Securing an Infected Computer

TL;DR

An infected computer is never truly secure. Your goal shifts from security to containment and recovery. Isolate the machine, scan thoroughly, remove malware, restore from backups (if clean), and change all passwords used on that device. Consider a full re-install as the safest option.

Steps to Improve Security After Infection

1. Isolate the Machine Immediately
   • Disconnect it from the network (Wi-Fi and Ethernet). This prevents further spread of infection.
   • If possible, power off the machine. Do not simply restart; a full shutdown is better to stop running processes.
2. Identify the Infection (if possible)
   • Look for ransom notes or unusual pop-up messages. These can give clues about the type of malware.
   • Check Task Manager (Windows: Ctrl+Shift+Esc; macOS: Activity Monitor) for suspicious processes consuming high resources. Be careful not to end legitimate system processes.
3. Scan with Multiple Antivirus/Anti-Malware Tools
   • Use a reputable antivirus program (e.g., Windows Defender, Malwarebytes, Bitdefender). Run a full scan in Safe Mode (see step 4).
   • Download and run a second opinion scanner like HitmanPro or Emsisoft Emergency Kit. These often catch things other tools miss.
4. Boot into Safe Mode
   • Windows: Restart your computer. As it restarts, repeatedly press the F8 key (or Shift+F8) until you see the Advanced Boot Options menu. Select “Safe Mode with Networking”. If that doesn’t work, search online for instructions specific to your Windows version.
   • macOS: Restart your Mac and hold down the Shift key until you see the login window. This boots into Safe Mode.
5. Remove Detected Malware
   • Follow the instructions provided by your antivirus/anti-malware software to quarantine or delete any detected threats.
   • Restart the computer after removal and run another scan to confirm everything is gone.
6. Restore from Backups (with caution)
   • If you have recent backups, restore your system only if you are certain they are clean. Restoring an infected backup will simply re-infect the machine.
   • Check the date of the backup to ensure it predates the infection.
7. Change All Passwords
   • Change passwords for all accounts used on the infected computer, including email, banking, social media, and any other important services. Do this from a clean device.
   • Enable two-factor authentication (2FA) wherever possible for added security.
8. Update Software
   • Ensure your operating system and all software are up to date with the latest security patches. This closes vulnerabilities that malware might exploit.
   • Enable automatic updates if available.
9. Consider a Full Re-install
   • The most reliable way to ensure complete removal of malware is to perform a clean re-installation of the operating system. This will erase all data on the hard drive, so back up any important files (if you are confident they aren’t infected) before proceeding.
   • Download the latest OS installation media from the official source.
10. Monitor for Re-infection
    • After taking these steps, continue to monitor your computer for any signs of re-infection. Run regular scans and be cautious about opening suspicious emails or downloading files from untrusted sources.

Important Note: Even after following these steps, there is no guarantee that the infected machine is completely secure. A full re-install is always the safest option.