Photo: Andrzej Pobiedzinski

Blogging was interrupted late last week by the urgent need to remove a virus from one of our computers. With the experience fresh in my mind, here are a few tips for the prevention and eradication of computer viruses.

Viruses are much easier to prevent than they are to cure. If you are a Mac or Linux user, you can sit back and gloat because viruses for these systems are so rare that they can almost be ignored altogether. But for us Windows users, these are the rules:

1. Keep your Windows Updates current. For most casual computer users, the best option is to leave Windows Update on full automatic. It’s extremely unlikely (though not impossible) that Microsoft will deliver a software upgrade that breaks your computer.
2. Install anti-virus (AV) software and keep its virus definition files current by setting it to auto-update (this is usually the default). Modern anti-virus software scans for many different types of malicious software, removing it from your system before it can do any harm. Several manufacturers provide basic anti-virus software free for personal use. I personally use the paid version of Avira AntiVir but I can recommend their free version as well.
3. Configure your AV software to alert you if there is a problem but never take any action automatically. I’ll explain why later.
4. Resist the temptation to install lots of downloaded software. If you must, learn how to scan it with your AV software before installing. Scanning a single file takes just a few seconds.
5. Think before opening email attachments. Do you trust the person who sent it to you? Do you trust the person who sent it to them? If you use an online mail service, like Gmail or Yahoo, they will pre-scan all attachments. And your anti-virus software is a last line of defense.

Arrgh! I got one anyway.

So, despite your best efforts, your system gets infected. The first indication that something is wrong is often simply odd behavior. Error messages begin to appear in programs that had been running fine or your browser starts loading sites by itself (usually sites that you really wish you didn’t know about). So, you load up your trusty AV program and scan everything in sight. This is a good idea and the right thing to do but don’t let it fix anything just yet.

Here’s the problem: malicious programs often write files to your computer in order to do their dirty work. Sometimes they modify existing files, files that your computer needs in order to run properly. If your AV program finds an infected system file and then moves or deletes it, your computer could stop functioning altogether. In technical terms, it has become a “brick”. The only option at this point is usually to wipe everything out and reinstall the operating system.

When doing a full system scan, your AV program should be run in “report only” mode. You need to know what malicious programs it finds, so that you can research the best way of getting rid of them. Many AV programs offer suggestions for fixing what they find or you can put the name of the virus into your favorite search engine and find lots more information. Once you’ve read a good explanation (or two) about how your particular virus behaves, you should have a better idea of what should be done to fix it. If you use the paid version of an AV program, you will also have access to their technical support system for help with diagnosing your problem.

If you are uncomfortable with proceeding on your own, print out a report from your AV program and take it and your computer to a reputable shop. The work you do up front will save them time (and you money) in getting your system clean again.

As for our infected computer, I spent 9 hours cleaning, moving and deleting over 800 files that had become infected. It was touch and go there for awhile but the system is now back to normal and scans cleanly. And if this computer had “bricked”, there was a full set of backups available. You have backups too, don’t you…?

Popularity: 10% [?]