This feature comes with 17 ads by Google. They all imply that they are the best thing since sliced bread. This can’t be true, so could you help people decide between them. Do you have any control over the ads which Google puts on your pages?

    Reply
  8. While I agree that the behavioral problems that led to this compromise need to be addressed, you do not address remedial procedures that may remedy the situation short of a reformat and re-install.

    “mustafx2.exe” is a variant of the Trojan.Virantix.B malware (a blended threat that shuts down most antivirus/spyware programs, modifies system files and registry entries, hides itself with rootkit tools and monitors your browser activity . . . that is, if it is not continually forcing your computer into a restart.

    Symnatec has a writeup here:

    http://www.symantec.com/security_response/writeup.jsp?docid=2007-122607-2738-99&tabid=3

    including advice on how to use the Recovery Console.

    In the event the computer reboots continuously, try issuing the ‘shutdown -a’ (minus the single quotes)command from a command prompt to abort the shutdown and allow you to clean your computer.

    Reply
  9. The minimum age requirement to be president is 35 – there’s a REASON for this. No one under 30 years of age should EVER be allowed to touch a computer!

    Reply
  10. What about using a live operating system CD like…Ubuntu,PCLinuxOS,Mepis,Etc Etc that way anything you pick up will disappear when you reboot.
    Stuff can be saved to another drive like a USB one.

    Reply
  11. I agree will all. Good article.

    As a general tip: Remember, you will again have problems with virusses and malware, and as Leo said, chances are very high you will have to reinstall Windows. This will happen frequently. The savest way is to format the drive.

    To save you the effort of backing important data up such as your photos, music and documents, and to avoid loosing it when it is crunch time, rather partition (split) the harddrive into two. Save all your important stuff on the second drive and keep the first only for the Windows installation and origional programs and games you have. This way, when you have to format the c: drive to reinstall Windows, you will not loose any information as it will remain intact on the second drive. Frequent backups should still be done, but at least this way, you don’t have to do it all that often.

    On a different note, I won’t blame teens for this as they don’t know. As long as you can keep an eye on them, which sites they visit and so. Personally I would (as suggested) get them their own PC, establish a network by using a router. Then, check the history in their browser, from time to time, of the pages they visit. If you don’t approve of the sites they visit, simply block it in the router.

    Good luck.

    Reply
  12. Im curious, what settings do you use on your Firewall?
    Is it even running? Ive found alot of users do not have their Firewall configured properly.

    Reply
  13. IF you have important files and projects on your computer that you have to preserve, then you MUST do the following;

    Get the kids their own computer. Computers are a commodity now, and $300 will get them a starter new computer or a decent used computer.

    Either get them OFF your network (internet connection), or find someone who knows how to protect your computer from the rest of the local network. Share nothing.

    You can get them their own DSL service or their own cable modem. Let them pay the monthly fee for service; no pay, no service.

    Demand the right to check up on their computing activities. Disucss the rules for computing that you expect them to adhere to, and retain the right to cut their online services if they abuse the rules. You will need to get someone to show you how to track their activities as kids quickly learn how to clear histories and caches.

    With these protocols in place, only THEIR computers and data are at risk, and if they continue their unsafe computing habits, they will suffer the consequences, not you.

    If, on the other hand, you do not take measures to protect your computer, it’s only a matter of time (months, not years) before everyting goes kaput!

    Backup. There is a good chance that one day, your backup will be the only thing left of your computing world. Your current unsafe computing situation just guarantees that this will happen much sooner.

    Reply
  14. —–BEGIN PGP SIGNED MESSAGE—–
    Hash: SHA1

    Natalie Kehr: no, I actually don’t control which specific
    products appear in the Google Ads on my site. More info
    on ads and more here: http://ask-leo.com/terms.html

    Thanks,

    Leo

    —–BEGIN PGP SIGNATURE—–
    Version: GnuPG v1.4.7 (MingW32)

    iD8DBQFHjSqzCMEe9B/8oqERAjTOAJ9+p46oMHwjdmlTKyZlTEuZCWQfwgCfQhM7
    Ac8HwDVoG4FNEpMAMgJN4Vw=
    =Coob
    —–END PGP SIGNATURE—–

    Reply
  15. er….i just wanted to ask you whether is it possible for a cable modem to be infected with virus…thx!

    In theory I suppose so, but I’ve never heard of it happening. I wouldn’t waste any time considering it or worrying about it.

