How to detect and delete virus without any antivirus

Most of times virus spread via external drives like pen drives or external hard disks compare to online.

Here we see how to detect the virus in your system.

Always Disable Autorun

Autorun is a function of your operating system which makes your external drive able to do something when it is connected to your system. Virus creates a file on external drive named ‘autorun.inf’ and put instructions in this file to execute itself automatically when the drive is connected. When you connect your external drive, system takes instruction from ‘autorun.inf’ on the drive and executes them. So virus gets executed and affects your system.

So disable the “autorun’ function. You can do it from ‘group policy option’ or from ‘registry’.

If you don’t want to disable it then you can hold shift key on your keyboard while you are connecting your external drive to your system. By holding shift the autorun.inf file on your external drive will not be automatically executed.

Show Hidden & System Files

Go to Control Panel -> Folder Options -> View tab. Uncheck ”hide extension of file” option, means you should always know that what is the extension of file that you are accessing. Then check “show hidden files” option and uncheck “hide system files” option

(This will help you if virus has not affected your system yet. if your system is already affected then maybe this option won’t work, I mean the folder options settings will be reset every time automatically.)

Check Whether Your System Is Infected

If your external drive is affected then probably there is a autorun.inf file looking like hidden and system file. Try to delete it normally. If it’s get deleted then it will be easy, and if not then go to its properties and uncheck hidden and read only, then open it in notepad and remove everything and save it, or just delete file.

If still not working or error occurred that ‘access denied or read only file’ then

Close file and start CMD (Press ‘Win’+'R’, type ‘cmd’, press enter).

Now go to your drive (suppose it’s ‘f’ then)

Type f: and press Enter

Now change the attribute of autorun.inf file by typing

attrib -h -s -r “autorun.inf”

(h for hidden, s for system and, r for read only)

Now you can delete it by typing

del “autorun.inf”

Or just open your drive and delete it. It will get deleted (in 99% case).

(You can use dir/ah command to find files)

Now delete all the suspicious file in drive, like ‘looking like a folder but with .exe extention’ or any suspicious file with size 67kb or 128kb or 2kb… any file which you found suspicious can be deleted after you delete autorun.inf file.

If Your System Is Already Affected

Well there is many things you can do to make it good from worst.

So there is much kind of symptoms, like

·         cmd (not able to start)

·         Task Manager (not able to start

·         Folder Option (get reset every time)

·         Registry (not able to start)

·         msconfig (not able to start)

Now what to do to make those works..

So here are some steps that you can try

1. Start system in safe mode. (work in most cases)

2. If safe mode isn’t working then try to use safe mode with cmd prompt.

3. Create a new user and check in that new user account if cmd can be open or not.

4. Always keep some software (like tune up utilities) from which you can check date of any service created. Use one of them and start cmd any how.

Now, after you are able to start them.

·     First start task manager (CTRL+SHIFT+ESCAPE) and end all suspicious services.

·     Then end explorer.exe also

·     From new task start msconfig.

·     In msconfig go to service tab and uncheck any suspicious or unwanted service. You can   guess by manufacture or by thinking that did you have installed something related to       that service or not.

·    Go to startup tab. check for service which look unknown or cross check with tune up ( on which date service is created) or any service that you can say its virus.

·    Check location of that service from where it is started, you can find location within startup tab under COMMAND. it will show you the path of the file

·    Again open cmd.

·    Go to that location.

·    Change attribute of the file.

·    DELETE it

·    Do it for every file that look like virus to you. Be care full, you will need some experience, because if you delete some important file then it can cause problem in related application.

Let’s talk about different problem

Sometimes a problem arise, that you can’t open anything, everything get opened in media player or notepad or office, or something else. Even in safe mode you can’t open any exe file. What will you do then? Don’t worry, mostly this type of virus only attack specific user. You can repair this by creating a new user. But Control panel and user account won’t work in this case.

1. Just go to manage (My computer–> right click–> manage)

2. Now local user and group–> User–> right click in blank space and select create user

3. Put user in administrator group.

4. Now logoff and login to new user.