|
 Diagnosing
and treating a virus
Diagnosing
a Virus
Despite careful planning, it is possible to fall victim to a virus.
This could be for any number of reasons. Perhaps your anti-virus
software was for some reason disabled, or maybe the virus was inadvertently
downloaded from the Internet.
Whatever
the reason, watch out for the following signs that can warn you of
infection:
Increased email activity on your network, especially messages with unusual headings. |
Your computer has less available memory than it should. |
It inexplicably shuts down at certain times. |
Some of your files are corrupt or don't work as they should. |
Some of your files or programs are missing. |
Unknown files or programs appear on your computer. |
Strange messages pop up on your monitor. |
Music and sounds play spontaneously. |
Treating
a Virus
Treating a Virus
Because viruses, worms and Trojan Horses each infect different parts
of the system, it's impossible to devise a cure-all for treating
infection. There are, however, procedures that you can follow to clean up
your systems and restore your data.
Be
Prepared
Regular back-ups are an essential part of your anti-virus arsenal.
If any of your data is lost or damaged beyond repair, these may
be your only hope of recovering your work.
It's
also a good idea to develop a collection of read-only disks containing
the free tools distributed by many anti-virus developers.
Make
sure your employees know what to look out for and will inform you of
any virus symptoms they notice.
Disconnect
the Infected Computer from your Network
Contain the outbreak as quickly as possible. If you have a network,
disconnect the suspected computer immediately.
Make
Sure That You're Infected
Don't panic. Use your anti-virus software to double-check that you're
infected. Sometimes a system can appear to be infected when it's
not. For example, false alarms happen if you run two anti-virus
software packages at the same time, something to avoid. There are
also joke programs that convincingly emulate virus symptoms.
Let
Everyone Know About the Infection
Once you've confirmed that you have a virus make sure that everyone
knows about it and checks their systems for symptoms. Inform them
of what they can do to stop or minimise further spread of the infection.
Give instructions regarding what to do about the infected machines.
To be safe contact everyone you recently exchanged files with and
let them know that they stand a chance of infection.
Run
your Anti-Virus Software
First of all, determine the extent of the infection with a full virus
scan.
Make
Sure It's Not Active in Memory
Make sure the malicious code isn't in memory before trying to remove
it. To start the system without the virus in memory, exit all open
programs and reboot the computer with an uninfected emergency boot
floppy inserted in A drive.
Disinfect
your Computer
Once you know which type of malicious code you're dealing with, use
your anti-virus software to disinfect your system.
Some
viruses and worms are sticky customers and cannot be removed automatically,
so use a clean computer to check your software vendor's site for instructions
about manually removing any final traces.
Delete
the Infected Files
If you can find an infected file before it's opened and has a chance
to spread through your system and network, deleting it may be enough
to avoid further problems. This is especially the case if your
anti-virus software flags an infected email attachment, as you need
to open it to become infected.
As
a last resort you may need to reformat. By reformatting your drive
you destroy all your existing data and will need to reinstall all your
files and software to get up and running again.
After
you reformat your drive reinstall your anti-virus software first, so
that you can test your software and back-ups before you install them.
Restore
your Files
Your anti-virus software will often be able to repair files with
minor damage. However, you will have to restore badly damaged or
destroyed files and programs from your back-up copies and installation
disks. You may also have to replace some files from your original
system installation disk.
Check
That the Virus Has Been Removed
Viruses and worms self-replicate, so make sure that you've found
and deleted all copies. Once you've disinfected the computer, check
that all trace of the malicious code has been removed with another
virus scan. Only reconnect it to the network once you're confident
that the computer is clean.
After
the Incident
Once the dust settles it's time to review your preventative measures.
Somewhere, somehow the malicious code slipped in. Establish how
this happened, and review your virus defences to see how they can
be improved to avoid future incursions.
Back
to Tech Watch
|
