How to Remove Deep Rooted Viruses on Windows

by: - Last updated on: October 19th, 2012

Computer VirusThere are a lot of viruses that manage to mess the day for thousands of users, even after usual cleaning methods, like resorting to an anti-malware or anti-virus kit. Usually, this specific category of infections integrates root viruses, because they can be found in the root of the operating system and they cannot be cleansed with usual methods. Today, we are going to show you a couple of methods on how to remove deep rooted viruses, alongside a list of products that can do the job.

The best way to know if the computer is infected with a rooted virus is to pay attention to symptoms. Usually, once Windows contacts a virus, misleading things happen, like unknown programs are opened when entering Internet Explorer (and sometimes, other browsers too), various pop-ups begin to appear on the screen without reason and so on.

In most cases, the virus actually pretends to be an anti-virus and forces the user to purchase a full license, by lying that the whole system has been infected and only by paying, you can get rid of infections.

How to get rid of nasty Windows viruses

Paying is not an option, ever – at least when it comes to tactics like the ones described. Although the virus can sometimes restrict internet access and even the desktop itself, here is what can be done:

Repairing the internet connection

  1. Enter the Windows Safe Mode with Networking by restarting the computer and pressing the F8 button until a beeping sound will be heard. Choose the desired choice using the keyboard arrows and press on Enter to select.
  2. When the desktop loads, press the Start/Windows button and navigate to Internet Options, found inside the famous Control Panel.
  3. Now click on the Connections tab and go to LAN Settings.
  4. Under the Proxy Server heading, see if the proxy server option is checked for the LAN connection. If so, click on the Advanced button and if the IP address listed there is the one of the local host ( then you may be infected. Unchecking the proxy box will reactivate your internet connection.

Even more problems

Something else might have been broken, besides the internet connection. Usually, is the .EXE file association, and this has to be fixed with different methods, one for Windows XP, and one for Windows Vista or 7. The full steps can be found here. If all that has been listed above fails, you will be forced to remove the physical hard drive and connect it to a clean computer, and scan the external drive from there.

Tools that can cleanse the computer

There are several programs that can get the job done, but from our experience the best ones have always been:

Choosing one from the list and use it on the infected PC should do the work, but we always recommended that even the scan itself should be done while in Safe Mode. To use one of them, simply download the program on the desktop, install it by leaving all options as default and then run a complete, not brief, scan. For the sake of the explanation, here’s how to do it with the powerful Norton Eraser:

  1. After the program has been downloaded, double-click the NPE.exe file and accept the license agreement terms.
  2. Click the Scan for Risks icon in the main window.
  3. Because this software is so powerful, it requires that the computer is restarted, so please allow it when it asks for it.
  4. When the scan is finished, infections will be listed as Bad, with a Remove box near them. Check this box and click on the bottom-right Fix button (also make sure that the Create System Restore Point is created). The Unknown files should be further checked, by clicking their names.
  5. Click on Done when the removal has been completed. If asked to restart the PC once more, allow it.

Note: Please take in consideration that the above steps are not related to RootKit viruses, which is a severe category of infections. This method will have no effect on them and it will only work with viruses a bit more complicated than the usual breed. We will post a guide for RootKit infections as soon as possible.

Weekly Newsletter

Sign up for a specially curated Tech Newsletter.


Leave a Reply

Your email address will not be published. Required fields are marked *

  1. I am sorry, but this is wrong. Deep root virus? It is rootkit.
    Rootkit doesn’t change the DNS server address, atleast not the common ones. Search for DNSChanger. It was in the news recently. That wasn’t a rootkit.
    You have to use specialized tools to identify these kind of infections.
    NPE is good, but not that great when it comes to rootkit. Try TDSSKiller.

    Please post useful information. This will just create confusion to people who don’t know about this. I don’t know why I liked this page on facebook, but unliking it now.

    1. I am sorry too, but this is NOT about rootkit viruses. Those are of a different kind at all ( ).

      The above written guide speaks of a category of viruses which can be placed between normal viruses (disposable with a quick scand) and infections belonging to the rootkit family (severe infections), and not about the last category. If the title contains the word “root” that doesn’t mean we are referring about “rootkit”.