How do I clean up my computer after a virus infection?

Good question.

There is ample information on the Web chastising people for doing this and that wrong, for clicking on things, for being tricked into agreeing to install a “plugin update”… reams of articles saying “DON’T DO IT – whatever it is, JUST DON’T!”

But realistically, with drive-by malware attacks picking up and malware being created to specifically evade traditional antivirus programs, people don’t have much chance… it’s just too easy to get infected with malware.

What nobody out there seems to have an answer to, is the simple question: What do you do on the day after?

I am also unaware of a simple answer.

Microsoft publishes a Malicious Software Removal Tool every month. Commendable effort, but it doesn’t stand a chance against resident malware.

Online articles that advise you to “scan your computer with the latest antivirus software” are dangerous because they lead to a misinformed public. The truth is that there are simply too many ways to avoid detection and too much money to be made in the online crime industry. This means that highly skilled, organised and motivated people are writing malware to avoid all known safety nets. Malware has it much easier than all the defenders in the world – the attackers need only one way in, and they have control of your computer for good. And running all the antivirus scan in the world won’t change that.

The only thing you can do, is backup your important data (you do have backups, don’t you?), find your Operating System installation discs, erase your entire hard drive and then re-install everything from clean, trusted media, being extremely careful not to be re-infected by your old files or devices. E.g. infected USB sticks can re-infect the new installation.

To (hopefully) avoid this, follow these rules:

  1. First thing you do after reinstalling the Operating System: Connect the system to the Internet and immediately download and apply all critical updates. Don’t even check your emails.  Update, update and then update some more until everything is at the very latest version.
  2. Users of Windows, disable the automatic execution of stuff on USB sticks and disks. (KB967715 for details)
  3. Install *working* antivirus software. Not the cracked version of Kaspersky your cousin gave you on a CD and said “it’s okay, you don’t need to pay for it”. Not the nod32.exe you downloaded off some “free downloads” site. You may think such pieces of software protect you, but they don’t. They just lie to the users about operating properly and install malware behind your back. They are the enemy.No, you need to get a *legitimate* antivirus solution. See this blog post for free antivirus software that actually detects malware (or at least tries to).
  4. Only after you’ve successfully completed these first 3 steps, may you reconnect your old media (like USB sticks or disks) to restore your files. Before you touch any of those files, you will run an exhaustive scan (that will take hours) on the removable media you used. This will increase your chances of not getting re-infected straight away. After the scan, you may start restoring your files, reinstalling programs etc.
  5. At this point, you have a clean slate and your files back. You should proceed to follow safe computing practices, especially when you’re on the Internet, and hope that someone, some day, will actually improve this sad state of affairs of being unable to trust your own computer and having to be vigilant all the time to not be infected soon again.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s