How should you react if you find your computer has been infected by a virus?
If you're like most people, your heart will skip a beat, and then you'll get a little freaked out. Maybe you'll start clicking your mouse or punching the Escape key, or any series of keys, hoping that will make everything better.
"Panicking after realizing you may have a piece of malware on your system is common and definitely can make the situation worse," said Lance James, director of intelligence at Jersey City, N.J.-based security firm Vigilant.
If this situation happens at work, James said, the solution is pretty easy — you call the IT department. Or, at least you should.
"Many people hesitate to do this, thinking that it may get them in trouble or cause down time, but corporate IT security teams realize that malware is inevitable and is rarely the users' fault," James said.
"Malware authors are in the business of tricking victims; we all have to expect that infections happen on a regular basis," he said. "Trying to cover it up or [to] handle it yourself is far worse than being open about it."
[ 10 Things You Must Know About Malware Infections ]
At home, it's a different story. Most of us don't have an IT expert in house, and security-related issues are usually beyond the scope of the resident teenager.
In such a case, James said, the key to handling an infection is to remain calm.
"Most likely, if you have malware, it was identified by your anti-virus software, in which case the best thing to do would be to update the anti-virus definitions and allow the anti-virus to remove the malware," he said.
Diagnose the issue
Before you fix the problem, it's best to understand what exactly it is you are fixing.
"Most of what we see are not computer viruses these days," explained Aryeh Goretsky, distinguished security researcher with the San Diego office of the Slovak anti-malware company ESET. "Maybe [a] single to a low two digits' [percentage] of the malware we see are classic recursively self-replicating parasitic computer viruses.
"These days, malware tends to be a blend of discrete programs, depending upon who broke into your computer first and what they are selling access to it for (spam, DDoS, botnet C&C, fake AV, proxy, etc.)," Goretsky said. "The first criminal to break in sells access to other criminals with disparate needs."
Malware also is very operating-system dependent, and the steps for removing malware from a Microsoft Windows system are dramatically different from those to remove malware from a system running Mac OS X.
In Windows, James explained, malware attempts to hide in plain sight by mimicking common Windows system files or programs, or by adding records to the Windows Registry, which stores configuration settings and options for Microsoft and third-party applications.
"Removing Registry modifications is an essential, but tricky, part of removing malware from any Windows machine," James said.
Until recently, malware has been relatively uncommon for Apple computers, but this has changed with the emergence of the Flashback malware, which targets vulnerabilities in the commonly used Java universal platform.
Apple has released a removal tool and patches that mitigate this flaw, James said.
Five steps to serenity
Mike Geide, senior security researcher for Zscaler ThreatLabZ, provided the following tips for those who are afraid they've been hit with malware:
1. Update your anti-virus software and malware signature files. Then run a detailed, full scan.
2. Research your symptoms online to see if there are remediation steps you can take — ideally from a computer that is known to be safe. Some anti-virus vendors provide instructions or even special tools for removing infections.
3. Immediately take the infected machine offline (turn off wireless access and/or unplug wired connection). Malware often talks to a "command and control" module via the Internet. Never shut down or reboot an infected computer — at worst case, put it in sleep mode and then get help or get the resources required to determine the issue.
4. Back up all data by using a write-once DVD or similar media. Since it may not be obvious where the infection resides, this will keep data safe until you can determine the cause and then decide what portions of the backup are safe to use. Copying the backup data on another online system (for example a network-attached storage drive or NAS) could allow the malware to spread to other computers, or to re-infect the same computer after it's been cleaned.
5. Re-build your machine by restoring it to factory settings, and then re-install all programs, files and non-infected data that you previously backed up. This step is crucial because malware can create backdoors to your system or otherwise disable updates or specific security features.
Many anti-malware vendors offer options to create stand-alone CDs or USB flash drives that systems can be booted from. This way, you can scan and clean the computer's files without having to run infected components.
Look into creating one of these boot CDs or drives, and keep it up-to-date (this may be easier with a USB flash drive), Goretsky added.
Removing malware may have to be a two-person job, especially if you don't have a second computer handy to research information. (You may need to phone a friend for help.) Having another person around can help keep you remain calm, since removing a virus isn't for the faint of heart.
But also note that even with your own calm, heroic efforts, you may still need to call in a pro.
"If after running operating-system, third-party-application, and anti-virus-system updates, the system continues to be slow or unstable, consider taking the system to a professional," James said. "There are a variety of malware-removal services available. In many cases, this may be the result of malware-driven problems, but may also point to deeper problems that require a professional's attention."