It can be a gut punch to realize that your PC may be infected with malware (the catchall term for viruses, Trojans, worms, and other nasties). If you don't have antimalware software installed and ready to clean your system, the situation can deteriorate quickly. But we have tips for basic damage control for your computer and the devices it's connected to.
Disconnect your PC from the network
Malware frequently uses the Internet to connect your PC to another computer that may give yours instructions, make it transmit data, or both. Malware can even receive patches to fix bugs and performance, just as legit software does. Another favorite activity is to search your home's local network for other computers to infect. That's one of the reasons to practice good security[1] when using public Wi-Fi, and the reason why you should disconnect a PC that you believe has been infected.
If you are using an Ethernet connection, just unplug the Ethernet cable. If you are using Wi-Fi on a laptop, there is usually a switch at the top of the keyboard that will toggle your Wi-Fi off and on. If you are using Wi-Fi on a desktop PC, there usually isn't a switch, and the malware may block software-based attempts to shut down your network connection. You may also have both Ethernet and Wi-Fi options on the same device, in which case you should disable both.
In Windows 7, press Windows-X to open the Mobility Center and click the right-hand button labeled Turn Wireless Off. In Windows 8 and 10, press Ctrl-X to bring up a menu listing a number of utilities. The Mobility Center should be second from the top. If you encounter problems while trying to disable your Wi-Fi connection, move to the next step.
Shut down your PC
Even if the malware loses its Internet connection, it can harm the device that it's already on, by deleting or corrupting files or ransoming them. Ransomware encrypts files that appear to be important (maybe your whole Documents folder, for example), then demands that you pay to regain access to those files. So even if you remove ransomware from your system, you haven't removed the encryption. That requires a password -- designed to be far too complex to guess or crack in a reasonable amount of time.
Malware may attempt to prevent you from shutting down your PC, but you can get around that by holding down the po wer button on your PC for about five seconds. This will force a shutdown, so save your documents and close programs before you proceed, or else you may corrupt files.
The next step is to use emergency/rescue media -- a DVD or USB thumb drive with a malware scanner installed on it -- to attempt to clean your PC (or in the case of ransomware, to decide if the encrypted files are worth paying to decrypt).
Back up your files
Circumstances like this are why regular backups of your data are so important. Put your stuff in a secure cloud[2], put it on an external drive, and store copies of your really important files -- like tax records and contracts -- in a completely differ ent physical location, such as an archival-grade DVD or an M-Disc in a safe-deposit box. These are highly durable forms of storage media. (And given the constant march of technology, we suggest storing an external optical drive along with it, even throwing in adapters for increasingly popular connection types such as USB-C.) Your best preparation against malware is to keep multiple copies of your data in multiple locations.
Create rescue tools to scan your PC
If you have a rescue disk or thumb drive, you can start your computer and tell it to boot from this storage medium. The recovery disk or drive loads a scanner that you've installed on it, and it looks at your infected comput er's internal storage devices for malware before Windows loads. You can of course scan your computer after Windows boots, but some malware can interfere with or block the scanning process, or simply hide itself more easily.
Ideally, you should plan ahead and create a rescue tool before you run into malware. But if your PC's already infected, you need a second PC that has an Internet connection or an antimalware app with an emergency media-creation feature. If you try to create a rescue disk on the infected machine, the malware may tamper with the process or even copy malware onto the media. You also need a blank DVD and DVD burner or else an empty USB thumb drive.
These days most security software developers offer their recovery tools separately from their antimalware suites. You can usually download the recovery tool for free, such as the one from Norton[3]. We recommend this one because it's kept up-to-date and it doesn't require you to handle an ISO file. You just download it, open it, and follow the onscreen instructions.
Boot from the rescue disk
The process for telling a computer to boot from a DVD or thumb drive instead of Windows varies by device. You may have to consult your PC's documentation to figure what buttons to press. For example, sometimes you just tap F11 while your PC is starting up to get a list of devices you can boot from. Navigate the list with your keyboard's arrow keys and select with the Enter key. Other times you must dive into the BIOS or UEFI -- a rudimentary interface that controls many of the functions of the different components inside your computer -- and hunt for menu options related to booting, th en save your changes and exit.
Even the key you press to enter the BIOS/UEFI during boot-up varies from one device to another. The popular choices are F2, F12, and Delete. If your computer uses a solid-state drive, your window of opportunity to press the right key maybe be only a second wide, so you have to press your chosen key repeatedly, in the hopes of getting one of those presses inside the window.
It's not an elegant system, but if you don't have external image backups to restore from, you don't have many alternatives. Even if you decide to delete Windows and start fresh, some particularly clever pieces of malware have been known to survive this process and re-infect the operating system.
Even after you make and boot a rescue disk, it may not detect the malware, or the issue may not be malware-related. But as long as you take action quickly against malware, and as long as you regularly back up your data to multiple locations, you can help prevent total disast er: the permanent loss of critical files.
References
- ^ practice good security (download.cnet.com)
- ^ Put your stuff in a secure cloud (download.cnet.com)
- ^ such as the one from Norton (download.cnet.com)