Your computer has slowed down. Your programs are not always working correctly. Now you are getting strange pop-up windows and a message that your computer has a virus. What should you do next?
These are signs that your computer may be infected by a virus, spyware, or some other type of malware. There are other signs to look for as well, and they are far worse. You may receive a notice from your Internet Service Provider (ISP) that there is suspicious activity on your computer. You may get an email reply from friends and family for an email you never sent. One of the worst outcomes is that you may find transactions in your on-line bank accounts that you never knew about.
These issues are all possible because there are bad actors who want to use your computer, your personal information, and your accounts without your permission. These criminals steal passwords so they can take money from your accounts. They take information from your computer that they can use or sell for identity theft. They take control of your computer so they can use it to send SPAM email.
If you think that your computer may be infected, even if you are not sure, follow the procedure below to clean your computer and put it back into service. If this procedure does not work, you should consult professional help, and it may be in your best interest to completely delete everything from you computer and restore it back to its original configuration.
What You Will Need for this Procedure
- An Internet connection
- A computer that is not infected
- Antivirus software for the infected computer (hopefully is already installed)
- Antivirus software on removable media (like a CD or USB stick), such as Microsoft Safety Scanner
1. Disconnect the infected computer from the network.
If you are connected on a wired network, simply disconnect the network cable from the computer. If you are on a wireless network, look for the switch on the computer that turns off the wireless adapter. Disconnecting from the network keeps viruses from spreading and keeps them from communicating with command-and-control servers on the internet. This is the first and most important step in dealing with an infected computer.
2. Start or restart the computer in safe mode.
When Windows starts, it initializes many processes and software drivers. These are important for the full use of your computer, but you can start with a minimum set of processes and drivers for debugging. This is called safe mode. This is best for your infected computer, since it may prevent the virus from being started. This means that you may only need to clean it off of your disk drive. To start in safe mode, press and hold the F8 key before the Windows logo appears. You will get a list of options for start-up. Select “Safe mode”. If your first attempts fail, continue to restart until you successfully enter safe mode.
3. Run a full scan for viruses.
Since your computer is in safe mode, you may not be able to use your installed antivirus software. Instead, you use an virus scanner on a CD or USB stick. It is best to use an up-to-date scanner, so you should download one using your clean computer that is connected to the internet. I recommend running a full scan with the Microsoft Safety Scanner, since it can be downloaded onto a USB when you need it, and it is very thorough. Run the antivirus software until it reports that there are no infections. Make sure you are running full file system scans and not just quick scans. If this step does not work, your options are to try a different virus scanner, consult a professional, or clean everything off of your computer and restore the original installation.
4. Reconnect to network and restart the computer.
With the viruses removed from your computer, it is safe to reconnect it to your network. Restart the computer normally (not in safe mode). This is important for completing post-clean-up tasks. Verify that you are able to connect to the internet.
5. Update installed antivirus software and rescan.
If everything has worked so far, your computer should be working normally now, but it is important to double-check that it is free of infections. First, open your antivirus software console and install any updates to the software and to the virus signatures. Next, run a full scan using the installed antivirus program. If it completes without finding any infections, your computer is safe to use. If not, the problem is much more serious, and you should either consult a professional or clean everything off of your computer and restore the original installation.
6. Change passwords for on-line accounts.
Now that your computer is clean. You may want to change your passwords for your on-line accounts, such as your email, banking, and retirement accounts. Serious viruses may have captured your logins and passwords with a goal of stealing your money or identity. If you have reason to believe that information may have already been stolen, you may want to do this on your extra, clean computer right after disconnecting the infected computer from the network.
7. Verify your files are not missing or corrupted.
With everything on your computer clean and your on-line accounts secure, you should verify that everything is still working on your computer. Check for missing documents and for programs that do not work properly. If things do not seem quite right, backup the files you are able to recover, and then clean everything off of your computer and restore the original installation.
Congratulations. Your computer has been cleaned and your files have been recovered. Now keep your computer clean by following safe internet and email habits. This will go a long way to keep you from doing all of this work in the future.