Recently I was approached by a a friend of mine who’s PC had been Hi-Jacked by a Virus.

The program was incredibly complex, pretending to be an official warning from the police that this PC had been used for all number of illegal activities such as hacking, malicious photo distribution and had been locked. The program demanded money in the form of a Credit Card or other payment method before it would unlock and function again.

UNDER NO CIRCUMSTANCES GIVE YOUR CREDIT CARD DETAILS

Programs like this, much like email spam are in no way official.

The immediate action to take is to shutdown the PC ASAP. You cant risk the virus infecting more files or any other PC’s on your network. If possible remove the network cable from the PC and also shutdown the Wifi to prevent the spread.

The next step is to boot the PC from an external source like a USB key or CD containing an antivirus application. A few below are the best I have found:

  1. Kaspersky – https://support.kaspersky.com/viruses/rescuedisk
  2. AVG live CD – http://www.avg.com/gb-en/avg-rescue-cd
  3. BitDefender – http://download.bitdefender.com/rescue_cd/

NB – I prefer to use the Kaspersky Live CD so the instructions below will be specific to Kaspersky, however the principe for the others is the same.

Using ANOTHER PC download the ISO file and save it to a suitable location (Desktop for example).

Using Nero or a free ISO burning tool (such as: http://www.freeisoburner.com/) select the ISO image and insert a blank CD.

When the CD is complete, transfer it to the infected PC and boot your PC.

When the POST screen is displayed (Usually the company Logo) it will quickly present a number of options to boot from, select the CD option and press enter.

After a few seconds you will be presented with a few options loaded from the CD.

Load the GUI Option (1st Option) and the system will continue to boot.

After a few minutes (dependent on your PC’s Speed) a desktop environment (similar to windows desktop) will appear. Once this has loaded it will start to run the antivirus scanning tool. Here you have two options:

  1. Let the scan run using the current antivirus database (recommended)
  2. Stop the scan and use your internet connection to update the antivirus database before starting the scan

Given that the CD image you will have downloaded will be relatively up to date, its fair to say that the virus definitions database on the CD will also be up to date. So for the first pass, let the scan run. This may take several hours depending on how many files are on your PC.

Once the scan is complete it will present you with a list of Virus’s on the PC as well as recommended actions to take. At this point you want to click the DELETE  button.

From here select the option to reboot the PC, the computer will now begin to power down, ending with the CD being ejected and you being asked to press ‘Enter’ to confirm that the CD has been removed.

The PC will now reboot and HOPEFULLY all the virus’s that plagued your PC will have been wiped from existance (on your PC). Final steps are to reconnect your network cable (if you havent done so already) and switch your WiFi back on.

If all has gone well your PC should be all better now.