What to do if malware keeps your anti-virus from launching
Tuesday, January 16, 2024
Sometimes, it is impossible to run anti-virus software on an infected computer due to malware activity. We will tell you how to check whether malware is interfering with your anti-virus’s normal operation and what you should do in this case.How can you figure out that malware is impeding your anti-virus’s work? If your computer is running Windows, first take a look at the system tray to make sure that the Dr.Web icon is displayed there. Red or yellow indicators or seeing no icon in the usual place means that the Dr.Web anti-virus is disabled and your PC is unprotected.
How malware can prevent anti-virus software from running
One of the most common reasons anti-virus software launches get blocked is because the access rights to its directories have been changed. Malware can change the permissions for accessing the anti-virus's folders or files, making it unavailable for installation or operation.
Another method that malware can use to prevent an anti-virus from running is to block applications from running by file name. It can create a list of the file names used by the anti-virus and prevent them from running, using OS policies. This prevents the anti-virus from running and leaves the system unprotected.
In addition, malware can change OS policies and block the launch of processes that have certain signatures, thereby ensuring that it can work uninterrupted without being detected and blocked. In addition, the launch of an anti-virus can be blocked by using rootkits and bootkits—complex and dangerous tools used by cybercriminals to gain unauthorised access and control over an operating system.
Each type of blocking needs its own way of solving the problem. Let's talk about some of them.
Booting with Dr.Web LiveDisk
If you “got lucky" and your PC is infected with the most dangerous malware—a rootkit or a bootkit—follow these instructions.
Write the Dr.Web LiveDisk image to a USB flash drive. Then connect it to the computer you want to boot from LiveDisk.
Next, open the boot menu. This can usually be done by pressing a specific key (e.g., F12 or ESC) at the start of the boot. After that, you will see a list of available boot devices. Select the media on which LiveDisk is located and press Enter to continue the boot process.
There is another way to boot a system using LiveDisk: you need to change the boot order in the BIOS menu. Restart the computer, and as it starts, press the key needed (Del, F2, F10 or Esc) to enter the BIOS settings. In the settings, find the section responsible for the boot order (Boot Order or Boot Priority). Change the boot order so that USB flash drive is at the top of the list. After saving the changes, LiveDisk will boot offline by creating its own runtime environment.
Once the environment is finished booting up, the Dr.Web CureIt! scanner will launch automatically and the “License and upgrades” window will open. To select the scanning mode, click on “Continue”. Now you can take the actions needed to cure and restore the system.
Restoring a system from a backup
If you regularly make backups, and the number of applications that need to be installed and reconfigured is small, restoring from a backup may seem like the best solution.
However, keep in mind that using a back-up copy to restore an OS that already has an anti-virus installed on it can, with a high degree of probability, lead to your computer being turned into a useless chunk of metal. Then it will take more effort to restore its performance than to diagnose why the anti-virus was not started or not updated.
Reinstalling the operating system
Sometimes it seems easier to install a system from scratch than to cure infected files. It is worth bearing in mind that this does not make it possible to completely clean a computer of malware. Reinstalling the system will remove the active infection, but the same file that the user launched to infect the system will not disappear. Which leaves the risk of someone running it again.
Using Dr.Web Fixit!* to eliminate the consequences of infection
When a system is infected, malware can change administrator privileges, security policies, file and folder access rights, registry rules, etc. Dr.Web FixIt! is a powerful tool that can easily remove trojans, clean up policies, and overwrite access rights. It can be used both to eliminate the consequences of infection and for the initial system diagnostics.
Dr.Web FixIt! does not require installation: you work with it via a web interface. It generates a diagnostic utility to detect traces of malware that are present and, based on its report, carries out diagnostics. To eliminate the consequences of infection, a curing utility will be created and a special script will be prepared; the utility will perform the necessary actions on the basis of the script.
The Anti-virus Times recommends
If malware prevents your anti-virus software from running and you don't know how to get your computer back to its operational state, contact a trusted professional or try one of these methods:
- use Dr.Web Fixit! to eliminate the consequences of infection,
- write the Dr.Web LiveDisk image and boot the computer from it,
- restore from a backup or completely reinstall the OS.
* Dr.Web Fixit! is available only to legal entities.
Tell us what you think
To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.