How to Clean Up an Infected Computer
Cleaning up a computer infected with a virus can be frustrating and a little scary.
Getting rid of the virus is not easy. Doing it by yourself can take hours, and there are times when a malware infection requires professional help.
The first step is to avoid getting a virus in the first place, by any means necessary. That’s best done through smart computer usage — don’t click on unknown attachments, and verify links before clicking on them — and to have good antivirus software.
However, even the most savvy computer users can find themselves fooled by a good phishing scheme.
And while antivirus programs do a good job of preventing infections, they cannot defend against malware they don’t know about. Some forms of malware even disable antivirus software as part of an attack.
Brendan Ziolo, vice president of marketing at Kindsight, an identity-theft protection service based in Mountain View, Calif., suggested following these steps to clean an infected computer:
Inspect your system with a free scanner
Many antivirus software vendors have free scanners available on their websites to detect and remove many types of malware. You can either download them or run them via your browser.
“These online scanners have the advantage of not being on your computer when you were infected, so they are not compromised like your existing antivirus software,” Ziolo said. “If the scanner removes the threat, then you are on your way to fixing the program.”
If the first step doesn’t work, use a rescue disk
Sometimes malware can take control of the system and/or hide itself from these tools. If you are unable to remove the malware with the scanner, or can’t access the scanning tools on the Internet, then you’ll need to use a rescue disk.
Rescue disks contain a full operating system and boot the computer from the disk itself. (You may need to change your BIOS settings to enable booting from CDs.)
The disks are available from many of the antivirus companies, and make it possible to repair a damaged system, rescue data or scan the system for virus infections.
Many anti-virus programs allow you to create a rescue disk before you are infected, Ziolo added.
“If you need to use a rescue disk, create one on a CD or USB from an uninfected computer,” Ziolo said. “Once the rescue disk is created, boot up your infected computer using that disk and follow the instructions.”
After the malware is removed and to help prevent future attacks, Ziolo suggested these tips:
Run a browser-based system vulnerability check
Many security companies offer free browser-based services that let you see whether your computer’s applications, plug-ins and operating system are up to date, and whether all security holes have been patched.
Install updated antivirus software
You should also ensure your antivirus software is up-to-date, and then run a complete scan to make sure there are no further threats.
Ask your Internet service provider for network-based security
You should also have a security layer that analyzes your network traffic to provide protection when your antivirus and other security precautions do not. Ask your Internet service provider if it has a network-based security service that provides this additional layer of protection against identity theft and other online threats.
However, there are times when you just can’t solve the problem yourself, said Aryeh Goretsky, a researcher with the Slovak security company ESET.
“These days, malware is insidious, establishes all sorts of footholds within the system and can make many different changes to a system, which may be non-obvious and cause seemingly unrelated and difficult-to-troubleshoot problems,” Goretsky said.
If you’ve tried the above tips and still aren’t satisfied, or there are concerns about what damage may have been done by the infection (including data theft), it may be time to seek external assistance.
You should contact the anti-malware vendor's support department and work with the technical support engineer to examine the system for any residual damage. The technician may be able to determine what the malware did while it was on the system.
“If the computer is used for something important and/or sensitive, the best solution may be to back up the valuable data, format the hard disk drive, and then reload the operating system and applications,” Goretsky said.
Once the operating systems and applications are re-installed, use the Internet to patch them to the latest available versions. Then restore the data from backups.
Sue Marquette Poremba is a contributor to SecurityNewsDaily, a sister site of TechNewsDaily.