Computer Virus Recovery

If you are not protected, a virus can ravage your network and destroy your files in minutes. Recovering from such an attack can take time, not to mention the loss of productivity it generates. Here is a 5 computer virus recovery guide to get you back to normal business.

1. Isolate and disconnect

The first thing to do if you think or know that you have just been a victim of a virus attack is to physically disconnect the computer victims of the attack on the company network, avoid further propagation.

It is essential that the infected computer remains disconnected from the network until the restore procedure is complete.

If you are not sure that the computer is infected, disconnect it anyway. This will allow you to clean it, avoiding that during this time, the virus is circulating on the network and that the machine in question is re-infected when it reconnects.

2. Remove the virus

Once the computer is isolated, it is necessary to remove the code that caused the damage. The best way to do this is to install an antivirus on this PC, update it via an Internet connection isolated from the rest of the network, and run an analysis. This will allow you to accurately identify the threat.

Once this is done, you can download a repair tool from the site of an antivirus editor, if this tool exists, or see the detailed virus description and perform the removal manually. In many cases, deleting the original virus file, for example, the attachment to an e-mail is insufficient once the virus has come into action. Most viruses spread in different forms, infect other programs or deposit additional viruses on the computer. Do not overlook any steps in the available repair descriptions.

If you forget a step, it may happen that as soon as the computer reconnects to the network or to the Internet, it will resume its propagation, or worse, gives hackers free access to your computer.

3. Restore Your Data

Often a virus attack will not leave your network unscathed. The antivirus or any other repair tool provided by an antivirus vendor will not be able to repair files that were simply replaced by the virus since there is nothing to repair in this case. Therefore, you will have to restore files and programs.

Reinstall the programs. Some viruses will partially or completely “destroy” an operating system. In this case, it will be necessary to reinstall the computer. This can be done quickly if you have used before a disk-cloning tool, and you have an image of the computer on a CD. If this is not the case, you will have to reinstall the computer manually, and if you have several computers, this will take time! If the virus has only destroyed certain files in the operating system, it is often possible to extract these files from the archives on the operating system installation CDs.

Then, immediately install an antivirus and update it, via an internet connection isolated from the rest of the network. Run a scan to confirm that the rest of your data on your computer is virus free. Download and install the security patches available for your operating system, reinstall the other necessary software on the computer, and install the patches available for that software as well.

You can now restore your data. Some viruses will have replaced, destroyed or damaged some of your data files (images, Text files, spreadsheets, databases, e-mails, etc.). You will then need to restore these files from backups. If you have not backed up, they are lost, and you will understand at this time the advantage of regularly backing up your data, allowing you to limit the loss of data between the last backup and the attack virus. Also, take care to scan the files in the backup when restoring with the antivirus to be sure not to re-install a virus on your computer.

Take notes! Make sure you document the steps above, detailing all the manipulations you make. This will allow you if you have multiple computers to reinstall to save time on the following machines. Often this step is forgotten, and for each PC, the trial and error will start again.

4. Avoid future infections

After all these problems, you will have understood the importance of avoiding infections. It is, therefore, imperative that you ensure that each computer is protected, and that virus definitions are updated regularly and automatically without the user’s intervention. Do not forget to install the security patches for the software you use, and to impose a regular password change on your users.

5. Learn from your mistakes

Ask the following questions to know what you need to do in order not to find yourself in the same situation: 
Do you have a firewall protecting your network against external attacks? 
Do your employees download files from the Internet without any protection?

Do your employees open all types of attachments to their email or do they have the ability to open only image files, MS Office and Pdf? 
Are your virus definitions updated and updated automatically? 
Do you backup regularly?