What to Do If Your Computer Is Infected
Sometimes even an experienced user will not realise that a computer is infected with a virus. This is because viruses can hide among regular files, or camoflage themselves as standard files. This section contains a detailed discussion of the symptoms of virus infection, how to recover data after a virus attack and how to prevent data from being corrupted by malware.
Symptoms of infection
There are a number of symptoms which indicate that your computer has been infected. If you notice "strange things" happening to your computer, namely:
- unexpected messages or images are suddenly displayed
- unusual sounds or music played at random
- your CD-ROM drive mysteriously opens and closes
- programs suddenly start on your computer
- you receive notification from your firewall that some applications have attempted to connect to the Internet, although you did not initiate this, then it is very likely that your computer has been infected by a virus
Additionally, there are some typical symptoms which indicate that your computer has been infected via email:
- your friends mention that they have received messages from your address which you know you did not send
- your mailbox contains a lot of messages without a sender's e-mail address or message header
These problems, however, may not be caused by viruses. For example, infected messages that are supposedly coming from your address can actually be sent from a different computer.
There is a range of secondary symptoms which indicate that your computer may be infected:
- your computer freezes frequently or encounters errors
- your computer slows down when programs are started
- the operating system is unable to load
- files and folders have been deleted or their content has changed
- your hard drive is accessed too often (the light on your main unit flashes rapidly)
- Microsoft Internet Explorer freezes or functions erratically e.g. you cannot close the application window
90% of the time the symptoms listed above indicate a hardware or software problem. Although such symptoms are unlikely to be caused by a virus, you should use your antivirus software to scan your computer fully.
What you should do if you notice symptoms of infection
If you notice that your computer is functioning erratically
- Don't panic! This golden rule may prevent the loss of important data stored in your computer and help you avoid unnecessary stress.
- Disconnect your computer from the Internet.
- If your computer is connected to a Local Area Network, disconnect it.
- If the computer cannot boot from the hard drive (error at startup), try to start the system in Safe Mode or from the Windows boot disk
- Before taking any action, back up all critical data to an external drive (a floppy disk, CD, flash memory, etc.).
- Install antivirus software if you do not have it installed.
- Download the latest updates for your antivirus database. If possible, do not use the infected computer to download updates, but use a friend's computer, or a computer at your office, an Internet cafe, etc. This is important because if you are connected to the Internet, a virus can send important information to third parties or may try to send itself to all email addresses in your address book. You may also be able to obtain updates for your antivirus software on CD-ROM from the software vendors or authorized dealers.
- Perform a full system scan.
If no viruses are found during a scan
If no viruses are found during the scan and the symptoms that alarmed you are classifed, you probably have no reason to worry. Check all hardware and software installed in your computer. Download Windows patches using Windows Update. Deinstall all unlicensed software from your computer and clean your hard drives of any junk files.
If viruses are found during a scan
A good antivirus solution will notify you if viruses are found during a scan, and offer several options for dealing with infected objects.
In the vast majority of cases, personal computers are infected by worms, Trojan programs, or viruses. In most cases, lost data can be successfully recovered.
- A good antivirus solution will provide the option to disinfect for infected objects, quarantine possibly infected objects and delete worms and Trojans. A report will provide the names of the malicious software discovered on your computer.
- In some cases, you may need a special utility to recover data that have been corrupted. Visit your antivirus software vendor's site, and search for information about the virus, Trojan or worm which has infected your computer. Download any special utilities if these are available.
- If your computer has been infected by viruses that exploit Microsoft Outlook Express vulnerabilities, you can fully clean your computer by disinfecting all infected objects, and then scanning and disinfecting the mail client's databases. This ensures that the malicious programs cannot be reactivated when messages which were infected prior to scanning are re-opened. You should also download and install security patches for Microsoft Outlook Express.
- Unfortunately, some viruses cannot be removed from infected objects. Some of these viruses may corrupt information on your computer when infecting, and it may not be possible to restore this information. If a virus cannot be removed from a file, the file should be deleted.
If your computer has suffered a severe virus attack
Some viruses and Trojans can cause severe damage to your computer:
- If you cannot boot from your hard drive (error at startup), try to boot from the Windows rescue disk. If the system can not recognize your hard drive, the virus has damaged the disk partition table. In this case, try to recover the partition table using scandisk, a standard Windows program. If this does not help, contact a computer data recovery service. Your computer vendor should be able to provide contact details for such services.
If you have a disk management utility installed, some of your logical drives may be unavailable when you boot from the rescue disk. In this case, you should disinfect all accessible drives, reboot from the system hard drive and disinfect the remaining logical drives.
- Recover corrupted files and applications using backup copies after you have scanned the drive containing this data.
Diagnosing the problem using standard Windows tools
Although this is not recommended unless you are an experience user, you may wish to:
- check the integrity of the file system on your hard drive (using CHKDSK program) and repair file system errors. If there are a large number of errors, you must backup the most important files to removable storage media before fixing the errors
- scan your computer after booting from the Windows rescue disk
- use other standard Windows tools, for example, the scandisk utility
For more details on using these utilities, refer to the Windows Help topics.
If nothing helps
If the symptoms described above persist even after you have scanned your computer, and checked all installed hardware and software and your hard drive using Windows utilities, you should send a message with a full description of the problem to your antivirus vendor's technical support department.
Some antivirus software developers will analyse infected files submitted by users.
After you have eradicated the infection
Once you have eradicated the infection, scan all disks and removable storage media that may be infected by the virus.
Make sure that you have appropriately configured antivirus software installed on your computer.
Practice safe computing.
All of these measures will help prevent your computer getting infected in the future.