How to Recover from a Virus Attack
Take these steps as soon as a virus penetrates your network to minimize damage.
If your business has suffered a virus attack and your network has been compromised, you'll need to act fast in order to prevent the virus from spreading to other computers on your network. Once a virus penetrates your security defenses, it can quickly rip through your network, destroying files, corrupting data, rendering applications useless and causing expensive lulls in productivity. The following recommendations will help you quickly get your small business back up and running again.
- Disconnect and isolate. If you suspect one of your computers has suffered a virus attack, immediately quarantine the computer by physically disconnecting it, as infected machines pose a danger to all other computers connected to the network. If you suspect other computers may be infected, even if they aren't displaying any symptoms, still treat them like they are. It's counter-productive to clean one machine while an infected computer is still connected to the network.
- Focus on the cleanup. Once you've physically disconnected the computer, focus on removing the malicious code. Use virus removal tools written for the specific virus causing the damage. Many of these tools can be found online. In addition, your anti-virus software should have updates or patches available for the specific security threat. If your antivirus software hasn't been updated recently, be sure to do so.
- Reinstall your operating system. After a virus attack, damages may range from changed file names and obliterated files to permanently disabled software applications. The extent of the damage depends on the particular virus. If your operating system is completely destroyed, you'll need to reinstall your operating system by using the quick restore CD that came with your computer. This will restore your computer to its original configuration, meaning you'll lose any applications you may have installed or data files you may have saved. So before you begin the reinstallation process, make sure you have all the necessary information handy, including the original software, licenses, registration and serial numbers.
- Restore your data. This assumes you've been diligent about backing up your files. If you haven't been doing a regular backup of all the data and files on your computer's hard drive, your files will most likely be permanently lost. If this is the case, learn from your mistake and make sure to back up on a regular, ongoing basis. And keep in mind, not all viruses target data files. Some only attack applications.
- Scan for viruses. After restoring and reinstalling, perform a thorough virus scan of your network. Use the most recent virus definitions available for your anti-virus software. Be careful not to overlook anything; scan all files and documents on all computers and servers on your network.
- Prevent future attacks. Run anti-virus software and keep virus definitions current. Make sure your security patches are up-to-date. And if you haven't been running anti-virus software, start doing so immediately to prevent future attacks. Also, if you lost data files in the recent attack, create and enforce a regular backup schedule. Change all of your passwords, including ISP access passwords, FTP, e-mail and website passwords. Some viruses can capture or crack passwords, leading to future vulnerabilities. By changing your passwords, you'll be able to boost your security.
Mark Piening is senior director of worldwide small to medium-sized (SMB) marketing for Symantec Corporation, which offers a host of security and availability products, as well as information on the latest virus threats and step-by-step guides through its website,www.symantec.com. He can be reached atmark_piening@symantec.com.
