Make sure the virus has been removed successfully
The first thing to do is to make sure that the virus has been successfully removed from the PC. It is possible that the antivirus has detected it, but has not taken action on its own, waiting for us to do it. This is much more common than we imagine, and it can be a problem since, while we think it has been removed, it is actually still on the PC.
To make sure, what we must do is enter the threat history section of our antivirus (Windows Defenderfor example), and make sure that threats are properly blocked and removed.
Check that there is no malicious process running
Even if we delete the virus executable, it may already have been loaded into memory. Therefore, even if we delete the file, our PC will be in danger. And not only that, but it can even be replicated so that when we turn on the computer, it reloads.
To find out, we can use a program called Process Explorer. This program, from Microsoft, allows us to see a list of each and every one of the processes that are running. And not only that, but we can also check, with VirusTotal, those that are dangerous.
Check everything that opens at Windows startup
The virus may have configured some process to regenerate itself on every reboot. This is very common in all types of malware, as it is very easy to do. Therefore, what we have to do is check the Windows startup configuration.
We can do this from the Windows Configuration menu, or from the operating system task manager (Control + Shift + Esc), although we recommend you resort to more advanced programs, such as Autorun Organizer, which will allow us to analyze all and each of the scripts and processes that run at Windows startup.
Check the browser well
Finally, after checking all of the above, we only have one thing left to do: check our browser. Malicious programs also tend to hide in the browser to continue controlling the victims, and this is where it is more difficult to detect.
To make sure, what we must do is follow the following steps:
- Check that the home page is real Google, not an imitation.
- See the installed extensions, and remove all those that seem suspicious.
- Check that there are no search engines, or unwanted home pages.
- Completely reset the browser, deleting the profile and recreating it.
We must also keep a close eye on our online accounts, and if we believe that someone is logging into any of them, change the password as soon as possible.