Windows-XP: Recovery From A Virus Infection
This is an article under development, discussing a typical scenario where an personal computer running Windows-XP got infected with a spyware virus. The article will discuss how the malware was detected, what was done to quarantine the PC, how the data was backed up, how the PC was re-imaged and restored. It will also discuss various choices that you might face as you go through the steps to recover your PC from such an attack.
As the article is developed, additional pages will appear in this section.
Windows-XP: Suspicious Signs That May Indicate Malware
How do you come to know if your PC has some sort of virus infection? If you have any virus protection software such as McAffee, or Norton Anti-Virus, Microsoft One-Care, you may get a warning or a report that tells you that your PC is or might be infected. But there are a lot of times when you don't see any very clear signs.
In this particular case, I noticed several things:
- A "Windows - No Disk" error at startup time that didn't seem to affect anything.
- Norton Ghost having problems writing to remote disks
- Windows Update Service getting automatically disabled
- Occassional browser pop-up windows warning me about some Spyware.
Windows-XP: Damage Control When Infected - Quarantining, Backing-Up Data
If you know or suspect that your PC has been infected with any kind of malware, there are some very important precautions and steps that you need to take to minimize any damage to your data and privacy.
- Take the PC out of the network: If the PC is connected to the network via a network cable, then remove it to disconnect it from the network. If connected through wireless, disable the wireless adapter on your PC. This way, you can make sure that the virus cannot transmit any kind of information from your PC to other PCs or the outside world. This will also prevent the virus on your PC from causing damage to other PCs or data-storage on your network.
- Stop all the applications you are running: Some of the applications that you are using may be infected with the virus and cause damage.
- Try to reboot your PC in safe-mode: Just as it is rebooting, hitting F8 usually takes you to a list of boot options. Choose one of the "safe" options.
- Prepare to take a back-up: It would be best to connect an external hard-disk through a USB or Firewire port and back-up all your data. These would include some of the following areas, but there may be other things on your PC, depending on how you organize your data:
- C:\Documents And Settings - This is where most of user data and application settings are stored
- Other C:\ folders - For examples, you may have C:\tools or C:\Pictures or any such folder that were created by some software or by you. It is important to look carefully and make sure that you back-up all your data.
- Other drives: You may have other disk-drives or partitions such as D:, E:, etc. Make sure that you back-up your data from those too.
- There are folders like C:\Program Files which contain files related to software that you have installed. If you plan to re-install your PC completely, then these will get created when you install the software again. But if you have manually created any files in this area, you would need to back them up.
- Operating system folders: C:\Windows, and such folders contain the operating system files. If you reinstall your PC, these will get automatically created. But again, depending on your usage, there may be files in there that you may want to back up. For example, if you had downloaded a particular file as a fix to a problem and copied it to some folder under C:\Windows, you would need to back up that file, just in case you need it after you reinstalled Windows.
- If you have any kind of back-up software installed, you can use it to copy all the above to an external hard-disk. But often it is advisable to just copy these manually using Windows Explorer in emergencies, so that you don't need to depend on any software on your PC since it is infected.
- Be patient while taking a back-up and make sure that you have copied all important data. When you are dealing with a PC crash or a virus infection, it is very common to feel stressed and rush to reinstall the PC. While doing so, you may lose important files if you are not careful. It is a good idea to write down all the folders that you need to back-up on a piece of paper, and keep checking these off as you copy them.
- If the copy action fails for whatever reason -- files being used by other applications, or destination disk going full, etc -- make sure that you repeat that copy until you get all the files.
Windows-XP: Restoring After A Crash Or Infection
This page is under develolpment.