The process of cleaning up a computer infected with a virus or other malware can be frustrating and more than a little scary. Getting rid of the malware is not easy. Doing it by yourself can take hours, and there are times when a malware infection requires professional help.
The first step is to avoid getting infected in the first place, by any means necessary. That's best done through smart computer usage — for example, don't click on unknown attachments, and verify links before clicking on them — and having good antivirus software.
However, even the savviest computer users can be fooled by a good phishing scheme. And while antivirus programs do a good job of preventing infections, they cannot always defend against malware they don't know about. Some forms of malware even try to disable antivirus software as part of an attack.
Fortunately, there are some simple steps you can take to clean an infected computer.
Step 1: Inspect your system with a free scanner
Many antivirus software vendors have free scanners available on their websites to detect and remove many types of malware. You can either download them or run them via your browser.
"These online scanners have the advantage of not being on your computer when you were infected, so they are not compromised like your existing antivirus software," said Brendan Ziolo, a marketing executive at networking-hardware giant Alcatel-Lucent. "If the scanner removes the threat, then you are on your way to fixing the program."
However, it might be better to run a downloadable tool, such as Norton's Power Eraser, or to install and run free anti-malware software, such as Malwarebytes Anti-Malware.
Step 2: If the first step doesn't work, use a rescue disk
Sometimes malware can take control of the system and/or hide itself from these tools. If you are unable to remove the malware with the scanner, or can't access the scanning tools on the internet, then you'll need to use a rescue disk.
Rescue disks, which are usually free, contain a full operating system (usually some form of Linux) and will boot the computer from the disk itself. They make it possible to repair a damaged system, recover data or scan the system for malware infections. (You may need to change your BIOS settings by pressing the F2 key during startup to enable booting from CDs or USB drives.)
Most antivirus companies provide rescue-disk images for download; you may want to check out include Kaspersky's Rescue Disk or F-Secure's Rescue CD. There's also Hiren's BootCD, which packs dozens of malware scanners, cleanup tools, recovery tools and other utilities into a single disk image.
Many antivirus programs suggest that you create a rescue disk before your computer becomes infected, Ziolo said.
"If you need to use a rescue disk, create one on a CD or USB from an uninfected computer," Ziolo said. "Once the rescue disk is created, boot up your infected computer using that disk and follow the instructions."
After the malware is removed, you'll need to take some further steps to help prevent future attacks.
Step 3: Run a system vulnerability check
Many security companies offer free programs that let you see whether your computer's applications, plugins and operating system are up-to-date, and whether all security holes have been patched.
Step 4: Install or update antivirus software
You should also ensure your antivirus software is up-to-date, and then run a complete scan to make sure there are no further threats.
Don't have antivirus software? You really should. Check out our recommendations.
However, there are times when you just can't solve the problem yourself, said Aryeh Goretsky, a researcher with security company ESET.
"These days, malware is insidious, establishes all sorts of footholds within the system and can make many different changes to a system, which may be non-obvious and cause seemingly unrelated and difficult-to-troubleshoot problems," Goretsky said.
If you've taken these steps and still aren't satisfied, or if you have concerns about what damage the infection may have caused, it may be time to seek external assistance.
You should contact the anti-malware vendor's support department and work with the technical support engineer to examine the system for any residual damage. The technician may be able to determine what the malware did while it was on the system.
"If the computer is used for something important and/or sensitive, the best solution may be to back up the valuable data, format the hard disk drive, and then reload the operating system and applications," Goretsky said.
Once the operating systems and applications are re-installed, patch them by installing updates to the latest available versions. Then, restore the data from backups.