Featured Topics > Technology Basics

Has Your PC Caught a Virus?

What to do if you think your PC is infected

What if your computer suddenly shuts down by itself? Or you find that certain files are missing or won't open. Or that your programs begin to operate very slowly.

Such odd behaviour might be a sign of a common hardware or software problem. Or it might mean your PC is infected with a computer virus.

How do you tell which it is? If you have an IT expert at your company, your best move is to describe your computer's suspicious activity to this person and follow their advice. However, if you're on your own—as many small businesses operators are—here are a couple ways you can determine if it's a virus causing your problems.

Run the Malicious Software Removal Tool
"Malicious software" is the term used to refer to viruses, worms and Trojan horses —those small programs that disrupt your computer work and damage files. Microsoft offers the Windows Malicious Software Removal Tool as one way to shut down viruses if they get installed on your PC. The free tool allows you to quickly check computers running Windows XP, Windows 2000 and Windows Server 2003 for infections. However, it is limited to detecting only the most common types of malicious software currently in circulation.

You can and should run the Malicious Software Removal Tool routinely—even when you're not alarmed about a possible infection. When you launch the tool it scans your computer's memory for known malicious software and stops any malicious processes that it finds. It also deletes files and undoes system changes that are associated with malicious processes. The tool may ask you to restart your computer or perform certain manual steps. When the virus detection and removal process is complete, the tool displays a report describing the outcome.

You have several ways to run the Windows Malicious Software Removal Tool. You can use it online or download it to your computer and run it. You can also have it installed with other updates from Microsoft Update and then run it. A new version of the tool is released the second Tuesday of each month in order to catch the latest viruses.

Update Your Antivirus Software and Scan Your System
The Malicious Software Removal Tool only looks for a certain set of known viruses—the worst and latest offenders. It also only detects malicious software that is currently running. This means it might miss a virus that's not active or well-known. To compensate for these limitations, you should scan your system with your antivirus software to look for other types of viruses. (If you don't have antivirus software installed, obtain and install it immediately!)

One reason a virus may have slipped by your antivirus software is that you have not updated the software recently with the latest virus definition files. Before you scan your system, go to the software maker's site and download and install all available updates. If you cannot connect to the Internet to download updates, download the updates to a co-worker or friend's computer, copy them to a disk and then install them on your PC.

Also, before you start your scan, turn off the System Restore feature in Windows XP. This utility, which can restore your computer to an earlier state, backs up selected files automatically to the C:\_Restore folder. This means that an infected file could be stored there as a backup file and that your virus scan will be unable to delete it. You must disable the System Restore Utility to remove the infected files from the C:\_Restore folder.

To disable System Restore, right-click the My Computer icon on the Desktop and click on Properties. Click on the System Restore tab and place a check mark next to Turn off System Restore on All Drives.

Now proceed with the virus scan and follow any instructions for handling infected files that are found. If the antivirus program cannot remove a virus automatically, it should quarantine the infected file and then provide directions on how to manually repair the damage. Know that some viruses cannot be removed from infected objects. If a virus cannot be removed from a file, the file should be deleted.

Also remember to scan all disks and removable storage media that may be infected by the virus.

More Tactics to Try
If these scans fail to turn up evidence of a virus, here are some additional ideas for diagnosing if a virus has infected your PC.

Scan with a second antivirus product. Not all antivirus programs are equal. To see if the virus eluded the program you use, try scanning your computer with another virus program. And you can do this for free at some leading security company Web sites, where online scanning services are offered at no charge.

Monitor your network. If your computer acts like its online even when you're not using the Internet, this could be a sign of a virus at work. One way to more closely monitor your network activity is to put a network status light in your system tray which blinks during network activity. In Windows XP, choose Start, Control Panel, Network Connections, right-click the network connection you want to monitor. Then choose Properties, check Show icon in notification area when connected, and click OK.

If you discover you have a virus, or seriously suspect you do, you should immediately disconnect your computer from the Internet or any local network to avoid spreading it. And, if your computer continues to act oddly but no virus has been found, consider using the System Restore feature in Windows XP to return your system to an earlier state when it operated fine.

Product Links

Windows XP Professional

Windows Small Business Server 2003

Office Small Business Edition 2003

Tools

Product Advisor

Solution Advisor

Genuine Software Quiz

Malicious Software Tool (US link)


! Quick Tips

Establishing e-mail and Internet use policies can help ward off virus infections. For instance, you and your employees should know to delete any e-mail that looks suspicious, and to avoid downloading any unauthorised programs, documents or even screensavers.