E-mail and Internet Accounts Guides

Office of Information Technology

OIT Resources

What to do if your computer is already infected with a virus

Please note: Many virus infections cannot be detected or repaired from within the affected system while it is running.

The most effective way to remove an infection is to erase (format or "wipe") the entire system drive, and then reinstall and secure your operating system and needed applications.

For a more detailed guide: refer to the Safe Computing guide "Securing a Personal Machine", Part Three: Attempt to Repair an Infected Computer.

  1. Preliminary Steps – To be done on a non-infected computer.  NOTE: Do not try to plug an infected computer into a working Ethernet jack on campus.
    1. If your computer does not have Symantec AntiVirus installed on it, download this at http://www.umn.edu/adcs/software/security/.  When you download it, choose the option to save the file onto your computer.
    2. Go to: http://securityresponse.symantec.com/avcenter/download/pages/US-SAVCE.html to download the latest Intelligent Updater virus definition package.  It is the link that ends with ".exe" (for Windows).
    3. Burn these two files, the AntiVirus installer and the Intelligent Updater, onto a CD.
    4. If you do not have access to a computer with a CD burner, you can purchase CD’s with these files at 1-HELP Walk-in Locations.
  2. Install Symantec Anti-Virus - NOTE: If your machine has other antivirus software installed, uninstall it before doing this step by going to the Control Panel and choosing Add/Remove Programs.
    1. If your machine does not have Symantec AntiVirus installed, install it using the file from step 1.a.  Choose the default options except do not run Live Update.  It will not work if your network connection has been disabled. 
    2. Run the Intelligent Updater file from step 1.b.
  3. Turn off System Restore – Windows XP and ME only
    1. Right click on My Computer and choose properties.
    2. Click on the System Restore tab
    3. Place a check mark in the box for “Turn Off System Restore”
  4. Boot your computer into Safe Mode
    1. Restart your computer.
    2. While your computer is rebooting, press F8 to bring up a menu of boot options.  NOTE: You must press F8 at the moment just before Windows begins to load.  Choose Safe Mode.
  5. Scan your computer
    1. Go to Start, Programs, Symantec Client Security, Symantec AntiVirus Client.
    2. Look on the lower right of the window to confirm that the virus defintion files are current (they shouldn’t be more than a week old).  If the files are not recent, call the 1-HELP Technology Helpline.
    3. Choose Scan, then Scan Computer.
    4. Select your local hard drive (usually the C: drive)
    5. Click  the Scan button.  NOTE: this can take a very long time.
    6. When Symantec AntiVirus finds an infected file, choose the option to remove the infection, or quarantine it if removal fails.  NOTE: It may take a day or two for Symantec to release virus definitions capable of detecting and removing new infections.  If the virus you are infected with is not detected by Symantec AntiVirus, please call the 1-HELP Technology Helpline, as we may have manual removal instructions available. 
  6. Get your connection turned back on
    1. If your Internet connection was turned off because of this infection, call 1-HELP and choose option 3 to have your Internet access turned back on.
    2. It can take up to two hours for Internet access to be turned back on depending on how busy the technicians are.
  7. Protect your computer from future threats
    1. Follow the instructions for protecting (securing) your computer from future infections.