So you can safely surf the Internet, it is absolutely vital to run antivirus software and an operating system which are always kept up-to-date with the help of automatic updates. However, a computer can still become infected with malware.
You can read up on how to protect yourself against a malware infection under «Step 2 – protect» of our «5 steps for your security». This is where you can also find a list of - often free - antivirus software.
Malware infection – what now?
Step 1: Keep calm, disconnect the Internet connection, and check your last data backup
First of all, you should disconnect from the Internet (pull out your LAN plug and switch off your WLAN). You should then find out how old your last back-up copy is. It is advisable to create a new back-up copy. If possible, this should be done onto an external storage medium, as the worst case scenario involves a completely new installation of your PC. Make sure though that you don't overwrite your last backup (the one before the infection occurred) in the process (it could still come in handy).
Note: There is a risk of back-ups also including malware, although this is irrelevant for the time being.
Step 2: Decide whether expert help is needed
As your second step, you should consider whether you want to remove the malware yourself or you would rather consult a specialist. Various antivirus manufacturers offer a special service to remove malware. This often involves telephone help or remote malware removal, but such services do cost money. Another alternative is to enquire with specialist computer stores, which frequently offer repair services (particularly for malware) as well.
Step 3: Identify and remove malware
If you decide to remove the malware yourself, please consult your antivirus manual and read up on exactly what is recommended for such an emergency case. Antivirus programs can remove certain malware infections straight away, but not all of them. In case you don’t manage to remove the malware with your antivirus software, you have to identify exactly what malware it is. The best way to proceed is to take the malware description (as indicated by your antivirus program) and do some research on the Internet (from a different, non-infected PC) for some instructions on how to remove this malware. Most antivirus manufacturers offer malware databases providing information for removal. If you have a boot CD provided by your antivirus manufacturer, you should try to restart your PC using this disk and to remove the malware this way.
For very common malware, so-called removal tools are offered by antivirus manufacturers free of charge. These check a computer for certain types of malware and remove them automatically. When downloading a removal tool, you have to make absolutely sure though that you are obtaining this from a reputable website (e. g. a well-known antivirus manufacturer), as some antivirus programs and removal tools are created by cyber criminals, and these contain malware themselves. It is therefore of utmost importance to only download removal tools from websites of reputable antivirus manufacturers.
The Security Check provided by the Swiss Internet Security Alliance will help you to identify and remove malware. It will check your computer and Internet connection for any vulnerabilities to prevent future attacks. As a supplement to the current security products you use, a related cyber vaccination also enables you to protect your computer against malware even more effectively.
Step 4: Last resort - new installation
If none of these measures are successful, you will have to reinstall the computer from scratch (or jump back to step 2 and obtain the advice of an expert). After installation, you will have to install all updates for the operating system, an antivirus program, a firewall (unless provided by the operating system itself) and any other programs required. It is very important that you don't go on the Internet after installing the operating system, before you have installed all operating system updates, antivirus software and a firewall. It is best to download the required updates on a (virus-free) PC and burn them to a CD. Only once you've installed all your updates and installed your antivirus software and firewall, you should re-connect your PC to the net or connect it to the Internet. The next step recommended is to update your antivirus software as soon as possible. Then you can restore files from your backup, which you have checked using your antivirus software first.
You can read up on how to reinstall your system, and reduce the risk of becoming reinfected at the same time, in our instructions:
How do I recognise a malware infection?
It is not always easy to recognise a malware infection, as it always tries to hide itself as best as possible. Malware infections are easiest discovered using a complete system scan run by your antivirus software. In case malware has compromised your antivirus software, the following can indicate an infection:
- Error messages when starting and closing the PC down.
- Constant load on your working memory and/or your processor. You will notice this because your PC suddenly slows down considerably, or if no actions are run on your PC, and still your hard disk is active for some time (the lamps at the front of your PC flicker). A slow system however is only one clue to, not proof of a malware infection.
- Your antivirus program is deactivated (even if you explicitly activated it).
- You cannot access the website of one or any antivirus manufactures any longer.
- Your PC no longer provides stable operation, and there are frequent system crashes.
With an infection, your antivirus program will notify you of its find stating its description (this can differ from one antivirus manufacturer to the next). If the malware succeeds in bypassing your antivirus program, you should try to start your PC using a Boot CD supplied by the antivirus manufacturer, and to look for this malware using the so-called Boot Scan. The Security Check provided by the Swiss Internet Security Alliance can help you to identify and remove any malware, too.