How to handle a possible attack with cool deliberation.
It almost always happens behind the scenes, undetected. But sometimes the computer acts differently than usual. When it does, it may have been attacked by malware.
The main thing is to keep your cool even if a ransomware warning screen is your first sign that something has gone wrong. The chances are that you can eliminate the threat and minimize data loss.
Keep calm and avoid reacting hastily
- Use our guide to analyze your situation. There is no reason to panic or get frantic.
- As long as you believe that something is wrong, keep your mind on that problem alone. You should also not use the computer any more until the problem has been resolved.
- Keep your computer on, save your work, and close all open files and programs. If you restart the computer, only its working memory will be deleted, not any programs or files. There is also a risk that it will be impossible to access the computer after a restart.
- Do not simply delete files or software from your computer, even if you suspect which file carried the malicious software. This may be precisely the wrong option to take.
How to check for an actual malware attack
For example, if a warning appears telling you to pay ransom, the diagnosis is clear. But the situation is not always so straightforward. Not every malfunction or strange behavior stems from a virus.
- Save your work and close all open files.
- Launch the virus scanner installed on your computer and check whether there are recent updates for it. If so, run the update.
- If the virus scanner finds something, it will list the programs found. Write down the name of the malware identified.
- Search online for tips on removing the malware using a different computer or your smartphone.
How to get rid of malware
How you remove a threat from a computer depends on what type of threat it is. Depending on how serious the damage was, you may under certain circumstances have to try several different operations.
Check the system with a rescue CD
Many developers of antivirus solutions offer free downloadable rescue CDs. These generally contain a separate operating system, along with tools to check the computer. Here’s how to work with them:
- Download the rescue CD onto a different, uninfected computer.
- Create a (recovery) CD or a bootable USB stick according to the instructions available on the provider’s download page.
- Shut down the infected computer and reboot it with the rescue CD or USB stick loaded.
- The recovery software usually asks you to run an update. Do as recommended to get the latest options for the security tools. To do this, it needs an internet connection.
- Then follow the next instructions on the computer screen. The recovery software searches your computer and removes the threats that it finds.
Once the threats have been removed, take the recovery CD or USB stick out and restart your computer. To be on the safe side, you can then run another full virus scan. This removes any other possible threats.
Remove spyware or Trojans
Malwarebytes Anti-Malware is an example of a program that specializes in detecting and tracking down Trojans and spyware. It is recommended often, and a free version of it is available. If you suspect that your computer is infected with a Trojan, Malwarebytes Anti-Malware can most probably identify and remove the threat.
- Download the free version onto your computer from the provider’s website and install the program. After launch, Malwarebytes Anti-Malware runs an automatic update of the software.
- After updating, Malwarebytes Anti-Malware will start. Click on “Check now”.
- Malwarebytes Anti-Malware will then begin scanning your computer. This process may take several minutes, depending on how many files you have saved.
- If the software finds infected elements, they will be summarized in a list. Highlight these elements in the list.
- Choose “Remove selected” from the commands to remove the threats.
Restore Windows to an earlier date
Windows automatically creates restore points at regular intervals. If the system was infected with a threat, for example because a program was installed, it can be removed again. To do this, reset the operating system of your computer to an earlier date that you think came before it was infected.
This is how resetting a restore point works:
- Click the Start button.
- Type “System Restore” in the search field and then select the result.
- In the next dialog box, the most recent restore point is selected by default.
- If you do not want to use this, click the option below, select an older restore point, and then click “Next”.
- Then click on the “Finish” button to launch the System Restore operation. It only takes around a minute for your computer to relaunch.
Unfortunately, it is possible that none of these steps will be successful. In such cases, the only remedy is to re-install the operating system. During the installation process, all data stored on the system is deleted. This is precisely why it is important to back up your data regularly to an external hard drive or the cloud, because a current backup minimizes the loss of data in the event of a fresh installation.
Let friends and acquaintances knowIf you have successfully removed the infection from your system, let everyone with whom you have exchanged data over recent days know. It is conceivable that your computer helped to spread the virus.