This year has seen a bumper crop of new computer virus outbreaks. I’ve received over 30 virus-infected e-mails in the last 14 days, and while I’ve managed to avoid any infections, this deluge has forced me to review and renew my emergency recovery plan(s). You might want to, too.
Let’s assume that a virus makes it onto your computer and you’ve inadvertently activated it. But what does activation mean, exactly?
Your garden-variety virus needs to be – for lack of a better term, ‘turned on’ – in order to do its business. That usually happens when you open an infected file or run an infected program, which then delivers the virus payload into your system. Whatever the activation method, the point is that you’ve got it and you need to get rid of it.
The first step is to identify the extent of the problem. Most anti-virus (AV) programs (such as the ones I mentioned in the last Tech article) ask you to create a set of “boot disks” when you install the program. They also prompt you to update the disks; we’ll further assume you have done that. Those boot disks will prove invaluable.
Insert the main Emergency (Boot) disk and reboot your machine. When it comes up, you’ll be running off a clean disk instead of your infected hard drive and the recovery process can begin.
To identify the extent of the problem, you should run a full system scan once you are running off a clean boot environment (your boot disks or a bootable CD). This is a critical, because if you’re simply running off an infected hard drive you’re wasting your time and are probably making things worse.
If you don’t have boot disks and can’t get any, your best bet is to turn your computer off, leave it off, and call a Togel Hongkong computer-smart buddy or as a last resort, your local computer shop.
Let’s assume you’ve done your scan and it tells you that you’ve got ‘W32.Goner.A@mm,’ for instance. Now what? Again, the AV software people are your best bet. Get on an uninfected computer that has web access and go to Symantec’s Security Response web page.
You’ll find an encyclopedia of known viruses at the Security Response site and by searching for your virus by name, W32.Goner.A@mm in our example, you’ll find a Recovery Procedure and possibly free tools for removing the virus. If you’re an experienced computer user, you probably won’t need the free tools as the recovery procedure text will be both informative and sufficient for cleaning the infected computer.
Once you’ve performed the removal, reboot from your emergency disks and rescan your computer to make sure the virus gone. If you find other infections or infected files clean them out, too.
Repeat the virus scans until the machine finally comes up clean, always booting from the emergency disks if possible. Immediately update your virus definitions, refresh your boot disks, reboot, and rescan again. If you’re clean, congratulations! If not, repeat the procedure until you are.
By now, you can be pretty certain that you’ve (a) recovered from the virus infection and (b) repaired or removed any files that could reinfect your system. Remove the boot disk and reboot your computer normally. You’ll soon see if your machine still has a heartbeat. Hopefully it does and you’re ready to get on with your life.