    – Leo
    02-Oct-2008
    Reply
  16. I’ve read through all of this and am still in the dark. I downloaded (& pd 4)the Spyware Doctor with anti virus, even though I already have AVG on my machine. I can’t see that it is doing anything. I guess I’m a real dummy and shouldn’t be allowed to have one of these thing. I have something going on. I was told I have a ‘corrupted file’- which I would assume is because of a virus. So, what now? And what is this about the article at the top of this page? Do you mean that there is no guarantee that the virus will be gone – that the best thing is to avoid it in the first place??? I’d really like to know what I have done to get a virus. I do not download a bunch of stuff – SELDOM open an attachment, use this for my business only. Sorry, just had to get that out, and you probably won’t print it or read it since I don’t know what article at the top you refer to. Thanks anyway. I’ll just keep on trying.

    Reply
  17. I too have a virus and can’t even keep my computer on for one minute without it freezing up. I’m so sick of PC’s!!! I’m buying a Mac and then I won’t have to worry about these stupid viruses. :)

    Reply
  18. HOw do you reformat a computer. Mine is a Dell..and I cannot get on the internet at all because I have a virus. Can you help me? Thanks

    Reply
  19. i need to reformat my computer how do i do this i cannot download anything and i have a constant pop up that i have 45 infections by security tool this not a virus protection that i have put on my computer

    Reply
  20. i have a lot of trojan activity on my computer as well as a LOT of other viruses what should i do i tried defragging and to b honest i dont really have d money to spend on an anti virus software

    Reply
  21. I have an issue on the laptop i went to log on today and now every time i click on somthing it says can not run blahbla.ext or comthing and then it askes if i want to run antivirus and i click yes then it says the same thing what do i do

    Reply
  22. If i have a virus and trojans and i buy a virus protection cd would it get rid of the viruse and trojans? please help. FAST!!!!!!

    Reply
  23. I found out that i have been without anti virus protection since june of 2009, i had AVG anti-virus and it tells me that i have 58 different viruses that it had detected but could do nothing about, the comp appears to be in working order except I HAVE NO INTERNET please help

    Reply
  24. I have run my antivirus and it that im not infected and my computer hes never let me run a full backup disk! What should i do to get rid of the the infected areas?

    Reply
  25. First I used to search for the related solution for viruses, worms, and Trojans for hour and after that also it is not guarantee that I will get the perfect solution but now I have a site which provides the complete information related to the problem of networking and security.
    http://forums.techarena.in/networking-security/
    I will suggest you to visit this site one for getting the perfect solution for all your networking or virus problems.

    Reply
  26. my computer affected by virus.when i open my computer there is a message coming.”there is no disk in the drive.please insert a disk into drive”then there is three buttons ie,cancel,tryagain,continue.i press both this is not closing.i make to restart the computer.i try to open task manager.ii can not open.please give me a reply what i do.

    Reply
  27. my computer had been affected by khatra virus, i used protector plus to remove it.after this i an not able to open taskmanager,realplayer and certain websites and my comp is too slow,what is the problem??im using intel hp atom

    Reply
  28. Hi! I just wanted to ask if you know anything about the virus: “XP antispyware 2010”, please? It installed itself on my computer yesterday and I think I have got rid of it as it doesn’t pop up any more trying to get me to subscribe to their company, but although I am using the internet normally again, it is still quite slow, although that could be the Superantispyware I installed..? Anyway please could you tell me if you know whether the virus can get into my personal information ie. my paypal account and should I avoid using it and putting in my password till I know for a fact that it’s gone? Thank you very much for your help, Clara

    Once your machine is known to be infected you should never do anything potentially sensitive with it. Two recommendations: malwarebytes.org and then also How do I remove a virus?.

    Leo
    08-Mar-2010

    Reply
  29. my computer keeps saying its not responding, like in internet explorer and when im under a program… whats wrong with it?

    Reply
  30. My computer is infected with a virus I believe. My buttom right screen keeps popping up with a windows security alert saying “application cannot be executed. The file wuauclt.exe is infected”? I dont have a Windows installation cd. How can I repair this?

    Reply
  31. I have affected with a virus named as “RJN Burner” and cannot be removed from my computer.
    pls resolve this or tell me how to remove it safely or which anti virus or virus remooval tools can remove it ??
    Thanks

    Reply
  32. I successfully removed the “RJN Burner” from my computer. This virus affects the file “C:WINDOWSsystem32wscript.exe”. Following are the steps I followed to remove it.

    1)Boot windows in safe mode.
    2)Replace the file C:WINDOWSsystem32wscript.exe by copying from a system which is not affected by “RJN Burner”.
    3)Open windows registry (“Start Menu”->”Run”-> Type regedit), search for “RJN_Burner.vbs” and delete all entries found.

