Information

This usually takes about 2 hours to complete.

If your computer has shown symptoms of an unknown problem, you could have a virus on your computer. The general classification of viruses include many types of infections such as viruses, worms, and trojans (http://service1.symantec.com/SUPPORT/nav.nsf/aab56492973adccd8825694500552355/024c927836400f528825675100593eb2?OpenDocument). If you believe your computer has a virus of any type, you should install and run an antivirus program, such as Symantec Endpoint Protection. Most antivirus programs will detect and properly handle infected files. Some files can be cleaned of the virus, but most files are usually deleted from the computer. Please see the following Symantec Endpoint Protection Guide (http://www.antivirus.vt.edu/symantecguide.php) for information about installing and using Symantec Endpoint Protection.

Scanning/Removal:

  1. Download and install Symantec Endpoint Protection: http://www.antivirus.vt.edu/download
  2. Clean out all Windows temporary files and reboot in "Safe Mode". Click here (http://www.antivirus.vt.edu/info/cleansafe.php) for instructions.
  3. Disable System Restore on (Windows Me (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239?OpenDocument&src=sec_doc_nam) or Windows XP (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam)).

    Vista User's: Symantec Antivirus currently does not run in Safe Mode. You need to skip the next two steps and either run an online Symantec scan or if you have lost internet access, you would need to get someone to download the free AVG scanner and install it on your computer.

  4. Run Live Update: http://www.antivirus.vt.edu/symantecguide.php#update
  5. Identify virus by scanning with Symantec Endpoint Protection: http://www.antivirus.vt.edu/symantecguide.php#scan
  6. Symantec cannot always automatically remove a virus, if this is the case. You must manually find and follow the virus removal instructions. Look under the "Current Viruses at VT" on the antivirus homepage (http://www.antivirus.vt.edu). Find the virus name and click on its link. If the name of your virus is not on the Virginia Tech antivirus page, go to Symantec's Site (http://www.symantec.com/avcenter/vinfodb.html) where you can look up viruses by name. Some virus removals require you to edit the Windows registry. Click here (http://www.antivirus.vt.edu/info/regedit.php) for instructions on using regedit. Important:Symantec DOES NOT always remove adware and spyware well. Please see the following section on removing Spyware (http://www.antivirus.vt.edu/reactive/spyware.php).

  7. Repeat the previous step until all viruses have been removed.
  8. Reboot your computer into Normal mode. If you used the Safe Boot script in step 3, you will need to use the Normal Boot script.
  9. Once cleaned, remember to secure your computer before connecting it back to the network, using the VTnet (http://www.antivirus.vt.edu/proactive/vtnet2005.php) or the manual instructions at http://lockitdown.cc.vt.edu. Also, (re)enable System Restore on (Windows Me (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239?OpenDocument&src=sec_doc_nam) or Windows XP (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam)).

Important: Removing virus infected files can cause some programs to become non-functional. In these cases, you may need to reinstall applications or format and reinstall (http://www.antivirus.vt.edu/reactive/reinstall.php) your operating system.

  • Many computers are infected with variations of AIM profile viruses that are sometimes difficult to detect with Symantec Endpoint Protection. To clean an infected computer, please see our section on AIM Profile Viruses (http://www.antivirus.vt.edu/proactive/aimprofile.php).
  • Still having problems? See the next section on removing Spyware (http://www.antivirus.vt.edu/reactive/spyware.php).