First steps in case
of a virus infection
Copyright (C) 06/1994 by Howard Fuhs
It is very important to know which steps to take in case of a computer virus infection. Furthermore, this knowledge should be acquired before the infection happens. Thus it is no waste of time to consider computer viruses and how to act, in case the worst case should happen in the company. One of the reasons is that loosing time reacting to a virus problem may mean loosing vital data stored on the hard disk drives of the computers. This again means loosing money.
So, if the worst case happens you had better be prepared, because there is no time to think about a data security policy, once you are in the middle of trying to salvage your data.
How to act in case of a virus infection depends on how you noticed that your computer is infected. If you noticed the infection because the virus already triggered or released its damaging paylod then the possibility is very high that your programs and data are gone and lost. To recover those data may be very expensive or in the very worst case impossible.
The other possibility is that you have noticed the viruses infection by using software like an anti-virus scanner or an integrity checker. If this is the case the battle for your data is not lost, because you noticed the infection before the virus released its damaging payload.
First of all, do not panic!!!
In case of panic you can easily loose an unnecessary quantity of data, which also means loosing an unnecessary amount of time and money. In a lot of cases more data get lost because of panic or incompetence than because of the consequences of a virus infection as such.
Are you sufficiently qualified to handle the infection and get the problem under control and eventually resolve it? Be honest to yourself! lf you are in doubt do not hesitate to contact a person who is capable of doing the job the correct way. If you commit a mistake, you could very well loose vital data, and requesting assistance in a crisis is not loosing face.
Is suitable software like anti-virus scanners, virus information databases and software to remove viruses available in your company? If yes, is this software up to date, or is the version you are working with over 3 months old? It is very important to work with the newest release of your anti-virus software. So, to be sure that the software will work correctly, get the newest release before you start to remove the virus.
Do not consider low level formatting your hard disk! There are easier and more intelligent ways to get rid of a computer virus without loosing data. lf you have an IDE hard drive in your computer (and you probably will), a low level format could even destroy vour hard drive. New and sophisticated IDE disk drives will not even allow you to perform a low level format.
lf you have your (software) first aid kit ready then you can start to remove the virus from your computers. Follow this procedure:
- Exit the program currently running on your PC the usual way.
- Do not start any kind of software, not even an anti-virus program.
- lf your PC is connected to a LAN (Local Area Network), do not send any electronic mail or copy any files over the LAN. Just follow the regular LogOff procedure.
- Switch your PC off.
Mark your PC with a good visible sign stating that this PC may be infected with a computer virus to prevent that somebody else starts using it, while you are not present.
If it is possible, disconnect your PC from the LAN to prevent the virus from spreading via the network. Now contact and inform the LAN administrator, stating exactly what has happened, allowing him to assess the risk of the virus having already spread to other workstations or servers. The whole net may have to be shut down.
Now plan the recovery procedure carefully.
Find out which data files should under no circumstances be lost, because of their value and possibly even irrecoverability and which data are in fact recoverable from a backup copy. Of course, if your disaster recovery plan is in effect, and your backup policies are sound and fully implemented, this exercise will be over in a jiffy and no or almost no data will have been lost.
Copyright (C) 06/1994 by Howard Fuhs