What to do if your computer is infected?

Sometimes even an experienced user will not realize that a computer is infected with a virus or malicious program. This is because they can hide among regular files, or camouflage themselves as standard files. This section contains a detailed discussion of the symptoms of virus infection, how to recover data after a virus attack and how to prevent data from being corrupted by malware.

Symptoms of infection

There are a number of symptoms which indicate that your computer has been infected. If you notice "strange things" happening to your computer, namely:

  • Unexpected messages or images are suddenly displayed.
  • Unusual sounds or music played at random.
  • Your CD-ROM drive mysteriously opens and closes.
  • Programs suddenly start on your computer.
  • You receive notification from your firewall that some applications have attempted to connect to the Internet, although you did not initiate this, then it is very likely that your computer has been infected.

Additionally, there are some typical symptoms which indicate that your computer has been infected via e-mail:

  • Your friends mention that they have received messages from your address which you know you did not send.
  • Your mailbox contains a lot of messages without a sender's e-mail address or message header.

These problems, however, may not be caused by viruses or malicious programs. For example, infected messages that are supposedly coming from your address can actually be sent from a different computer.

There is a range of secondary symptoms which indicate that your computer may be infected:

  • Your computer freezes frequently or encounters errors.
  • Your computer slows down when programs are started.
  • The operating system is unable to load.
  • Files and folders have been deleted or their content has changed.
  • Your hard drive is accessed too often (the light on your main unit flashes rapidly).
  • Microsoft Internet Explorer freezes or functions erratically e.g. you cannot close the application window.

90% of the time the symptoms listed above indicate a hardware or software problem. Although such symptoms are unlikely to be caused by a virus or malicious program, you should use your antivirus software to scan your computer fully.

What you should do if you notice symptoms of infection

If you notice that your computer is functioning erratically

  1. Don't panic! This golden rule may prevent the loss of important data stored in your computer and help you avoid unnecessary stress.
  2. Disconnect your computer from the Internet.
  3. If your computer is connected to a Local Area Network, disconnect it.
  4. If the computer cannot boot from the hard drive (error at startup), try to start the system in Safe Mode or from the Windows boot disk
  5. Before taking any action, back up all critical data to an external drive (a floppy disk, CD, flash memory, etc.).
  6. Install antivirus software if you do not have it installed.
  7. Download the latest updates for your antivirus database. If possible, do not use the infected computer to download updates, but use a friend's computer, or a computer at your office, an Internet cafe, etc. This is important because if you are connected to the Internet, a virus can send important information to third parties or may try to send itself to all email addresses in your address book. You may also be able to obtain updates for your antivirus software on CD-ROM from the software vendors or authorized dealers.
  8. Perform a full system scan.

Or simply, contact us and we will solve your computer system's problems.

If no viruses are found during a scan

If no viruses or malicious programs are found during the scan and the symptoms that alarmed you are classified, you probably have no reason to worry. Check all hardware and software installed in your computer. Download Windows patches using Windows Update. Uninstall all unlicensed software from your computer and clean your hard drives of any junk files.

If viruses or malicious programs are found during a scan

A good antivirus solution will notify you if viruses or malicious programs are found during a scan, and offer several options for dealing with infected objects. In the vast majority of cases, personal computers are infected by worms, Trojan programs, or viruses. In most cases, lost data can be successfully recovered.

  1. A good antivirus solution will provide the option to disinfect for infected objects, quarantine possibly infected objects and delete worms and Trojans. A report will provide the names of the malicious software discovered on your computer.
  2. In some cases, you may need a special utility to recover data that have been corrupted. Visit your antivirus software vendor's site, and search for information about the virus, Trojan or worm which has infected your computer. Download any special utilities if these are available.
  3. If your computer has been infected by viruses that exploit Microsoft Outlook Express vulnerabilities, you can fully clean your computer by disinfecting all infected objects, and then scanning and disinfecting the mail client's databases. This ensures that the malicious programs cannot be reactivated when messages which were infected prior to scanning are re-opened. You should also download and install security patches for Microsoft Outlook Express.
  4. Unfortunately, some viruses cannot be removed from infected objects. Some of these viruses may corrupt information on your computer when infecting, and it may not be possible to restore this information. If a virus cannot be removed from a file, the file should be deleted.

If your computer has suffered a severe virus attack

Some viruses and Trojans can cause severe damage to your computer:

  1. If you cannot boot from your hard drive (error at startup), try to boot from the Windows rescue disk. If the system can not recognize your hard drive, the virus has damaged the disk partition table. In this case, try to recover the partition table using data recovery software. If this does not help, contact us.
  2. If you have a disk management utility installed, some of your logical drives may be unavailable when you boot from the rescue disk. In this case, you should disinfect all accessible drives, reboot from the system hard drive and disinfect the remaining logical drives.
  3. Recover corrupted files and applications using backup copies after you have scanned the drive containing this data.

After you have eradicated the infection

Once you have eradicated the infection, scan all disks and removable storage media that may be infected by the virus. Make sure that you have appropriately configured antivirus software installed on your computer.

Practice safe computing and remember that DataBackNow are here for you!