If you think you have suffered an infection the first thing to do is turn the computer off.   Don't panic - almost all problems can be removed without a significant loss of data as long as further damage is prevented.  We run multiple tools to be sure all viruses are completely disinfected.  We will also confirm that lesser malware (spyware, adware etc) is eliminated, and apply some immunization to prevent further attacks.  Please ask for advice on the currently most favoured anti virus and firewall products - they can be installed for you if you wish, once the bad stuff has been expunged.

The first task when handling a PC with a suspected virus is to remove the hard disk drive from the case and mount it on another (isolated) machine.  This is done

• to enable an image backup of the entire disk to be taken before any work is done,

• because if the infected disk is used as a boot device, viruses can be implanted in memory and thwart attempts to remove them (this is how anti-virus products are sometimes disabled),

• to avoid any files being locked from access by a cleaning tool,

• as rootkit type attacks are invisible in normal operation.

After the initial backup has completed a series of tools are run to search out files and boot sectors of the disk which have been infected.  Each infection is identified by a virus family name and variant, and the appropriate removal techniques employed; often this is an automated process, but sometimes manual editing of registry entries and reconstituting files is necessary.  Only in the rarest of circumstances is a reformat and loss of files and/or settings necessary.

If the original operating system and drivers CDs are available, the recovery process is faster and therefore, cheaper.  This is just one reason why bespoke PCs are usually preferable to their off-the-shelf cousins.  If not, it is usually possible to locate files which have been compromised, but this takes a little time. 

At the end of a virus removal job we apply the latest operating system security patches and, if requested, take a backup copy of all files on the disk, as that will be invaluable should the disk fail, a file get accidentally deleted, or another virus attacks.  Lightning can strike twice !

Occasionally, removing a virus or other malware will result in one or more files being corrupted, causing a program to demonstrate unexpected behavior or fail to run at all.  In this situation the failing program will need to be reinstalled, so retaining product registration keys and installation CDs is useful.

There's a very informative dissertation about computer viruses over at Wikipedia.