If you think you have suffered an infection the first thing to do is turn the computer off - the longer it is on, the more harm that can be done.   Don't panic - almost all problems can be removed without a significant loss of data as long as further damage is prevented. 

When an infected PC is received the first task is to remove the hard disk drive from the case and mount it on another (isolated) machine.  This is done

• to enable an image backup of the entire disk to be taken before any disinfection work is done,

• because if the infected disk is used as a boot device, viruses can be implanted in memory and thwart attempts to remove them (this is how anti-virus products are sometimes disabled),

• to avoid any files being locked from access by a cleaning tool,

• as rootkit type attacks are invisible in normal operation.

After the initial backup has completed a series of tools are employed to search out files and boot sectors of the disk which have been infected.  Each infection is identified by a virus family name and variant, and the appropriate removal techniques employed; often this is an automated process, but sometimes manual editing of registry entries and reconstituting files is necessary.  Only in the rarest of circumstances is a reformat and loss of files and/or settings necessary.

If the original full operating system and drivers CDs are available, the recovery process is sometimes faster.  This is one reason why bespoke PCs are usually preferable to their off-the-shelf cousins.  If not, it is usually possible to locate alternate sources of files that have been compromised, but this takes a little time. 

After viruses have been located, identified and disinfected, we replace the hard disk drive in the original chassis, scan for other types of malware (adware, spyware, tracking cookies etc.) and strip those out.  This has to be done for each account individually, so the fewer accounts there are the faster we can do this.  It is necessary to disable system restore for this so that protected restore points do not harbour infection.

At the end of a virus removal job we apply the latest operating system security patches and, if requested, take a backup copy of all files on the disk, as that will be invaluable should the disk fail, a file get accidentally deleted, or another virus attacks.  Lightning can strike twice !

We run multiple tools to be sure that all viruses are completely disinfected and then apply some immunization to help avoid some further attacks.  Please ask for advice on the currently most favoured anti virus and firewall products - they can be installed for you if you wish, once the bad stuff has been expunged.  They are essential to protect the PC from further infections but they can never be 100% effective.  It is therefore necessary regularly to make sure that the latest security patches are applied to the operating system as outlined in our housekeeping schedule.

Even after all viruses and malware have been removed, traces of cross contaminated files can remain.  We run all main programs (except e-mail) to try and locate any lingering problems, but as there are infinite paths through most programs some may be missed.  After the computer is returned we ask all clients to check thoroughly for problems and let us know within a couple of days if any are found.  These are then rectified without further charge.

At the end of each job an information sheet is made available.