My computer recently got a virus. Although I’ve been through the practice sessions and have thoroughly planned my emergency response should the event ever occur, I was shocked to find that my emotions were largely ruling my decisions at first. When you get a virus, the effect is usually swift and strong. For me, I was researching technology websites for an article when suddenly my firewall and antivirus issued a popup window alert. It said something has been sandboxed or some such blabber. Before I could do anything, even before I could finish reading the popup to make a decision, the computer suddenly went wonky. A hundred windows popped up all stating that the Windows hard drive could not be found, etc. Everything on my desktop and all my files suddenly disappeared. At first, I watched in slow motion with horror as it happened. Then, reality set in. I think my computer just got a virus, I thought. I was suddenly very perturbed with my firewall/AV (Comodo) and with my browser (Firefox). I could kick myself because I had been using Chrome but I decided to use Firefox that day because Chrome has trouble with tabbed browsing and displaying some sites properly.
Anyway, I panicked. I made some decisions and did a few things that, while harmless, should have been done when my head was cooler.
In retrospect, I could have handled the emergency better. I admit I was very upset when all my files suddenly disappeared, and I made some emotional decisions based on my distress. Here are a few tips from someone who has “been there.” I intend to follow these guidelines next time!
1. Unplug your Internet service.
My desktop had an Ethernet cable in the modem, so all I had to do is unplug it from the router. If your machine is wireless, turn off the wireless or turn off the router. Do this immediately. Most viruses “phone home” as soon as they sense an infected computer. Some trojans will start sending out personal information to the master. Remove the computer from the network. If you need to unplug the router from the electrical outlet, just do it.
2. Remove all external drives and consider them contaminated.
Do not insert the drives into another computer! You may spread the virus to other machines! Instead, scan the drives with your updated antivirus software after you have removed the virus from your computer. Some viruses inject data files into external drives. Once the drive is inserted into another computer, the Windows autoplay feature activates the virus and infects the computer. This is why it’s a very good idea to completely turn off Windows autoplay.
3. Take note of your computer’s behavior.
You will need to remember some of the key behaviors because every antivirus has its own unique pattern. Over time, some of the patterns change slightly, but there are usual characteristics. In my case, I saw a hundred or more error dialog boxes telling me that Windows could not read the hard drive. All my files were suddenly “wiped out.” This behavior is characteristic of the System Fix virus. It scares computer users that the computer is having a major failure, and then directs the user to purchase a “fix” for the problem. The virus appears to wipe out all the data files, but what it actually does is it uses the attribute.exe application setting to hide all the files and folders. The virus is an old one and I’m surprised my Comodo Internet Security was so slow to stop it. Comodo did “partially limit” the virus and so I never saw the “System Fix” popup demanding money for a fix. But Comodo did allow the virus to hide all my files and change my settings. Odd.
4. Research the virus behavior on a clean computer.
The Internet is a wealth of knowledge. Chances are very likely that your experience with the virus is not the first. Search the Internet using key words based on the virus’ behavior. For example, I searched using the words “Windows cannot find hard drive,” “error,” and “virus.” The results led me to others who have experienced the same virus.
5. Do not use Safe Mode on the infected computer to try and get rid of the virus.
In Safe Mode, the computer operating system boots up with minimal software. Sophisticated viruses, such as boot sector viruses or rootkits, can boot up and gain access to your computer anyway. And malware programs, such as MalWareBytes, do not work properly in detecting and eradicating viruses in Safe Mode. Also, some viruses deactivate your firewall and/or antivirus program, so you really don’t want to run the computer until you know exactly what you are dealing with and how to resolve the problem.
6. Scan the computer with rootkit scanners and online antivirus scanners.
Download one of the free malware detectors and rootkit scanners on your clean computer. Use a portable USB drive to load the software. Realize that when you plug the USB into your infected computer, your USB drive may become contaminated. If possible, use an older drive that you will probably discard or a drive that has no important files on it. I include a list of very helpful software programs, below, that you can install to the infected machine.
7. Decide whether you want to reformat the computer or try to fix the virus infection.
I reformatted my computer. Reformatting is a big job, a momentous job. Someone once said it’s like killing an ant with a bulldozer. But I am horribly cautious and I felt that I would always wonder if the virus was still lurking on my computer unless I reformatted. Besides, the computer was recently reformatted so it wasn’t going to be a shock or anything. I think a virus is difficult to remove manually, even a simple virus. Many viruses change the registry (your computer’s brain) as well as settings, App Data and more. I just didn’t want the hassle and I felt that a reformat would take as much time but be less stressful. The choice is up to you.
Finally, it goes without saying that it is so important to backup your files frequently. I had backed mine up recently, but had skipped the chore for the past few months. I therefore lost some data. I’ve managed to recover most of what I lost, but the virus experience has made me much more cautious about websites I visit and more conscientious with backing up my data. I have since subscribed to an online data preservation program and intend to guard my data like treasure in little lockers! That old proverb is indeed true: an ounce of prevention is worth a pound of cure.
Helpful Software Programs:
TDSSKiller by Kaspersky
Avast! Anti Rootkit Program
MalwareBytes malware scanner
TrendMicro HouseCall Online scanner
BitDefender Online scanner
Kaspersky Online Virus Removal tools
Norton Security Scan