Best Practices: Cleaning an Infected Computer

ISG, The Information Security Group, providing proactive security expertise, engineering robust security architecture, enhancing a culture of security awareness

fishBest Practices: Cleaning an Infected Computer

1. Some ways a computer gets infected

  • Responding to a phishing email
  • Failing to keep your anti-virus and spyware definitions current
  • Clicking on a seemingly innocuous web site for a free widget while a malicious script runs in the background
  • Using an anonymous thumb drive you found in the airport and installing its keylogger software
  • Opening an attachment from a long lost uncle you didn't know you had (and actually don't)
  • Not disabling your web browser's function to automatically run scripts (check its security configuration and set to "high")

2. Signs a computer is infected

  • screen full of pop-up windowsIt begins to run slowly
  • Task manager indicates 100% utilization
  • Firewall is asking permission to allow unknown programs access to the Internet
  • There are unknown processes and programs at start up
  • Policy changes were made without your knowledge
  • There are visible configuration changes
  • Some programs no longer work
  • You begin to get pop-ups

3. Tools for your toolbox

collection of bottles of cleaning products4. Steps to disinfect

  • Remove the machine from the network
  • If using XP, turn off the system restore
  • Clean out the temporary files using Disk Clean-up
  • Run CW Shredder
  • Run Ad-Aware
  • Run Spybot S&D
  • Run SpyWare Blaster
  • Run HijackThis
  • Run your system anti-virus tool
  • Run a non-resident anti-virus tool
  • Reconnect to the network
  • Run Belarc Advisor
  • Run MS-Baseline Analyzer
  • Take actions as needed
  • Afterwards: change all passwords and be aware of online banking, credit cards, etc.

5. Summary

firewallThe best defense is sometimes your offense:

  • If you use a firewall, keep it on
  • Keep all your system tools up-to-date
  • Consider using automatic updates
  • Read everything that comes from ISG
  • Use common sense!

Related Resources

DCC 09/09/2009 presentation: PowerPoint Slides | Audio and Slides (Captivate) | Checklist version

Contact Us

For general information security questions or to report a computing security incident, contact ISG@brown.edu.