Viruses, worms, Trojans, and other malicious specimens lurk on computers and computer networks. The introduction of malware of all kinds and for all platforms, data theft, cyberespionage, privacy invasion, and disinformation campaigns that end up posing an online risk, are at a premium in global technology and force users and companies to take proactive measures to control them.
Major cybersecurity incidents highlight that digital threats are increasingly dangerous, both in number and in the sophistication of their development. And the situation is only going to improve as the industry continues to add billions of connected devices and as phenomena like BYOD and hybrid work, which are here to stay after the pandemic, increase the number of vulnerable devices.
How to remove malware from your PC
Although prevention is the first and most important line of defense , it's not always possible to stay safe from infection, and every user has encountered malware at some point, even if they haven't been alerted by their security solution. If your computer shows any of these symptoms, it's time to take immediate action with the four specific steps we'll describe below.
1. Try to save files
Backups are the greatest lifeline against any type of computer virus, and sometimes, with some viruses, such as ransomware, they're the only solution. If you haven't done so before, you can try saving documents, photos, videos, and any other personal or professional information that you can't lose even if infected, and then try to recover them later on a clean system .
This group includes the most dangerous ones, which will be those infected by the aforementioned ransomware (usually with encrypted files), so they can be recovered when decryption tools are released. Of course, the goal is only to copy the files to a controlled external drive, as we shouldn't run any of these files until they're cleaned, as they can infect other computers.
To make these copies, we can use several methods. If you're using Windows, it has a safe mode, also called "safe mode" or "advanced boot mode," which only loads the most basic drivers and services and is useful for finding and resolving operating system problems that can't be fixed with a standard boot, where malicious code is often loaded.
If it is not possible to make backup copies with the previous function, we must use another more advanced method to access the files of an infected computer, such as using rescue disks (self-bootable from optical drives, pendrives or external USB disks) both native Windows ones for system recovery, as well as solutions specially prepared for problem resolution such as Hiren's BootCD or Ultimate Boot CD.
2. Disinfect the equipment
Once we've tried to save our essential files, it's time to begin disinfection, although it's worth noting that this isn't always possible depending on the malware in question. There are times when a clean installation of the entire system and applications will be the only option.
In cases of suspicion, the best option for removing malware from your PC is to use specialized virus-fighting rescue disks. This is an effective method, considering that the vast majority of malware loads/hides in memory, making it difficult to detect/remove once the operating system boots.
All major security providers offer the option to create them, and this article presents a dozen of them. Most are Linux Live CDs (created and bootable from optical drives, flash drives, or external USB drives), which can be used on the PC independently of the operating system and without having to install anything.
Its operation is simple , but only after booting the computer with the created rescue media. All of them will update the virus signature and the program, then begin scanning and disinfecting malware, if applicable. From the Live CD's file explorer, we can also access the drive where the main system is installed. This is useful if we want to delete a file or directly to make the backup copies of essential files we saw in the previous section.
3. Recover the system
If the malware cleanup was effective, remove the rescue disk and try booting up your computer normally . If possible, install the best security solution available and scan it again for viruses. There's also a good collection of comprehensive free and commercial solutions here . If the system boots normally, check if all your installed applications are working properly, including drivers. Even if the operating system is clean and working, there may be damage.
If, despite the above efforts, we haven't been able to eliminate the infection, all we can do is reinstall the operating system . If we have a recovery partition or system disks, like those offered by some manufacturers with their new computers, this will be the first option to revert the computer to its factory state.
Restoring the operating system to factory settings using the operating system's own tool or using restore points are other simple alternatives to using backups or a clean installation. If none of the above works, you may need to perform a clean installation of the entire system , formatting the partition to ensure the computer is free of viruses.
Finally, you can recover your data and applications, but not before thoroughly scanning and disinfecting the data files you previously backed up. Make sure they're cleaned before copying them back to your computer, as they could be the cause of the infection, and you'll have to repeat the entire process. This includes scanning external USB drives, another common way to hide viruses.
4. Prevents further damage
The system partition is clean, but we should also check the rest of the partitions and the entire local network because the virus may have reached it through that route and infected the computer again. You can check this with the rescue disks created previously and also with a security solution installed on the computer, because nowadays, no matter how cautious we are, it's difficult to keep a personal computer clean without additional protection. If you use Windows, it's recommended to at least use Microsoft Defender, which is installed by default.
It's also advisable to change passwords . A significant portion of current malware infects computers with the goal of obtaining access passwords. It's not unlikely that third parties may be able to access them, even if your system is clean. Therefore, after an infection, it's highly recommended to change passwords from local passwords used for authentication in the operating system to those used for Internet services, especially those for financial or e-commerce services.
And take care of your cybersecurity
Insist on prevention as the first and most important line of defense , exercising due caution when browsing websites; installing applications; receiving emails and attachments; downloading or using social media; ensuring that your operating system and applications are always updated; and using a good security solution. We recently published a special feature with general security tips for Windows and Linux computers, which we recommend you review.
And be extremely careful with ransomware and phishing . These are undoubtedly the two most common types of attacks and are dangerous for client computers. Most infections occur because the user opens a malicious application or program that can come from any source, especially common ones such as a web browser (adware deployment, redirection to a malicious website, etc.), an email that instead of being attached includes a link to Mega, Google Drive, or Dropbox that leads to malware, or messaging services in the case of mobile attacks, which are increasingly widespread.
A common characteristic of all ransomware is that they block computer operations by seizing files with strong encryption and demanding a ransom payment from the organization, business, or user to release them . The big problem is that once infected, there's no solution unless that particular type of ransomware has been decrypted, something that usually takes years to accomplish, and file recovery is complex. It's often seen in combination with phishing attacks, the second major threat, and one for which extreme caution is also advisable.
Post
Nessun commento:
Rispondi commenti