What should I do if my computer has been compromised?
Submitted by katherine.boucher on Thu, 09/30/2010 - 15:39
By: Kaspersky Américas on 30/09/2010
It’s not always easy to tell if your computer has been
compromised. More than ever before, the
authors of viruses, worms, Trojans and spyware are going to great lengths to
hide their code and conceal what their programs are doing on an infected
computer. That’s why it’s essential to
follow the advice given in this guide:
in particular, install Internet security software, make sure you apply
security patches to your operating system and applications and backup your data
It’s very difficult to provide a list of characteristic symptoms of a
compromised computer because the same symptoms can also be caused by hardware
and/or software problems. Here are just
a few examples.
• Your computer behaves strangely, i.e. in a way that you haven’t seen before.
• You see unexpected messages or images.
• You hear unexpected sounds, played at random.
• Programs start unexpectedly.
• Your personal firewall tells you that an application has tried to connect to
the Internet (and it’s not a program that you ran).
• Your friends tell you that they have received e-mail messages from your
address and you haven’t sent them anything.
• Your computer ‘freezes’ frequently, or programs start running slowly.
• You get lots of system error messages.
• The operating system will not load when you start your computer.
• You notice that files or folders have been deleted or changed.
• You notice hard disk access when you’re not aware of any programs running.
• Your web browser behaves erratically, e.g. you can’t close a browser window.
Don’t panic if you experience any of the above.
You may have a hardware or software problem, rather than a virus, worm
or Trojan. Here’s what you should do.
• Disconnect your computer from the Internet.
• If your computer is connected to a local area network, disconnect it from the
• If your operating system will not load, start the computer in Safe Mode (switch
on the computer, press and hold F8, then choose Safe Mode from the menu), or
boot from a rescue CD.
• If you don’t have a recent backup, back up your data.
• Make sure your anti-virus signatures are up-to-date. If possible, don't download updates using the
computer you think is compromised, but use another computer (e.g. a friend’s
computer). This is important: if your computer is infected and you connect
to the Internet, a malicious program may send important information to a remote
hacker, or send itself to people whose e-mail addresses are stored on your
• Scan the whole computer.
• If a malicious program is found, follow the guidelines provided by your
Internet security vendor. Good security
programs provide the option to disinfect infected objects, quarantine objects
that may be infected, and delete worms and Trojans. They also create a report file that lists
the names of infected files and the malicious programs found on the computer.
• If your Internet security software doesn't find anything, your machine is
probably not infected. Check the
hardware and software installed on your computer (remove any unlicensed
software and any junk files) and make sure you have the latest operating system
and application patches installed.
• If you have any problems removing malicious programs, check your Internet
security vendor’s web site for information on any dedicated utilities that may
be needed to remove a particular malicious program.
• If necessary, contact your Internet security vendor’s technical support
department for further advice. You can also ask them how to submit a sample
file for analysis by a virus researcher.