Procedure after a Virus Attack
After an antivirus program has found malware on the PC, it is advisable to reinstall the computer, since no one can determine beyond doubt what effects the malware had and whether it could be completely deleted by the antivirus program.
- Keep calm.
- Use another PC to change the passwords you used on the infected system. The old passwords must be rated as compromised, i.e. as insecure.
- Make a backup1 of the infected computer's data.
- Reinstall the infected computer. Format the hard disk completely and reinstall the operating system. Make sure to use only original software, i.e. software from a legal source with a legal installation key.
- If necessary, check the authenticity of the programs with a checksum check.
- Do not connect the newly installed computer to the Internet for the time being: Disconnect the network cable before installing the operating system and do not establish a WLAN connection.
- Install the Windows updates first. The best way is to use an offline source2.
- Install an antivirus program. Purchase one at a store or download one from a secure computer and install it on the previously infected system.
- Now you can connect to the network or Internet.
- Once you have installed the remaining Windows updates and updated your antivirus solution, install the remaining programs you need.
- Run all update routines again. For installed programs it is recommended to use the update software Secunia PSI.
- Copy the previously saved data back to your PC.
1 In general, a malicious program will not infect any of your personal data in such a way that copying the data from the infected system to an external memory is impossible and unacceptable. If you fear a loss of security due to the backup, you can either remove the storage medium with the data and install it in a PC protected from malware or start it virus-free with a so-called boot CD and then copy the data. Both options also apply if access to the operating system is no longer possible. Be careful when using this backup and consider the files on it to be contaminated by the malware.
Source for boot CDs: http://www.knoppix.org/ or http://www.nu2.nu/pebuilder/ (as of October 2012).
2 You can safely update Microsoft Windows and Office applications using "WSUS Offline Update". Offline updates are easy to use and save you time, as all the files you need are downloaded in one large package. Download and run the update program on a system that is not infected with malware. Follow the next steps in the program that creates an installation media that you can use to install the updates on the freshly installed PC. Source: http://www.wsusoffline.net (as of January 2015).