Up-Link Home Page  Up-Link Home Page


 Internet Setup


 E-Mail Help


 Computer Clinic


 Hardware Help


 Windows Help Links
Anti-Virus Labs Recommended Disinfecting Procedures
Having a virus infection on your computer is not a fun thing.  It is a serious matter that requires your immediate attention and action.  The following is a list of recommended procedures to follow for disinfecting a system known to have a virus.

The first thing that you need to do is to identify the type of virus that is infecting your system.  There are several good anti-virus programs available... stay with big name reputable companies like McAfee, Norton and Mijenix... they can help you do this and are very reasonably priced somewhere $50 and $100, depending on other optional programs they offer with them.

If the virus is a macro virus:

About 80% of the virus infections reported are from macro viruses.  They are spread most often by opening MS Word or MS Excel documents that originated on someone else's infected system and are emailed to you, downloaded by you, opened from a server or from a shared floppy or zip disk.  Once an infected document is opened on your system, all documents originating from your system will likely contain the virus and infect whoever opens them.  There is often no indication that the document is infected or that you are spreading the virus.

This type of virus is easier to remove than an exe / com / boot infector virus, but is generally much more infectious.  Use the On-Demand Virus Scanner to scan all drives on your system for macro viruses.  After disinfecting your hard drives, you should also scan all removable media and all server drives on all servers to which you normally connect.  It is also vitally important to let everyone with whom you normally exchange Word or Excel files know that you've had an infection and they may have it too.

If the virus is an exe / com / boot infector:

Although these viruses are less common, they are often much harder to get rid of than macro viruses.   It is critical that you understand and follow the guidelines below to disinfect your system.  If you make a casual effort at cleaning you may simply spread the virus to even more files.

The problem with this type of virus is that on Win95/98 machines the virus can reside in memory, hooked into the operating system's interrupts. This allows it to actually monitor what is running on your system and protect itself against anti-virus programs that are trying to clean it.  Some of the people who write these virus programs are fiendishly cunning programmers who take keeping their virus alive on your system as a challenge.  Do not underestimate their cleverness.

The process to follow in a nutshell is - get your system into a known-to-be-safe state, and then work from the safe state to disinfect unknown parts of the system.  Here's how:

  • Safe state #1 - isolate your system.  Unplug it from any network you are connected to.
  • Safe state #2 - make sure there is no virus in memory.  You get to this state by booting from a known-to-be-clean floppy disk.  However, it is possible that the virus modified your CMOS to disable booting from floppy.  So, make sure your CMOS is set to boot from floppy first. 

    Virus-scan program users:  Ideally, you will have already created a Rescue floppy disk(s) prior to the time your system became infected with the virus.  In this case, boot from rescue disk and follow the virus software company's instructions.
  • Safe state #3 - make sure your hard disk boot sector is clean.  You get to this state by running a virus scanner to scan the hard drive after booting into state #2 on the safe floppy.

    Make sure to scan your hard disk's boot sector.
  • Safe state #4 - disinfect your hard drive files.  After you have ensured that your hard disk boot sectors and system files are not infected, you can boot normally. Then you need to do a thorough scan of all files on your system to make sure none of them contain a virus.  You must scan and clean until no more viruses are detected. It would be wise to go back to step #1 after you think the system is clean and repeat everything one last time just to make sure.
  • Safe state #5 - disinfect your removable media.  Now that your system is clean you can scan all your media.  Scan all floppies, zip disks, CD ROMs and backup tapes.   Remember, you could have had this virus for some time and it may have spread to all sorts of unlikely places.
  • Safe state #6 - disinfect your network.  Notice that we don't say "server".  The server is just one component of your network.  As time consuming as it is, if you really want to get rid of a vicious virus, you have to get rid of it everywhere or it will just come back again.  Everyone on the network should certify that their machine is clean and, of course, the system administrator must disinfect the servers.
  • Safe state #7 - disinfect your universe.  Your system caught this virus somehow. It may have come from a source outside your network.  Let everyone you work with know that you have experienced an infection.  If you don't tell them, they may just pass the virus back to you again.
  • Safe state #8 - keep your system clean.  Run a real-time virus scanner (one that runs at all times in the background).  It can catch new infections before they spread and alert you to infected files that might otherwise go unnoticed.
  • Safe state #9 - new viruses are released every day. Update your virus software frequently.  Your virus software company most likely has a web site with updates you can download directly off the net.  If you don't your virus scanner may not be able to detect a newly introduced virus and you could unintentionally infect others before someone notices it.

    We strongly recommend that you create the "rescue disks" that usually are a part of your virus scan software. Also make sure to update this "rescue disk" each time you upgrade your virus scan software.
Disclaimer:  These pages are provided for information purposes only.  We cannot be held responsible for any damage you might inflict on your system while using the information contained herein.  We recommend you always refer any technical matter that is "over your head" to a qualified computer technician.

2011 Double-Hammer Computer Services.  All rights reserved.
Last Updated: September 04, 2011

Hit Counter