|Having a virus infection on your computer is not a fun thing. It is a serious
matter that requires your immediate attention and action. The following is a list of recommended
procedures to follow for disinfecting a system known to have a virus.
The first thing that you need to do is to identify the type of virus that is infecting your system.
There are several good anti-virus programs available... stay with big name reputable companies like
Mijenix... they can help you do this and are very
reasonably priced somewhere $50 and $100, depending on other optional programs they offer with them.
If the virus is a macro virus:
About 80% of the virus infections reported are from macro viruses. They are spread most often
by opening MS Word or MS Excel documents that originated on someone else's infected system and are
emailed to you, downloaded by you, opened from a server or from a shared floppy or zip disk.
Once an infected document is opened on your system, all documents originating from your system will
likely contain the virus and infect whoever opens them. There is often no indication that the
document is infected or that you are spreading the virus.
This type of virus is easier to remove than an exe / com / boot infector virus, but is generally
much more infectious. Use the On-Demand Virus Scanner to scan all drives on your system for
macro viruses. After disinfecting your hard drives, you should also scan all removable media and
all server drives on all servers to which you normally connect. It is also vitally important to
let everyone with whom you normally exchange Word or Excel files know that you've had an infection and
they may have it too.
If the virus is an exe / com / boot infector:
Although these viruses are less common, they are often much harder to get rid of than macro
viruses. It is critical that you understand and follow the guidelines below to disinfect
your system. If you make a casual effort at cleaning you may simply spread the virus to even
The problem with this type of virus is that on Win95/98 machines the virus can reside in memory,
hooked into the operating system's interrupts. This allows it to actually monitor what is running on
your system and protect itself against anti-virus programs that are trying to clean it. Some of
the people who write these virus programs are fiendishly cunning programmers who take keeping their
virus alive on your system as a challenge. Do not underestimate their cleverness.
The process to follow in a nutshell is - get your system into a known-to-be-safe state, and then
work from the safe state to disinfect unknown parts of the system. Here's how:
- Safe state #1 - isolate your system. Unplug it from any network you are connected to.
- Safe state #2 - make sure there is no virus in memory. You get to this state by booting
from a known-to-be-clean floppy disk. However, it is possible that the virus modified your
CMOS to disable booting from floppy. So, make sure your CMOS is set to boot from floppy
Virus-scan program users: Ideally, you will have already created a Rescue floppy disk(s) prior
to the time your system became infected with the virus. In this case, boot from rescue disk
and follow the virus software company's instructions.
- Safe state #3 - make sure your hard disk boot sector is clean. You get to this state by
running a virus scanner to scan the hard drive after booting into state #2 on the safe floppy.
Make sure to scan your hard disk's boot sector.
- Safe state #4 - disinfect your hard drive files. After you have ensured that your hard
disk boot sectors and system files are not infected, you can boot normally. Then you need to do a
thorough scan of all files on your system to make sure none of them contain a virus. You must
scan and clean until no more viruses are detected. It would be wise to go back to step #1 after you
think the system is clean and repeat everything one last time just to make sure.
- Safe state #5 - disinfect your removable media. Now that your system is clean you can scan
all your media. Scan all floppies, zip disks, CD ROMs and backup tapes. Remember,
you could have had this virus for some time and it may have spread to all sorts of unlikely places.
- Safe state #6 - disinfect your network. Notice that we don't say "server". The
server is just one component of your network. As time consuming as it is, if you really want
to get rid of a vicious virus, you have to get rid of it everywhere or it will just come back again.
Everyone on the network should certify that their machine is clean and, of course, the system
administrator must disinfect the servers.
- Safe state #7 - disinfect your universe. Your system caught this virus somehow. It may
have come from a source outside your network. Let everyone you work with know that you have
experienced an infection. If you don't tell them, they may just pass the virus back to you
- Safe state #8 - keep your system clean. Run a real-time virus scanner (one that runs at
all times in the background). It can catch new infections before they spread and alert you to
infected files that might otherwise go unnoticed.
- Safe state #9 - new viruses are released every day. Update your virus software frequently.
Your virus software company most likely has a web site with updates you can download directly off
the net. If you don't your virus scanner may not be able to detect a newly introduced virus
and you could unintentionally infect others before someone notices it.
We strongly recommend that you create the "rescue disks" that usually are a part of your virus scan
software. Also make sure to update this "rescue disk" each time you upgrade your virus scan