These steps are easy when you know exactly when your Windows computer has been infected (e.g. inserting a USB stick, visiting a website with malicious software on your browser).
At the time of infection or shortly after infection, perform the following steps:
- Immediately turn off your computer and unplug it from the network / internet (remove the network cable or if you are using wireless, try to turn off the wireless connection / router – if you are not sure, just leave it).
- Reboot Windows and go into safe mode. You only need the basic safe mode without any networking, etc.
- To get into the Windows Safe Mode, as the computer is booting press and hold your “F8 Key” which should bring up the an options menu as shown below. Use your arrow keys to move to “Safe Mode” and press your Enter key. More information on safe mode can found on the Microsoft site by searching “Windows safe mode” along with your version of Windows.
- Use the Microsoft system restore to restore your computer to an early point before the infection began. This restore will revert system changes done by the virus, trojans, and other malware. The restore does not impact the “My Documents” and personal settings, so keep that in mind if you saved infected files to My Documents folders.
- System restore may be found differently depending on your version of Windows. The easy way is to use the built in Windows help (F1) in safe mode and search for system restore to find the program. If on Windows Vista/7, use the search on “restore system”. There are also instructions off the Microsoft site.
- Tried these steps on a Windows XP and Windows 7 computer following computer infections.
- Microsoft knowledge base articles such as http://support.microsoft.com/kb/306084