Is It a Virus?

Monday, October 13, 2008
Posted by eLsYu

Disconnect and isolate. If you suspect one of your computers has suffered a virus attack, immediately quarantine the computer by physically disconnecting it, as infected machines pose a danger to all other computers connected to the network. If you suspect other computers may be infected, even if they aren't displaying any symptoms, still treat them like they are. It's counter-productive to clean one machine while an infected computer is still connected to the network.

Focus on the cleanup. Once you've physically disconnected the computer, focus on removing the malicious code. Use virus removal tools written for the specific virus causing the damage. Many of these tools can be found online. In addition, your antivirus software should have updates or patches available for the specific security threat. If your antivirus software hasn't been updated recently, be sure to do so.

Reinstall your operating system. After a virus attack, damages may range from changed file names and obliterated files to permanently disabled software applications. The extent of the damage depends on the particular virus. If your operating system is completely destroyed, you'll need to reinstall your operating system by using the quick restore CD that came with your computer. This will restore your computer to its original configuration, meaning you'll lose any applications you may have installed or data files you may have saved. So before you begin the reinstallation process, make sure you have all the necessary information handy, including the original software, licenses, registration and serial numbers.

Restore your data. This assumes you've been diligent about backing up your files. If you haven't been doing a regular backup of all the data and files on your computer's hard drive, your files will most likely be permanently lost. If this is the case, learn from your mistake and make sure to back up on a regular, ongoing basis. And keep in mind, not all viruses target data files. Some only attack applications.

Scan for viruses. After restoring and reinstalling, perform a thorough virus scan of your network. Use the most recent virus definitions available for your antivirus software. Be careful not to overlook anything; scan all files and documents on all computers and servers on your network.

Prevent future attacks. Run antivirus software and keep virus definitions current. Make sure your security patches are up-to-date. And if you haven't been running antivirus software, start doing so immediately to prevent future attacks. Also, if you lost data files in the recent attack, create and enforce a regular backup schedule. Change all of your passwords, including ISP access passwords, FTP, email and Web site passwords. Some viruses can capture or crack passwords, leading to future vulnerabilities. By changing your passwords, you'll be able to boost your security.

Above all, learn from your mistakes. If a virus penetrated your defenses, consider changing or enhancing your current security practices. Ask yourself why your previous security measures weren't effective. Did you need a firewall? Were you lax about updating virus definitions and security patches? Did you download files without scanning them first? Now is an ideal time to comb through, edit and reinforce your IT security policy, as you'll need to shore up the holes in your security practices. After all, prevention is always the best security policy.