What to do when my computer is infected

Why did the malware infect my computer?

Thanks to the Internet, a global communications network, it can be beneficial for criminals to operate in this area as well. Today's attackers are usually interested in:

• personal data, login names and passwords,
• contacts, email addresses (eg from the used mail program),
• license numbers of installed programs and
• Internet banking.

The long-term consequences of the malware infection include

• attacks on other victims over the Internet,
• sending spam,
• CPU utilization for attacker purposes and
• use of your computer to store attacker's data (eg warez).

How could this happen?

Client computers are usually exploited in several basic ways.

Installation of the malware personally by the user

Malicious files are often hidden in various freeware programs, which are often supposed to beautify the user's desktop, promising free antivirus protection or an accelerated Internet connection. Another case are the so-called cracks and keygens for commercial programs which require a license number (or another form of verification of the legality of a copy of the SW).

Using the computer without any active antimalware protection and operating system patches

If you browse the Internet on such a computer, it can get infected by only visiting any compromised site (some excellent link on Facebook), opening some infected document (mass forwarding of funny presentations), or some infected email or its attachment. Alternatively, the attacker can take advantage of any unpatched operating system vulnerabilities remotely over the network, so that he could break into your computer and you would have no clue about his presence.

How to behave in case of an attack?

The computer must be reinstalled. This (often very annoying) step is the safest way to get rid of malware. Simply disinfecting with one of the anti-malware programs may not be enough.

In order to reinstall your computer properly, you need to:

• realize that malware can still spread in the old-fashioned way, ie infect other programs on your computer. When reinstalling, you should only back up your data (doc, mp3, jpg, ...) and no installation files for your programs.
• Immediately after installing the operating system, you should:
  • properly set up Firewall,
  • install some Anti-malware solution,
  • install all updates to the operating system.
• If the device you are reinstalling is a server, you should check all scripts and applications. You will often find that the malware has spread in some form across the disk to other applications (eg to a php application similar to an exe file).
• After the reinstallation (or even before it, but from a secure computer), you should change all important passwords (Orion password, Internet banking password, etc.).
• Before returning your personal data into the computer, you should perform an anti-malware scan on them.
• Perform anti-virus scanning of all mobile devices (mobile phone, mp3 player, etc.) and data storage devices (USB disks, cameras ...).
• Think about how and when your computer could get infected and avoid doing such behavior next time.

How to prevent an attack?

You should follow some principles of safe behavior when using a computer:

• keep your Operating system and all of your applications up-to-date,
• always use an anti-malware software and firewall,
• do not work under the Administrator's account when doing only regular stuff,
• prefer secure Internet protocols (https, ssh, ftps apod.),
• manipulate with your passwords carefully,
• do not open any suspicious e-mails,
• use applications downloaded from trusted sources only,
• use legal software (there is a freeware alternative to almost any commercial software these days).
• Administrátoři serverů nebo většího počtu stanic by měli sledovat bezpečnostní zprávy týkající se jimi provozovaných produktů nebo jiné portály zabývající se aktuální bezpečnostní situace v internetu.
• The server administrators (or the administrators of a higher amount of computers) should read security-related news regarding the products used by them or any other portals that are focused on the current security situation on the Internet.