Threat Watch

News      Security Home      [?]

Quick Links ISS Sitemap ISS Home Digital Media Email IP Telephony Learning Zone Mobile Devices Network Printing Report Faults Remote Access Security Service Matrix Software Support Training Unix Video Conf Windows

Lancaster University the Web

Lancs Home >  ISS Home >  Security >  Threat Watch

Cleaning Up After a Computer Malware Attack 

If you think you have a computer virus and you are running Symantec Endpoint Protection, do the following:

1. click 'Start' button then 'Programs' then 'Symantec Endpoint Protection' option then 'Symantec Endpoint Protection' program:
   1. select the 'Scan Computer' on the left - see list of disks appear on right.
   2. select the hard disk(s) - see ticks appear in the boxes.
   3. click on the 'Scan' button - see disk be scanned for viruses.
   4. follow instructions - for more info on running Symantec Endpoint Protection see Running Symantec Endpoint Protection.
2. if asked if you want to repair any viruses, answer 'Yes'.

Symantec Endpoint Protection will fail to clean-up many of the current viruses. To clean these 'hard to disinfect' viruses you will need one of the (free) special tools that Symantec make available.

1. use Symantec Endpoint Protection to identify the virus.
   If you have already run Symantec Endpoint Protection:
   1. click on the 'Histories' menu the 'Virus Histories' option and note down the virus name - you may well have to scroll right.
   2. If necessary use an online anti-virus program to identify the virus.
2. go to Symantec's 'threat response' website.
3. locate the appropriate removal tool web page and print it.
4. download the 'removal tool' to your desktop.
5. if recommended - download the appropriate patch for Windows.
6. disconnect yourself from the network by unplugging your network connection.
7. if you have Windows XP - follow instructions to disable the 'System Restore' facility.
8. run the 'removal tool' - it will check all the files on your hard disk and remove all traces of the virus.
9. if recommended - install the Windows patch.
10. reconnect to the network
11. ensure your copy of Symantec Endpoint Protection program is up-to-date with the latest anti-virus definitions.
12. run a full disk scan of your hard disk using Symantec Endpoint Protection.

If you have a problem with the above instructions or there is no 'special tool' available for the virus that has infected your PC - call the ISS Service Desk on x10987.

[ Top ]

If Symantec Endpoint Protection Does Not Work

Many viruses attack Symantec Endpoint Protection and sometimes you can not use it to even detect a virus.

Online Virus Scanners - if the affected PC can go 'online' you can use online virus checkers to check and in some cases repair a virus.

After a Virus Attack & Clean-up

Changing Your Password

A number of viruses install keylogging programs designed to steal your passwords. After you have cleaned a virus off your PC it is a good idea to change your password. Choosing a secure password is important, to help you select a secure password follow: Choosing a secure password.

Symantec Security Software

Always run the latest version of the anti-virus software and keep the 'virus definitions' up-to-date, as advised elsewhere on this site.

For information about the latest version: 'Symantec Security Software'.

 

Threats

 

Help & Tools

©Lancaster University:   ISS Governance     Computer User Agreement     Privacy & Cookies Notice    

Accessibility Help