I do some informal virus removal type stuff once in a while on various forums and I often come across a topic where the first thing I see is “Reboot into safe mode, run your antivirus.” Obviously this isn’t from one of those cool forums where those guys know how to use all those crazy tools and whatnot, it’s just some guy trying to help and that’s cool but he is very wrong.
Rebooting isn’t a good idea when you’ve just been infected. It’s one of the worst. Thing about how every time you install Windows Updates you need to restart and any time you install a new driver you have to restart. Basically, every time software wants to get deep into the machine you end up restarting.
So does it really make sense to restart?
The fact is, if you haven’t restarted your machine it’s probably going to be fairly simple to remove the malware. 95% of malware executes from your /user/appdata/ folder. I’ve cleaned so many machines just by navigating to that folder, finding what’s out of place, and deleting it. It’s not gonna work every time but if the machine hasn’t been reset and it’s 64bit Windows Vista/7 your chances are very very good.
Registry settings also need a reboot to stick. So before you restart you can (or someone who knows what they’re doing if you don’t) go to your */run and remove potentially malicious stuff. There are also Firewall and AV settings in the registry that a virus might mess with.
The first step should never be to reboot. In my opinion the first step is to flip the switch on your internet (prevents information being sent/ payloads received) and start deleting what you can. If you have another computer go download an AV to a USB stick and bring it over and run it.