-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST05-006
Recovering from Viruses, Worms, and Trojan Horses
Unfortunately, many users are victims of viruses, worms, or Trojan
horses. If your computer gets infected with malicious code, there are
steps you can take to recover.
How do you know your computer is infected?
Unfortunately, there is no particular way to identify that your
computer has been infected with malicious code. Some infections may
completely destroy files and shut down your computer, while others may
only subtly affect your computer's normal operations. Be aware of any
unusual or unexpected behaviors. If you are running anti-virus
software, it may alert you that it has found malicious code on your
computer. The anti-virus software may be able to clean the malicious
code automatically, but if it can't, you will need to take additional
steps.
What can you do if you are infected?
1. Minimize the damage - If you are at work and have access to an IT
department, contact them immediately. The sooner they can
investigate and clean your computer, the less damage to your
computer and other computers on the network. If you are on your
home computer or a laptop, disconnect your computer from the
internet. By removing the internet connection, you prevent an
attacker or virus from being able to access your computer and
perform tasks such as locating personal data, manipulating or
deleting files, or using your computer to attack other computers.
2. Remove the malicious code - If you have anti-virus software
installed on your computer, update the virus definitions (if
possible), and perform a manual scan of your entire system. If you
do not have anti-virus software, you can purchase it at a local
computer store (see Understanding Anti-Virus Software for more
information). If the software can't locate and remove the
infection, you may need to reinstall your operating system,
usually with a system restore disk that is often supplied with a
new computer. Note that reinstalling or restoring the operating
system typically erases all of your files and any additional
software that you have installed on your computer. After
reinstalling the operating system and any other software, install
all of the appropriate patches to fix known vulnerabilities (see
Understanding Patches for more information).
How can you reduce the risk of another infection?
Dealing with the presence of malicious code on your computer can be a
frustrating experience that can cost you time, money, and data. The
following recommendations will build your defense against future
infections:
* use and maintain anti-virus software - Anti-virus software
recognizes and protects your computer against most known viruses.
However, attackers are continually writing new viruses, so it is
important to keep your anti-virus software current (see
Understanding Anti-Virus Software for more information).
* change your passwords - Your original passwords may have been
compromised during the infection, so you should change them. This
includes passwords for web sites that may have been cached in your
browser. Make the passwords difficult for attackers to guess (see
Choosing and Protecting Passwords for more information).
* keep software up to date - Install software patches so that
attackers can't take advantage of known problems or
vulnerabilities (see Understanding Patches for more information).
Many operating systems offer automatic updates. If this option is
available, you should enable it.
* install or enable a firewall - Firewalls may be able to prevent
some types of infection by blocking malicious traffic before it
can enter your computer (see Understanding Firewalls for more
information). Some operating systems actually include a firewall,
but you need to make sure it is enabled.
* use anti-spyware tools - Spyware is a common source of viruses,
but you can minimize the number of infections by using a
legitimate program that identifies and removes spyware (see
Recognizing and Avoiding Spyware for more information).
* follow good security practices - Take appropriate precautions when
using email and web browsers so that you reduce the risk that your
actions will trigger an infection (see other US-CERT security tips
for more information).
As a precaution, maintain backups of your files on CDs or DVDs so that
you have saved copies if you do get infected again.
Additional information
* Recovering from a Trojan Horse or Virus
* Before You Connect a New Computer to the Internet
* Securing Your Web Browser
_________________________________________________________________
Author: Mindi McDowell
_________________________________________________________________
Produced 2005 by US-CERT, a government organization.
Note: This tip was previously published and is being re-distributed
to increase awareness.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST05-006.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR+Frc/RFkHkM87XOAQLtpggAgcnalwEy9Yfa63s0NiiwNzWMIALoRkOF
hAW78JbRvgN1mkPbPVbWv318MAm2aGf4yXC9+KrxDvmH4veCtJFzoaI1b34U2mTp
nF8/Giqbgj3SWXgI7kOO6AqmMKqpwXJ+bnGxfaJ8pD0C9kIgW3LVAb18QVzk+aK0
zagtXgPUB8I0iW8Z0bEvKzqlRzWE4M30VsOMcLh+gjoo7WKyZqzKgHEJEU4SIDAT
KIeRbgDUq/6HfvFxvDd26V4tbI5YmTfRJVbjI37BluAP8ozkwPuRz7KYwyIkv2Sv
ZYB+BZ5iCrSDrqZ+RqrTbHgC0G43BYTiyxn+EO4jeuvfGHgijZehDg==
=3Yxk
-----END PGP SIGNATURE-----
