• Disable network sharing or disconnect infected computers from the local network and Internet.
• Set the F-Secure Anti-Virus real-time scanner (on-access scanner) disinfection action to "Disinfect Automatically". This is a very important step as the virus, being active in memory, will try to infect more files on the hard disk while it is being scanned. So newly-infected files need to be disinfected immediately.
• Scan ALL files (not just selected ones) on all hard drives with F-Secure Anti-Virus and the latest updates.
• Disinfect all infected files, delete all files that can't be disinfected. If disinfection of many infected files fails, then do not delete the files yet - send a few of them (not more that 5-8) to F-Secure Security Response Labs for examination. It might be that disinfection of that particular Virut variant is not available yet. In this case we will add disinfection shortly.
• Restart the computers after disinfection is complete. Restarting is important - it will destroy the active virus' code that was injected into system processes.
• Scan all files again to ensure that no more infected files are left on the hard drive(s). Repeat disinfection procedure if necessary.
• Disinfect all other computers connected to the same local network before enabling sharing or re-connecting to the network.
• Set the F-Secure Anti-Virus real-time scanner (on-access scanner) disinfection action to "Disinfect Automatically". This is a very important step as the virus, being active in memory, will try to infect more files on the hard disk while it is being scanned. So newly-infected files need to be disinfected immediately.
• Scan ALL files (not just selected ones) on all hard drives with F-Secure Anti-Virus and the latest updates.
• Disinfect all infected files, delete all files that can't be disinfected. If disinfection of many infected files fails, then do not delete the files yet - send a few of them (not more that 5-8) to F-Secure Security Response Labs for examination. It might be that disinfection of that particular Virut variant is not available yet. In this case we will add disinfection shortly.
• Restart the computers after disinfection is complete. Restarting is important - it will destroy the active virus' code that was injected into system processes.
• Scan all files again to ensure that no more infected files are left on the hard drive(s). Repeat disinfection procedure if necessary.
• Disinfect all other computers connected to the same local network before enabling sharing or re-connecting to the network.
