Disinfecting Viruses At Your
Business
By Bob Seidel
The sad fact is that computer viruses are here to stay. We could debate why this is endlessly, but that will not help the situation any. Another sad fact is that if everyone – you, your friends, other companies – had followed a few simple rules, and had faithfully installed and maintained your computer anti-virus software, there would be no problem at all. But asking why that didn’t occur is equally fruitless. All we can do is to understand the problem and to move forward.
Fortunately, there is a large, multi-company effort to fight viruses. You have probably heard of Norton Anti-Virus by Symantec, or McAfee Anti-Virus software. But there is also an organization called CERT at Carnegie Mellon University that is a major focal point for the sharing of virus information. The expertise to fight the virus war exists – we need to know how to use it properly.
The starting point for our work is the assumption that the computers on your business network are already infected by computer viruses. This assumption can be easily made based on two points: (1) that you are reading this paper and (2) that any unprotected computer reading e-mail is almost certainly already infected. So, what do we do about the problem?
The reaction that I get from companies in this situation is almost shock. The first question they ask is “Why did this happen to me?” and the second question is “How much is it going to cost to fix it?” At that point, they begin to stare at me as if I was the enemy, especially when I tell them that the damage has already been done and that it may not be fixable at all, at any price.
We have to be positive, and have to move forward. I can outline the steps to take, and I can estimate the cost. But you have to realize that the cost of virus remediation may in fact approach the cost of getting new PCs for your company. At that point, sticker shock sets in. I will work with you to understand and minimize the costs, but I can’t eliminate the problem without extensive work.
The first thing you need to come to grips with is that viruses cause damage and that damage may not be repairable, at any cost. A virus could easily do the ultimate damage – completely erase your hard drive. But they don’t do that, because it frankly wouldn’t be any fun. The authors of these viruses would rather be far subtler, hanging around in the background, causing continual problems with your PC, and most importantly infecting other computers. If they erased your hard drive, you would have to restart from scratch and the virus would be gone from your computer; something they don’t want to happen.
Once resident in your computer, the virus can frankly do anything it wants to do. Primarily, they erase files on your hard drive. But they can also alter settings for Windows and affect the running of other programs. One of the worst things they do is to prevent subsequent installation of anti-virus software (their enemy).
So, even if we are able to disinfect your computer, you have lost files, perhaps critical files, and your Windows installation may be corrupted. If you do not have backups for your files, your data may not be able to be recoverable at all. You may have to reinstall Windows.
Once we embark on virus disinfection to your business, there are critical steps that have to be taken. If not done correctly, or in the correct sequence, your computers will re-infect themselves, thereby wasting your time and money.
Your company workflow is going to be affected. Primarily, we would need to shut down your network for an extended period of time. The actual disinfection process will require that your PC users give up their computers for perhaps several hours. If you are not prepared to disrupt your workflow to perform the virus disinfection, we might as well stop right here.
A good rule of thumb would be that it will take a minimum of 1-2 hours PER PC to disinfect your system, and all computers must be done at the same time. So, you might as well allocate a day or more to the effort. This means a day in which your people are NOT going to be able to access their computers or data.
You must install anti-virus software on each PC in your company. This will cost approximately $50 per PC per year. BSC labor costs will be discussed with you, and will probably average 1-2 hours per PC to attempt disinfection. If it is required that we reformat the hard drive and reinstall Windows, there will be an additional 2 or more hours spent.
Unfortunately, there are none. BSC will make a best-can-do effort to disinfect your computers, but the viruses may have done permanent damage. The only ultimate technique would be to completely reformat the hard drives on each PC and reinstall Windows. But if you don’t have complete backups for your data, you may not be able to restore your data – making this technique unusable.
These are the steps that BSC will take to begin virus disinfection:
1. Take down your network; this means disconnecting all computers from the network switch. Computers can be added back to the network when disinfected. If you have a data server, we would usually begin with this PC.
2. Analyze each PC for the state of current virus infestation.
3. Use available tools to disinfect the PC so as to allow installation of Norton Anti-Virus. Once Norton has been installed, continue disinfection until clean.
4. Configure Norton for automatic virus update protection. Note that this requires a full-time connection to the Internet (cable modem or DSL) for automatic virus definition updates. If you do not have a permanent connection, you will be vulnerable to viruses in the future because you will not receive timely virus definition updates.
5. Configure email for each PC to minimize exposure to viruses.
6. Bring each disinfected PC back on the network when ready.
Once the process of immediate disinfection is completed, we would then get all your personnel together for a meeting to discuss what occurred and how to practice safe computing. We would also discuss your backup strategy and ensure that a viable backup policy is in place.
BSC can help disinfect your computers, but as stated above some damage may have been done. All you can do to detect the damage is to continue to work normally. Programs that fail may have to be reinstalled. Data that has been corrupted would have to be restored from backups or re-created if possible. If your Windows system becomes unstable, we will have to reinstall Windows.
BSC will work with you during this phase, but please bear in mind that this is an open-ended effort and that the hours spent in this process can mount quickly.
Virus eradication is going to be costly. Once completed, you need to establish very direct and explicit controls within your organization to prevent future infestation, including backups. But please be assured that you are doing the right thing, and that if all business and individuals had the proper virus protection there would be no virus problem.
BSC is looking forward to working with you to accomplish these goals.