How To: Remove a worm virus from your computer

Internet worms are the most common type of virus infecting computers today. Internet worms spread across networks using email, Internet chat, peer-to-peer (P2P) file sharing networks and other methods. The names they are given are usually derived from some text within the worm program code, or within the message the worm sends. Examples of Internet worms include: Bagle, Blaster, Mimail, MyDoom, Netsky, Sasser, Sircam, Sober and Sobig. Sometimes a worm may be given different names by different anti-virus companies.

How worms spread

Using the Internet, worms can spread so rapidly that they may often go undetected by anti-virus software because the updates that would enable the software to detect the worm have not yet been developed or downloaded. Because of this, it's advisable to use an anti-virus product that updates frequently (like Kaspersky AntiVirus) which cuts the delay between a virus appearing and the updates arriving to a minimum. Free anti-virus products may only update once or twice a week, leaving your computer vulnerable during the critical period when a new worm is most active.

Even using the best anti-virus, it's a good idea to train the virus detector between your ears to recognize potential worms and avoid being tricked into activating them. But it's easy to be fooled, with the end result that you have a worm on your computer sending copies of itself to every address known to you.

An Internet worm has a number of common characteristics:

Problems removing worms

Unlike most viruses, worms do not usually modify or "infect" existing files on a computer. They are usually self-contained files, often dropped into system folders such as the Windows folder. Therefore, removing a worm from a computer should simply be a matter of identifying and deleting the files it installed, and the registry links that may be pointing to them. However, removal may be made more complicated because:

Virus scanners are good at detecting and removing the files belonging to worms, but they often do not repair or remove the registry changes correctly. Therefore an anti-virus program can sometimes do more harm than the worm, by removing it and leaving the computer unusable, or displaying various error messages when you use it.

Removal tools

The safest and most effective way to disinfect a computer that has been infected by an Internet worm is to use a dedicated removal tool. These tools are provided, free of charge, by several of the anti-virus software developers. Even if you have an anti-virus product on your computer that detects the worm, it may still be safer to remove it using one of these dedicated removal tools.

Avast! Virus Cleaner

The avast! Virus Cleaner provides a very easy way to remove a worm virus from your computer. Download avast! Virus Cleaner and then prepare to clean your computer.

Disable the on-access virus checking of your existing anti-virus (if any), and disable Windows System Restore. Then start Virus Cleaner running. 

Virus Cleaner will first check to see if a worm is running, and terminate the process if necessary. It will then scan the hard disk looking for known worm files. If any are found, any registry entries that point to these files will be removed, and then the files themselves will be deleted. Any temporary but harmless files created by the worm will also be deleted. If any worm files could not be removed because they were in use, the computer will be restarted and then the files will be deleted.

avast! Virus Cleaner is the easiest way to remove common worms from your computer

At the time of writing, avast! Virus Cleaner is able to detect and remove the following worm viruses:

Tip: If the system operation has been adversely affected by an earlier attempt to remove the worm, and you are unable to run any files of type .exe, rename the avast! Virus Cleaner to a .com file and then run it.

Kaspersky Labs Removal Tools

Kaspersky Labs, developers of the highly regarded Kaspersky AntiVirus, also has free virus removal tools for download from its website. Unlike the avast! Virus Cleaner, there is a separate remover for each virus.

At the time of writing, Kaspersky Labs has removers for the following malware, including some backdoors and trojans:

Remember to disable the on-access virus checking of your existing anti-virus (if any), and disable Windows System Restore before running the virus remover.

Kaspersky Anti-virus - for more information, click here