Viruses, worms and Trojan horses don’t get much attention anymore but they’re still out there. Do you know what to do when your computer becomes infected?

  • If your anti-virus program is up and running (and there’s never any excuse for it not to be), there’s a good chance that the anti-virus program will be able to both detect and repair the damage. If you get an alert from your anti-virus program, take it seriously and act on it immediately.
    • Know what your own anti-virus program alerts look like. If you get that obnoxious pop-up when you’re browsing the Internet that says "your computer may be infected", ignore that. It’s a scam. Clicking the link will install spyware onto your computer.
  • If you are at work, call IT immediately. Do not wait. The sooner they can investigate and clean the computer, the less damage there will be to your computer and to the rest of the network. Do not do anything to the computer until IT tells you to. They may need to try to track down the hacker. Anything you do could muddy the chain of evidence.
  • If you are on your home computer, disconnect it from the Internet immediately. If you are infected, this will minimize the damage by preventing the hacker from sending any more commands to your computer or to stealing any more information from it.
    • If your anti-virus program detects but can not repair the damage, see if there’s an update to the virus definitions file that might fix it.
    • If your anti-virus program still can not remove the infection, you could try manual repairs. There are websites which can walk you through the technical steps of manually cleaning up the dlls, registry settings, etc. You will need to know exactly which virus you have and you need to know exactly what you’re doing or you might do even more damage to the computer. If you are uncertain, take your computer to someone who can repair it professionally.
    • In the worst case, you may need to reinstall your operating system. Look for a "system restore disk" that probably came with the computer. Reinstalling the operating system usually erases all of your other programs and data files. If you haven’t backed up your files lately, it’s incredibly stressful – but better than leaving the hacker in control of your computer.
  • Once you’ve done everything else, it’s a good idea to update your anti-virus definitions (again) and run a full scan against your computer. If you haven’t checked for software patches and updates lately, you need to do that, too.
  • Finally, you should assume that all your passwords were potentially compromised during the infection. This includes passwords for websites that were cached in your browser. Pick strong passwords when you change them.
based in part on CERT Cyber Security Tip ST05-006

Leave a Reply