Help! I've got a virus!

So you think your computer has a virus? Don't panic! Few virus infections ever result in the loss of any data. Most are just an inconvenience and an annoying waste of time. They can also be an embarrassment and an annoyance for others as your computer spreads the virus to other people. But a virus infection is rarely a disaster.

Cleaning your computer can sometimes be easier said than done. Many popular anti-virus programs are good at detecting viruses but poor at removing them. Often, people lose data because they could not remove a virus and ended up reformatting the hard drive and reinstalling Windows. But such drastic measures are rarely necessary. This article will show you how to determine whether your computer is really infected with a virus, and if it is, how to go about cleaning it.

Is it a false alarm?

Many of the virus alerts that computer users receive are false alarms - mistaken identifications by their anti-virus software. This is a particularly common problem with some of the free anti-virus programs, but even the top names have been known to cry wolf unnecessarily.

If you received a virus alert about a file you downloaded or a program you installed which is a bit unexpected then it might be a false alarm. In this case, the first thing to do is get a second opinion. Use an online scanner such as the one below, which uses the Dr.Web scanner, to see if it also finds something wrong with it.

Dr.Web logo

If Dr.Web says the file is OK then you probably have nothing to worry about. You should submit a copy of the file to the developer of your anti-virus software for checking, so they can eliminate the false report in the next update.

Backing up your data

If you are sure that your computer really is infected with a virus, then the obvious next step is to remove it. But before starting the removal process it is a good precaution to back up your data.

This step is optional. However, sometimes a virus infects a system in such a way that removing it may result in Windows not working. Although your files are not destroyed, you would need to fix the problem before you can regain access to your data. You might need to reinstall Windows, and since few PCs come with Windows setup discs these days, you might need to use the manufacturer's restore disc which will return the system to its factory settings.

It can also be a good idea to back up your email, perhaps by using the export facility of your email program. Emails are usually stored in one big database file and if a virus is found in an email attachment, deleting the database might be the only way to remove the virus from your computer.

To safeguard your data, you can either use a backup software to create a backup of the full system, or specified folders. Or you can simply copy your important files and folders to another location, such as a USB memory drive.

In most cases, removing a virus from a computer has no other adverse effects on the system's operation, and the backup files will not be needed. But it is a wise precaution.

Scanning for viruses

Now we can get on with removing the virus. For this we will use a free utility from Dr.Web called CureIt. Download the latest version of CureIt by clicking the button below, and save it directly to your desktop.

The file you downloaded will have a randomly generated name (probably to stop other websites linking directly to the download file) so you will end up with an icon like this on your desktop:

The Dr.Web CureIt executable downloaded to your desktop

Run the program you just downloaded. You will probably see a security warning from Windows similar to the one shown below (which is from Windows XP). As long as the publisher is shown as "Doctor Web Ltd" it is safe to run the program.

Dr.Web CureIt security warning

CureIt has an extremely simple user interface, shown below. There is no need to update the utility. You have just downloaded it so it already contains the latest virus updates. Just click Start.

Dr.Web CureIt main menu

You will see an informational message that asks you to confirm that you want to start the scan. Click OK to begin scanning your computer.

Dr.Web CureIt scanning the system

Dr.Web CureIt is a copy of the Dr.Web anti-virus for Windows on-demand virus scanner with the latest virus updates built in. As such, it has all the features of the standard virus scanner, except that it can only be updated by downloading a complete new version. That is what would happen if you clicked Update from the main menu.

The program initially scans memory for resident viruses, then performs an Express scan which checks those areas of your system that are most likely to contain a virus. When this scan has finished, select Complete scan and then click the start button (which is like a Play button on a DVD player) to start scanning your entire system. You should do this even if viruses were found and removed during the Express scan, because otherwise you can't be sure to have removed all traces of the infection.

Curing files

Curing an infected file

If Dr.Web CureIt finds a file containing a virus then the scanner will stop and ask if you want to cure the file. Curing means disinfecting the file - removing the virus and restoring it to its original state. Answer Yes to attempt this. If you have a badly infected system and a lot of files need curing then it may save time by answering Yes to All.

Files that cannot be cured

Some viruses attach themselves to files in such a way that they can be removed and the file restored to its original state, but many of the newer viruses create files of their own that are pure virus, and they cannot be cured. If a file cannot be cured, Dr.Web CureIt will display a further message to this effect, asking if the file should be moved. You should answer Yes to this question. The file will be moved to a quarantine folder in the location \Documents and Settings\>username<\DoctorWeb\Quarantine. Quarantined files will not be removed until you delete them manually.

If you select No (for No action) for any file that CureIt flagged as being infected, the file will be left in place, as is. This is generally undesirable, and Dr.Web CureIt will warn you that there are still untreated files on your computer when you try to close it. At this point, you can delete those files if you wish.

Preventing further infection

Upon completion of the Complete scan, Dr.Web CureIt should have cured, quarantined or deleted all the virus files, and your computer should be free of infection. Restart the computer and run an Express scan again to make certain of this.

Now that you have a clean computer again, you should consider what steps you should take to prevent a further infection. You should install anti-virus software. If you were already using an anti-virus program, then you should get a better one. has tried and tested many different anti-virus products. Two that we particularly recommend are Kaspersky AntiVirus and Dr.Web anti-virus for Windows.