If you suspect that your computer may be infected with a computer virus or otherwise compromised by hackers, the best course of action is to wipe the computer and reinstall your operating system and applications (see Reinstalling Your Compromised Computer for instructions). If this is not practical, you can attempt to clean your computer using these steps (instruction for Microsoft Windows operating systems):
- Make sure you have the latest virus definitions for your anti-virus software. For the campus-licensed Symantec Endpoint Protection you can use the following instructions:
- Double-click on the yellow shield icon in the icon tray bar (notification area) on the lower right portion of your screen. When you move your mouse over the icon, it should say “Symantec Endpoint Protection”.
- In the “Virus Definitions” area, click on the “LiveUpdate…” button and follow the prompts.
- Reboot your computer into safe-mode by pressing and holding the F8 key when starting the computer and selecting “Safe Mode” from the boot options when they are presented. Microsoft has specific instructions at the following URLs:
- Windows 2000 – http://support.microsoft.com/kb/281770/en-us (See the Safe Mode section)
- Windows XP – http://support.microsoft.com/kb/315222
- Windows Vista – http://support.microsoft.com/kb/950684/ (see Step 5)
- Windows 7 – http://windows.microsoft.com/en-US/windows7/Start-your-computer-in-safe-mode
- While in Safe Mode, run a full scan of your system using your installed anti-virus program. Using either of the campus licensed anti-virus programs you can do the following:
- Double-click on the yellow shield icon in the icon tray bar (notification area) on the lower right portion of your screen and select . When you move your mouse over the icon, it should say “Symantec Endpoint Protection”.
- In the left side menu click “Scan for threats” and select “Full Scan”
- Run a Rootkit Detection tool like Kaspersky Lab’s TDSSKiller Rootkit Removal Utility (http://usa.kaspersky.com/downloads/TDSSKiller – there is a link for a free stand along version at the bottom of the page) or Sophos Rootkit Removal (http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx). Both of these programs can detect some, though not necessarily all, rootkits. Of the two of these, Sophos is the easier to use, however for those users who are technically inclined, Kaspersky’s TDSSKiller provides more information about all hidden files and processes (including those that are a normal part of Windows).
- Download and install an Anti-Spyware program like Spybot – Search and Destroy (http://www.safer-networking.org/) or Ad-Aware (http://www.lavasoft.com/products/ad_aware_free.php). Both of these programs have free versions that can be run for personal use and have solid reputations. Keep in mind that some adware/spyware alerts, particularly cookies, may be fairly innocent and not represent a serious threat to your systems safety. In these cases the alerts to be concerned about are primarily those that represent installed programs or browser plug-ins/add-ons that you cannot identify.
- If you received a security notice, take a screen shot or save anti-virus/anti-malware scan logs to send to System and Network Security as evidence that your system has been successfully cleaned.
If none of these steps return any significantly problems, then the system is probably ok to use, however be wary of any problems you notice. If these steps do not resolve the issue, you should rebuild: Reinstalling Your Compromised Computer