If your computer has been compromised and infected with a virus or other malware
you need to take action to keep your files from being destroyed and
also to prevent your computer from being used to attack other computers.
Here are the basic steps you need to perform to get back to normal
after you've been hacked.
Isolate Your Computer
In order to cut the connection that the hacker is using to "pull the
strings" on your computer, you need to isolate it so it can't
communicate on a network. Isolation will prevent it from being used to
attack other computers as well as preventing the hacker from continuing
to be able to obtain files and other information. Pull the network cable out of your PC and turn off the Wi-Fi connection.
If you have a laptop, th
ere is often a switch to turn the Wi-Fi off.
Don't rely on doing this through software, as the hacker's malware may
tell you something is turned off when it is really still connected.Shutdown and Remove the Hard Drive
If your computer is compromised you need to shut it down to prevent
further damage to your files. After you have powered it down, you will
need to pull the hard drive out and connect it to another computer as a
secondary non-bootable drive. Make sure the other computer has
up-to-date anti-virus and anti-spyware. You should probably also
download a free spyware removal tool or a free rootkit detection scanner from a reputable source like Sophos.
To make things a little easier, consider purchasing a USB drive caddy
to put your hard drive in to make it easier to connect to another PC.
If you don't use a USB caddy and opt to connect the drive internally
instead, make sure the dip switches on the back of your drive are set as
a secondary "slave" drive. If it is set to "master" it may try to boot
the other PC to your operating system and all hell could break loose
again.
If you don't feel comfortable removing a hard drive yourself or you
don't have a spare computer then you may want to take your computer to a
reputable local PC repair shop.
Scan Your Drive for Infection and Malware
Use the other host PC's anti-virus, anti-spyware, and anti-rootkit
scanners to ensure detection and removal of any infection from the file
system on your hard drive.
Move Your Drive Back to Your PC
Once you have verified that your file backup has succeeded, you can
move the drive back to your old PC and prepare for the next part of the
recovery process. Set your drive's dip switches back to "Master" as
well.
After you have backed up all your data and put the hard drive back in your computer, use a secure disk erase utility to completely wipe the drive. There are many free and commercial disk erase utilities available. The disk wipe utilities may take several hours to completely wipe a drive because they overwrite every sector of the hard drive, even the empty ones, and they often make several passes to ensure they didn't miss anything. It may seem time-consuming but it ensures that no stone is left unturned and it's the only way to be sure that you have eliminated the threat.
Completely Wipe Your Old Hard Drive
Even if virus and spyware scanning reveals the threat is gone, you
should still not trust that your PC is malware free. The only way to
ensure that the drive is completely clean is to use a hard drive wipe
utility to completely blank the drive and then reload your operating
system from trusted media.
After you have backed up all your data and put the hard drive back in your computer, use a secure disk erase utility to completely wipe the drive. There are many free and commercial disk erase utilities available. The disk wipe utilities may take several hours to completely wipe a drive because they overwrite every sector of the hard drive, even the empty ones, and they often make several passes to ensure they didn't miss anything. It may seem time-consuming but it ensures that no stone is left unturned and it's the only way to be sure that you have eliminated the threat.
Reload the Operating System From Trusted Media and Install Updates
Use your original OS disks that you purchased or that came with your
computer, do not use any that were copied from somewhere else or are of
unknown origin. Using trusted media helps to ensure that a virus present
on tainted operating system disks doesn't reinfect your PC.
Make sure to download all updates and patches for your operating system before installing anything else.
Reinstall Anti-Virus, Anti-Spyware, and Other Security Software
Before loading any other applications, you should load and patch all
your security related software. You need to ensure your anti-virus
software is up-to-date prior to loading other applications in case those
apps are harboring malware that might go undetected if your virus signatures aren't current
Scan Your Data Backup Disks for Viruses
Even though you are fairly certain that everything is clean, always
scan your data files prior to reintroducing them back into your system.
Make a Complete Backup of Your System
Once everything is in pristine condition you should do a complete backup
so that if this ever happens again you won't spend as much time
reloading your system. Using a backup tool that creates a bootable hard
drive image as a backup will help speed up future recoveries immensely.
Comments
Post a Comment