Disinfecting a System

Having a virus infection on your computer is not a fun thing.  It is a serious matter that requires your immediate attention and action.  The following is a list of recommended procedures to follow for disinfecting a system known to have a virus.

The first thing that you need to do is to identify the type of virus that is infecting your system.   A good anti-virus program like Fix-It Utilities™ or SystemSuite™ can help you do this.

If the virus is a macro virus

About 80% of the virus infections reported are from macro viruses.  They are spread most often by opening MS Word or MS Excel documents that originated on someone else's infected system and are emailed to you, downloaded by you, opened from a server or from a shared floppy or zip disk.  Once an infected document is opened on your system, all documents originating from your system will likely contain the virus and infect whoever opens them.  There is often no indication that the document is infected or that you are spreading the virus.

This type of virus is easier to remove than an exe / com / boot infector virus, but is generally much more infectious.  Use the On-Demand Virus Scanner to scan all drives on your system for macro viruses.  After disinfecting your hard drives, you should also scan all removable media and all server drives on all servers to which you normally connect.  It is also vitally important to let everyone with whom you normally exchange Word or Excel files know that you've had an infection and they may have it too.

If the virus is an exe / com / boot infector

Although these viruses are less common, they are often much harder to get rid of than macro viruses.   It is critical that you understand and follow the guidelines below to disinfect your system.  If you make a casual effort at cleaning you may simply spread the virus to even more files.

The problem with this type of virus is that on Win95/98/Me machines the virus can reside in memory, hooked into the operating system's interrupts. This allows it to actually monitor what is running on your system and protect itself against anti-virus programs that are trying to clean it.  Some of the people who write these virus programs are fiendishly cunning programmers who take keeping their virus alive on your system as a challenge.  Do not underestimate their cleverness.

The process to follow in a nutshell is - get your system into a known-to-be-safe state, and then work from the safe state to disinfect unknown parts of the system.  Here's how:

• Safe state #1 - isolate your system.  Unplug it from any network you are connected to.

• Safe state #2 - make sure there is no virus in memory.  You get to this state by booting from a known-to-be-clean floppy disk.  However, it is possible that the virus modified your CMOS to disable booting from floppy.  So, make sure your CMOS is set to boot from floppy first. 
  
  Fix-It Utilities or SystemSuite Users:  Ideally, you will have already created a 2-Disk Rescue Set prior to the time your system became infected with the virus.  In this case, boot from Rescue Disk #1.

• Safe state #3 - make sure your hard disk boot sector is clean.  You get to this state by running a virus scanner to scan the hard drive after booting into state #2 on the safe floppy.
  
  Fix-It Utilities or SystemSuite Users:  With your Rescue Disk running, click on the Anti-Virus button.  You will be prompted to insert Disk #2 from the Rescue Set.  You can then use Disk #2 to scan your hard disk's boot sector.

• Safe state #4 - disinfect your hard drive files.  After you have ensured that your hard disk boot sectors and system files are not infected, you can boot normally. Then you need to do a thorough scan of all files on your system to make sure none of them contain a virus.  You must scan and clean until no more viruses are detected. It would be wise to go back to step #1 after you think the system is clean and repeat everything one last time just to make sure.

• Safe state #5 - disinfect your removable media.  Now that your system is clean you can scan all your media.  Scan all floppies, zip disks, CDROMs and backup tapes.   Remember, you could have had this virus for some time and it may have spread to all sorts of unlikely places.

• Safe state #6 - disinfect your network.  Notice that we don't say 'server'.   The server is just one component of your network.  As time consuming as it is, if you really want to get rid of a vicious virus, you have to get rid of it everywhere or it will just come back again.  Everyone on the network should certify that their machine is clean and, of course, the system administrator must disinfect the servers.

• Safe state #7 - disinfect your universe.  Your system caught this virus somehow. It may have come from a source outside your network.  Let everyone you work with know that you have experienced an infection.  If you don't tell them, they may just pass the virus back to you again.

• Safe state #8 - keep your system clean.  Run the Real-Time Virus Scanner.  It can catch new infections before they spread and alert you to infected files that might otherwise go unnoticed.

• Safe state #9 - new viruses are released every day. Update your virus software frequently (Fix-It Utilities or SystemSuite users can do this by running Easy Update™).  If you don't your virus scanner may not be able to detect a newly introduced virus and you could unintentionally infect others before someone notices it.
  
  Fix-It Utilities or SystemSuite Users:  We strongly recommend that you create the full 2-Disk Rescue Set with your utility.  Make sure to update your Rescue Disks every time Easy Update installs new virus definitions. If you do not have immedate access to Fix-It or SystemSuite, click here to make an alternate anti-virus-scan diskette set.