How to recover from a computer virus infection
How to prevent future infections from computer viruses
Method 1: Use current antivirus softwareIf you suspect or if you confirm that your computer is infected with a virus, obtain current antivirus software.For more information about antivirus software vendors, click the following article number to view the article in the Microsoft Knowledge Base:
- If you do not have an antivirus program installed, you can use our free online virus scanning service. For more information, visit the following Microsoft Web site:
- If the antivirus program has stopped working, reinstall the antivirus program.
- Obtain the latest virus signature file from the antivirus vendor's Web site. For each new virus, antivirus vendors issue updates that protect the computer against newly discovered viruses.
- After a computer virus has been removed, scan the computer again to make sure that the virus has been removed. We recommend that you schedule the antivirus program to check the computer while the computer is not being used.
- You may have to format the computer hard disk, and you may have to reinstall the Windows operating system together with all the computer programs, if one or more of the following conditions are true:
- The antivirus software displays a message that the antivirus software cannot remove a computer virus.
- A computer virus damaged or deleted some important files on the computer. In this scenario, you may experience one or more of the following problems:
- The Windows operating system does not start, or some programs do not start.
- You receive error messages when the Windows operating system starts or when a program starts. These error messages indicate that there are damaged files or missing files on the computer.
- The problems that are described in this article persist after you run antivirus software, and the antivirus software reports that the computer is no longer infected. You are sure that a computer virus causes these problems.
Method 2: Use an Internet firewallA firewall is software or hardware that creates a protective barrier between the computer and potentially damaging content on the Internet. A firewall helps guard the computer against malicious users and against many computer viruses and computer worms.
Use a firewall only for network connections that you use to connect directly to the Internet. For example, use a firewall on a single computer that is connected to the Internet directly with a cable modem, with a DSL modem, or with a dial-up modem. You can use the same network connection to connect to the Internet and to a home network or to an office network. In this scenario, use a router or a firewall that prevents a computer that is connected to the Internet from connecting to the shared resources on the home computer or on the office computer.
Do not use a firewall on network connections that you use to connect to your home network or to your office network unless the firewall can be configured to open ports only for your home network or for your office network.
If you use your home network or your office network to connect to the Internet, a firewall can only be used on the computer or on another device, such as a router, that provides the connection to the Internet. For example, consider the following scenario:
- You connect to the Internet through a network that you manage.
- The network that you manage uses connection sharing to provide Internet access to multiple computers.
Note If you use a firewall on all computers on your home network or on your office network, you may be unable to search for other computers on your home network or on your office network. Additionally, you may be unable to share files with other computers on your home network or on your office network.For more information, click the following article number to view the article in the Microsoft Knowledge Base:
For Windows XP, for Windows Server 2003, Standard Edition, and for Windows Server 2003, Enterprise EditionOn a Windows XP-based computer, the automated part of the Microsoft Protect Your PC Web site can automatically do the following:
- Detect the Internet Connection Firewall (ICF) and configure the ICF
- Configure Automatic Updates settings
- Provide information about antivirus software
- Windows Server 2003, Standard Edition
- Windows Server 2003, Enterprise Edition
- Any version of Windows XP
For other versions of Windows
- For a Windows Server 2003-based server that is running Routing and Remote Access, use a basic firewall.
- For a Microsoft Windows 2000-based computer or a Windows Server 2003-based computer, use Microsoft Internet Security and Acceleration (ISA) Server 2000.
- For other versions of Windows, use a third-party hardware firewall or a third-party software firewall.
Method 3: Update your computerUpdates help shield your computer from vulnerabilities, from viruses, from worms, and from other threats as they are discovered. Steps that you can take to update your computer include the following:
- Install updates for Windows and for Windows components such as Internet Explorer, Outlook Express, and Windows Media Player. To do this, visit the following Microsoft Web site:For more information, click the following article number to view the article in the Microsoft Knowledge Base:311047 How to keep your Windows computer up-to-dateNote Microsoft Windows NT Workstation, Microsoft Windows 98, Microsoft Windows 98 Second Edition, and Microsoft Windows 95 have reached the end of their product support life cycles. Updates that were provided for these operating systems are available on an archived basis on the Windows Update Web site. However, Microsoft no longer offers technical support for these operating system releases. Therefore, consider upgrading to Windows XP Professional or Windows XP Home Edition so that you can take advantage of Automatic Updates and of other security features that have been introduced after the release of these older operating systems.
- Install updates for Microsoft Office programs. To do this, visit the following Microsoft Web site:
- Install updates for other third-party programs on your computer. For more information, contact the manufacturer of the third-party program. Additionally, install security updates for other Microsoft products that are on your computer, such as Internet Information Services (IIS), Microsoft SQL Server, Microsoft Exchange Server, and other products. To do this, visit the following Microsoft Web site:Note Network administrators can use the Microsoft Baseline Security Analyzer (MBSA) tool to centrally scan Windows-based computers for common security misconfigurations and to generate individual security reports for each computer that the MBSA tool scans. The MBSA tool can be used on computers that run Windows Server 2003, Windows 2000, and Windows XP. The MBSA tool can scan for security vulnerabilities on computers that run Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003. The MBSA tool scans for common security misconfigurations in the following items:
- The Windows operating system
- Internet Information Services (IIS)
- SQL Server
- Internet Explorer
- Microsoft Office
- The Windows operating system
- SQL Server
- Internet Explorer
- Windows Media Player
- Exchange Server
- Exchange 2000 Server
- If you are running a version of Microsoft Outlook that is earlier than version 2002, make sure that the Outlook e-mail security update is installed on the computer. For more information about the Outlook e-mail security update, visit the following Microsoft Web site:http://www.microsoft.com/downloads/details.aspx?FamilyID=96DF48A9-7638-429E-816E-35F16F6528CA&displaylang=ENNotes
- By default, Outlook 2000 post-Service Pack 2 and Outlook 2002 Service Pack 1 include the Outlook e-mail security update.
- Versions of Outlook 2000 that are before Service Pack 1 and Outlook 98 do not include the Outlook e-mail security update.
- If you are running Outlook Express, use caution when you open e-mail attachments.
- By default, Outlook Express 6 Service Pack 1 blocks access to e-mail attachments.
- Versions of Outlook Express that are earlier than Outlook Express 6 do not contain the functionality that blocks e-mail attachments. Use caution when you open unsolicited e-mail messages that contain attachments in versions of Outlook Express that are earlier than Outlook Express 6.
- Disable active scripting in Outlook and in Outlook Express.
Note By default, active scripting is disabled in Outlook Express 6, in Outlook 2002, and in later versions of Outlook. For more information about how to disable active scripting in Outlook Express, click the following article number to view the article in the Microsoft Knowledge Base:192846 OLEXP: How to disable active scripting in Outlook ExpressFor more information about how to disable active scripting in Outlook 2000, click the following article number to view the article in the Microsoft Knowledge Base:215774 OL2000: Scripts embedded in HTML messages run without warningFor more information about virus protection features in Outlook Express, click the following article number to view the article in the Microsoft Knowledge Base:291387 Using virus protection features in Outlook Express 6