I have a virus problem - what do I do?
The following guidelines will, one hopes, be of assistance.
However, you may get better use out of them if you read the rest of this document
before acting rashly...
If you think you may have a virus infection, stay calm. Once detected,
a virus will rarely cause (further) damage, but a panic action might. Bear
in mind that not every one who thinks s/he has a virus actually does (and
a well-documented, treatable virus might be preferable to some problems!).
Reformatting your hard disk is almost certainly unnecessary and very probably
won't kill the virus.
If you've been told you have something exotic, consider the possibility of
a false alarm and check with a different package.
If you have a good antivirus package, use it. Better still, use more than
one. If there's a problem with the package, use the publisher's tech support
and/or try an alternative package. If you don't have a package, get one (see
section on sources below). If you're using Microsoft's package (MSAV) get
something less out-of-date.
Follow the guidelines below as far as is practicable and applicable to your
situation.
Try to get expert help before you do anything else. If the problem
is in your office rather than at home there may be someone whose job includes
responsibility for dealing with virus incidents.
Follow the guidelines below as far as is practicable and applicable.
- Do not attempt to continue to work with an infected system, or let other
people do so.
- Generally, it's considered preferable to switch an infected system off
until a competent person can deal with it: don't allow other people to use
it in the meantime. If possible, close down applications, Windows etc. properly
and allow any caches/buffers to flush, rather than just hit the power switch.
- If you have the means of checking other office machines for infection,
you should do so and take appropriate steps if an infection is found.
- If you are unable to check other machines, assume that all machines are
infected and take all possible steps to avoid spreading infection any further.
- If there are still uninfected systems in the locality, don't use floppy
disks on them [except known clean write-protected DOS boot floppies]
- users of infected machines should not under any circumstances trade
disks with others until their systems and disks are cleaned.
- if the infected system is connected to a Novell network, Appleshare etc.,
it should be logged off all remote machines unless someone knowledgeable
says different. If you're not sure how to do this, contact whoever is responsible
for the administration of the network. You should in any case ensure that
the network administrator or other responsible and knowledgeable individual
is fully aware of the situation.
- No files should be exchanged between machines by any other means until
it's established that this can be done safely.
- Ensure that all people in your office and anyone else at risk are aware
of the situation.
- Get all floppy disks together for checking and check every one.
This includes write-protected floppies and program master disks. Check all
backups too (on tape or file servers as well as on floppy).
-
