10. My computer has a virus. What should I do FIRST?

If a virus is detected, or becomes obvious...

... first of all, detach the infected computer from the network or the Internet immediately, then shut it down using the usual procedure (if you can't shut it down easily, see FAQ 2). This protects the data on the machine from further damage or theft, and helps reduce the possibility of other machines on the same network becoming infected.

Please see FAQ 11 for help on how to deal with the infection itself. In a business environment, contact your helpdesk to alert them that a virus has been found.

Background

A virus infection is usually detected only if you have a resident anti-virus software on your computer. However, some business computer networks use advanced security tools. These monitor the network for suspicious activity, and alert an administrator if one of the computers on the network is exhibiting symptoms, even though neither the infected computer nor its user has been able to spot the infection.

It's unlikely that your own computer has no anti-virus software to protect it, but be aware that a virus isn't like a human cold. The computer versions often cause considerable damage to the system and the data stored.

They also inherently compromise security: modern viruses are rarely just pranks—the intention is usually criminal, to steal passwords and other important data, with a view to more damaging criminal activity later.

Viruses are often only detected when it is too late. Users may see an odd error message displayed on the computer screen, or it may trigger complete operational failure of the computer. Under these circumstances, complete recovery of damaged data can be technically very difficult. If the machine has been used for tasks like internet banking or web site administration, the incident must be considered of similar importance to, say, having bank cards stolen.