When malware blocks the installation of an antivirus, it becomes a serious problem for the system’s security. We tell you how to bypass the restriction and get rid of the virus
Reasons for blocking antivirus
Malware uses a variety of methods to block the installation and operation of antivirus applications. The main reasons include:
- Modifying the system hosts file . It determines the routing of requests to websites. Malicious software adds lines to it that redirect requests from antivirus sites to false addresses or completely block their access;
- Disabling Windows system services . Viruses can disable services that are necessary for antivirus software to work. For example, Windows Update or a firewall;
- Removal or blocking of installation files . Some viruses recognize antivirus installers and block their launch/remove distributions;
- Blocking Internet access . To prevent downloading antivirus software and database updates, the virus can disable the Internet connection or redirect requests through malicious DNS servers.
Ways to fix the problem
Let’s look at the main methods for solving the issue of blocking antivirus software.
Editing the hosts file
Follow these steps:
- Find the hosts file . It is located at C:\Windows\System32\drivers\etc\. Any text editor will do for making edits. For example, Notepad;
- Check the contents of the file . Each line must begin with the # sign. Delete those that do not meet this condition;
- Don’t forget to save your changes . Please note that you may need administrator rights to do this;
- Clear the DNS cache . Open Command Prompt as administrator and type ipconfig /flushdns to reset the DNS record cache.
Using Windows Safe Mode
Safe mode starts the operating system with a minimal set of drivers and services, which prevents most malware from running. This allows you to install an antivirus and perform a scan.
To enter Safe Mode, follow these steps:
- Restart your computer . Press F8, Shift + F8 or enter the boot menu via the msconfig command (executed via Win + R);
- Select a boot option . We are interested in “Safe Mode with Networking” for internet access;
- Download and install the antivirus . Go to the official website of the antivirus software and download its installation file. If the distribution still does not start, rename it. Perhaps this will prevent the virus from identifying the file and blocking it;
- Perform a full system scan . After installing the antivirus, perform a deep scan for threats.
Using bootable antivirus media
If malware blocks the OS from starting or does not allow you to install an antivirus even in safe mode, use a boot disk or flash drive with antivirus software.
To do this:
- Download the bootable antivirus image . Popular solutions are ” Kaspersky Rescue Disk “, ” Dr.Web LiveDisk ” or ” ESET SysRescue “. These programs allow you to perform a full system scan before the operating system is loaded;
- Create a bootable media . Download the image from the official website and use programs like Rufus or UNetbootin to write the file to a disk/USB drive;
- Set up booting from external media . Restart your computer, enter BIOS/UEFI (usually via the Del, F2 or Esc key) and set boot priority for USB or CD/DVD;
- Run an antivirus scan . After booting the system from the media, run the scan. Detected threats will be removed and system files will be restored.
This method is especially effective against complex viruses, in particular rootkits and bootkits, which may not be detected after a standard scan.
Treatment with compact antivirus utilities
There are a number of free solutions for fighting viruses. The most popular and requiring no installation are Dr.Web CureIt! or Kaspersky Virus Removal Tool . Another advantage of such programs is that they are often not identified by malware and, accordingly, are not blocked
Procedure:
- Download utilities on another device . If malware blocks access to antivirus company websites, use another computer or smartphone to download;
- Rename the installation files . Before transferring the files to the infected computer, change their names so that the virus cannot recognize the utilities;
- Run the utilities directly . Transfer the files to the infected computer via a flash drive or USB cable, then run the program. Portable utilities usually immediately offer to perform a deep system scan.