Howard Fuhs
Howard Fuhs
Howard Fuhs

First steps in case

of a virus infection

Copyright (C) 06/1994 by Howard Fuhs


It is very important to know which steps to take in case of a computer virus infection. Furthermore, this knowledge should be acquired before the infection happens. Thus it is no waste of time to consider computer viruses and how to act, in case the worst case should happen in the company. One of the reasons is that loosing time reacting to a virus problem may mean loosing vital data stored on the hard disk drives of the computers. This again means loosing money.

So, if the worst case happens you had better be prepared, because there is no time to think about a data security policy, once you are in the middle of trying to salvage your data.

How to act in case of a virus infection depends on how you noticed that your computer is infected. If you noticed the infection because the virus already triggered or released its damaging paylod then the possibility is very high that your programs and data are gone and lost. To recover those data may be very expensive or in the very worst case impossible.

The other possibility is that you have noticed the viruses infection by using software like an anti-virus scanner or an integrity checker.  If this is the case the battle for your data is not lost, because you noticed the infection before the virus released its damaging payload.

First of all, do not panic!!!
In case of panic you can easily loose an unnecessary quantity of data, which also means loosing an unnecessary amount of time and money. In a lot of cases more data get lost because of panic or incompetence than because of the consequences of a virus infection as such.

Are you sufficiently qualified to handle the infection and get the problem under control and eventually resolve it? Be honest to yourself! lf you are in doubt do not hesitate to contact a person who is capable of doing the job the correct way. If you commit a mistake, you could very well loose vital data, and requesting assistance in a crisis is not loosing face.

Is suitable software like anti-virus scanners, virus information databases and software to remove viruses available in your company? If yes, is this software up to date, or is the version you are working with over 3 months old? It is very important to work with the newest release of your anti-virus software. So, to be sure that the software will work correctly, get the newest release before you start to remove the virus.

Do not consider low level formatting your hard disk! There are easier and more intelligent ways to get rid of a computer virus without loosing data. lf you have an IDE hard drive in your computer (and you probably will), a low level format could even destroy vour hard drive. New and sophisticated IDE disk drives will not even allow you to perform a low level format.

lf you have your (software) first aid kit ready then you can start to remove the virus from your computers.  Follow this procedure:




Mark your PC with a good visible sign stating that this PC may be infected with a computer virus to prevent that somebody else starts using it, while you are not present.

If it is possible, disconnect your PC from the LAN to prevent the virus from spreading via the network.  Now contact and inform the LAN administrator, stating exactly what has happened, allowing him to assess the risk of the virus having already spread to other workstations or servers. The whole net may have to be shut down.

Now plan the recovery procedure carefully.

Find out which data files should under no circumstances be lost, because of their value and possibly even irrecoverability and which data are in fact recoverable from a backup copy. Of course, if your disaster recovery plan is in effect, and your backup policies are sound and fully implemented, this exercise will be over in a jiffy and no or almost no data will have been lost.

Copyright (C) 06/1994 by Howard Fuhs


Fuhs Security Consultants
All Rights reserved!
Frank Ziemann
Home Impressum

24 Hour Clocks Publications DE Deutsch
Thema 00
Hier finden Sie Information über Dinge, von denen wir jetzt noch nichts verraten wollen.
Thema 01
Hier finden Sie Information über Dinge, von denen wir jetzt noch nichts verraten wollen.
Premium Content
Restricted area. Paying customers only.
Company News and Press Informations.
Protect your Assets with our Security Services.
24-hour clocks according to ISO 8601 developed for usage in business, technical and military 24/7 environments.
Informations about the worldwide Lecures and Seminars of Howard Fuhs.
Articles and Manuscripts of Howard Fuhs covering the topic of IT-Security.
Digital Publishing
Publications of Howard Fuhs on CD-ROM.
DEDeutsche Seiten
Hier finden Sie unsere deutschsprachigen Seiten.
Follow this link to our German pages.
Contact us
via E-Mail
Frank Ziemann
Hot Sites
Trade Terms  and Conditions
Hot Sites
Hot Sites (11/1998)
Trade Terms and ...
Trade Terms and Conditions - and Internet Access (05/1998)
Thema C
--not used--
Thema D
--not used--
Thema E
--not used--
Thema F
--not used--