    Reply
  33. i have a virus on my computer everytime i go to sign into my email address the msn symbols is replaced with ip and when iam signed in its this symbole it looks like the number 2 and i get redirected all the time and on top of all that somtimes i go on sites and cant see the pics its as if its blocked can you help me out

    Reply
  34. my computer says theres many infections and at risk ov identity theft and tells me to buy protection from them so do i need to do this and i have no idea how to clean everthing off plz help.

    Reply
  35. Hello guys, Today im doing a little tutorial how to destroy a Virus on your computer i will some options if you want to choose, You could Put all the Information or important things on a Hard drive/USB stick,
    then make a NEW Account on the computer. 2 opinion you could also just buy a new Hard drive (BUT DO NOT BUY A NEW COMPUTER JUST A HARD DRIVE)

    Thanks i hope it worked :)

    Reply
  36. A VERY IMPORTANT POINT for all Anti-Viral and similar programs is that YOU must ENSURE that it/they is/are KEPT UP-TO-DATE!!

    Although most can be set to Auto-Update – have YOU made sure this is the DEFAULT SETTING?

    Compare with the “Flu Vaccine”, it has to be updated every year to handle the latest variety, eg Swine, HN5 etc.

    AV programs need effectively DAILY (even Hourly) Updating, hence the Auto-Update.

    Also, as well as doing Backups as many have mentioned, do YOU occasionally set your AV program to do a FULL SCAN of ALL YOUR Disks?

    In recent years, Viruses tend to be spread via USB Flash Cards and similar, particularly if YOUR PC is in the Default AUTO-PLAY setting.

    There are various programs which in effect switch OFF Auto-Play, further protecting YOUR PC; and allowing YOU to SWEEP that Temporary USB device for Viruses etc, before making Full Connection.

    If YOU offer USB Devices to friends etc, say with family photos, music etc, YOU should run your Updated AV program on it, before unplugging and handing the device to the other person – WHILST WARNING THAT PERSON to run his/her AV Program on it immediately after plugging it in.

    YOU can’t be too PROTECTIVE, if you want to keep your PC CLEAN.

    This is all part of the HOUSEKEEPING or Computer Management that I have mentioned earlier.

    Just like Domestic Housekeeping, it has to be done conscientiously, regularly/frequently.

    Reply
  37. Computers startup in stages to get to the Operating System (OS) and then running an AntiVirus scan on a ‘running’ OS usually wont work. Try a System Rescue Disk – load CD, SHUTDOWN computer, restart computer while holding down the CTRL key, will load in one of the first stages, RAM, before the OS starts up and now doing an AntiVirus scan here will most times, remove all of a virus. Then just reboot.

    Reply
  38. Instead of formatting the entire HDD, I would recommend an Antivirus Rescue CD at boot time, like bitdefender/avg/kav/f-secure rescue CD. However, should you reformat the entire HDD and reinstall everything, then use Shadowprotect Recovery Env. to save the image on DVDs or an external HDD. So you can have the system back in about 15 min.

    Reply
  39. I received an email from my sister and opened it and in the email was a hyperlink which I opened. it was something she did not send me, and from this point on something is causing some sort of chain reaction and sending the same email i recieved from my sister to all the contacts I have in my address book, not cool. Now all my contacts have the same problem I have, this is spreading like crazy, what do I do? on a daily bases I receive emails with my friends email address stating their email has fatal errors, whats up with that?

    Yep, you fell for a very common form of malware and your account is now likely to have been hacked. I’ll point you here: Someone’s sending email that looks like it’s from me to my contacts, what can I do?

    Leo
    18-Mar-2011
    Reply
  40. Hi i formatted a friends computer last night just started it not quit done all the way yet if i bring hers home with me & hook it up with my modem that i use with a ethernet cord will my computer be fine???? i don’t want the virus or whatever it is on my stuff HELP?????

    Reply
  41. I can not get in my computer. Warnings pop up saying my computer is infected. It will not let me use my security scan or get on the internet. A security screen pops up I do not recognize telling I must sign up for some thing to protect my computer. how can I get in and then what do I do

    Reply
  42. yesterday i gave my flash to my friend and when i receive the flash it was full of virus and i dont have antivirus on my computer why iam trying to put some thing on my flash its not coming on my computer and when i put it on another computer that have antivirus everyhting is working well but first scan the flash with kaspersky and my computer is very slow what should i do i dont know help mee!!!

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.