subject: Virus Recovery Tips for Your Infected Computer [print this page] Virus Recovery Tips for Your Infected Computer
Computer viruses are harmful because of the damage they can cause to your computer system, such as deleting files, corrupting data, or simply wiping your hard disk clean. Some even install backdoors on your computer that can give hackers access to your system and your data.
Although some viruses (those that cause your system to crash only once or generate silly onscreen messages) are comparatively benign, most viruses target the essential portions of your programs or operating system to deliver greater damage.
Fighting viruses is relatively simple. Every user should install and maintain anti-virus software. The software should be set to scan all incoming files and emails, and to regularly scan the entire computer for infection. Users can do their part by treating all incoming messages and attachments with suspicion.
Despite taking all these precautions, chances are you may someday find your system infected by a virus. You will probably lose important data, as well as essential program and systems files. Once you have been victimized, what can you do for virus recovery?
The first step is to properly diagnose your problem. If your computer is still functional and you can access the Internet, search for information on current, known viruses. Using the file search function, scan your system for virus programs or infected files. Don't forget to search your memory as some viruses are designed to hide in there. Be sure to show hidden files because some viruses will be invisible to regular searching.
Test several different programs and operating system functions to determine the depth of infection, if it exists. If only one program or system function is not operating correctly, it may be a problem with that component rather than a virus that is causing the aberrant behavior. Of course, you may have contracted a virus designed to attack only one part of your computer so it pays to check thoroughly regardless of the symptoms.
If your system is not operational, try to boot the computer using an anti-virus CD or diskette. This step will only work if you have created the necessary bootable anti-virus disk when you install the software, before you are infected with the virus. You should also have saved a backup copy of your system on CD in anticipation of a possible future infection.
After booting from the diskette or CD, scan the system and look for the virus or infected files. If you discover a virus, there are several steps to take to restore your computer to normal.
If you are running Microsoft Windows, select the boot option: Last Known Good Configuration. This option only exists the first time you reboot after infection, so make sure you try it first. This approach rarely works, but in some instances it can save your computer.
Check your computer for key operating systems files. A quick search on Microsoft's web site for "operating system files" should call up a comprehensive list; print out this list and keep it by the computer for comparison. For the same level of service pack, the dates on the files should match up closely; a much more recent date on one or two files might help you pinpoint infected files.
Pay close attention to kernel32.exe and lsass.exe because hackers frequently attack those two files. Although Microsoft does update these files periodically, those updates tend to come in bunches so one file with a different date should be viewed with suspicion. If necessary, replace suspect files with new clean versions copied from another system or downloaded from the Internet.
Windows users may also find their Registry has been corrupted. If you have this problem, there are many Windows Registry repair utilities out there that can help; a simple Internet search will turn up the proper one for your version of Windows. You can also look for helpful and up-to-date recommendations for this type of software on the related forums.
If the virus has only attacked a particular program, it is a simple matter to uninstall and reinstall it. Though the time and effort involved is annoying, the process itself is fairly straightforward. Luckily, most programs will ask you before deleting any user-created data files so you shouldn't lose any valuable work.
