Help Guide for Computer Viruses and Malware and Detection, Removal, and Prevention

Types of Malware You Should Know

Viruses

Self-replicating programs that attach to legitimate files and spread when those files are shared.

Signs: Unexpected file corruption, programs not working, slow performance.

How they spread: Email attachments, infected files, USB drives.

Trojans

Malware disguised as legitimate software. You think you're installing something useful; you're actually installing malware.

Signs: Programs you don't remember installing, strange system behaviour.

How they spread: Fake software downloads, email attachments, compromised websites.

Spyware

Software that secretly monitors your activity—keystrokes, websites visited, files accessed.

Signs: Often no obvious signs (that's the point), but watch for unknown programs running.

Danger: Credentials stolen, sensitive data exposed, corporate espionage.

Adware

Software that displays unwanted advertisements, often by hijacking your browser.

Signs: Pop-up ads, new toolbars, homepage changed, ads appearing where they shouldn't.

How it gets in: Bundled with free software, browser extensions, compromised downloads.

Worms

Self-replicating malware that spreads across networks without needing to attach to files.

Signs: Network slowdowns, unexplained bandwidth usage, same infection appearing on multiple computers.

Danger: Can spread across your entire network rapidly.

Rootkits

Malware designed to hide itself and other malware from detection, often by compromising the operating system itself.

Signs: Difficult to detect—that's their purpose. Antivirus not working properly, system behaving strangely despite appearing clean.

Danger: Very difficult to remove; may require complete reinstall.

Cryptominers

Malware that uses your computer's resources to mine cryptocurrency for criminals.

Signs: Very slow performance, high CPU usage, computer running hot, fans constantly running.

How they get in: Compromised websites, malicious downloads, browser-based mining scripts.

Signs Your Computer Might Be Infected

Definite Warning Signs

• Antivirus disabled and won't turn back on
• Ransom message demanding payment
• Unknown programs installed
• Browser redirecting to strange sites
• Pop-ups when browser is closed
• Files encrypted or missing
• Contacts receiving emails you didn't send

Suspicious Signs (May Be Malware)

• Computer suddenly much slower
• Programs crashing frequently
• Strange error messages
• High network activity when not doing anything
• New browser toolbars or extensions
• Homepage changed without your action
• Hard drive light constantly active
• Fans running at high speed constantly

Probably Not Malware

• Slow computer (often just age, full hard drive, or too many programs)
• Occasional crashes (software bugs, driver issues)
• Spam email (annoying but not infection)
• Slow internet (usually ISP or router issues)

What to Do If You're Infected

Step 1: Disconnect from Network

Prevent the malware from:

• Spreading to other computers
• Sending data to criminals
• Downloading additional malware

How: Unplug ethernet cable and turn off WiFi.

Step 2: Don't Panic

Most malware is removable. Don't:

• Pay any ransom demands (yet—see ransomware guide)
• Call phone numbers shown in pop-ups (often scams)
• Download random 'cleaning' tools (often more malware)

Step 3: Run a Scan (If Possible)

If your antivirus still works:

• Run a full system scan
• Follow removal prompts
• Restart and scan again

If antivirus is disabled:

• Download a standalone scanner on another computer
• Transfer via USB (scan the USB first on the clean computer)
• Boot into Safe Mode for scanning

Recommended free scanners:

• Malwarebytes (malwarebytes.com)
• HitmanPro (hitmanpro.com)
• ESET Online Scanner (eset.com)
• Microsoft Safety Scanner (microsoft.com)

Step 4: Boot into Safe Mode

Safe Mode starts Windows with minimal programs, making malware easier to remove.

Windows 10/11:

1. Hold Shift while clicking Restart

2. Choose Troubleshoot > Advanced Options > Startup Settings

3. Click Restart

4. Press 4 or F4 for Safe Mode (5 or F5 for Safe Mode with Networking)

In Safe Mode:

• Run antivirus/malware scans
• Uninstall suspicious programs
• Remove suspicious browser extensions

Step 5: Check for Remaining Problems

After removal:

• Restart normally
• Run another scan
• Check browser settings (homepage, search engine)
• Remove unknown browser extensions
• Check startup programs
• Monitor for returning symptoms

Step 6: Change Passwords

Assume credentials may have been stolen:

• Change passwords for email, banking, important accounts
• Use a different (clean) device to change them
• Enable two-factor authentication where possible
• Watch for suspicious account activity

Step 7: Consider Professional Help

Seek professional help if:

• You can't remove the malware
• It keeps coming back
• System behaves strangely after 'cleaning'
• You suspect data theft
• Business-critical systems are affected

When to Wipe and Reinstall

Reinstall Is Best When:

• Rootkit suspected (hides from scanners)
• Multiple removal attempts failed
• System still behaves oddly after cleaning
• You're not sure it's fully gone
• Business-critical system that must be trustworthy

How to Reinstall Properly

1. Back up important files (scan them on another computer first)

2. Note down installed programs (you'll need to reinstall)

3. Create installation media (download Windows from Microsoft)

4. Format and reinstall (full format, not quick)

5. Install updates immediately (before doing anything else)

6. Restore files carefully (scan backup files before restoring)

7. Reinstall programs from legitimate sources

The nuclear option is sometimes the cleanest option.

Prevention: Keeping Malware Out

Essential Protection

1. Use Security Software

For business:

• Business-grade antivirus (Bitdefender, ESET, Sophos)
• Not just Windows Defender (adequate for home, limited for business)
• Keep definitions updated (automatic)
• Ensure it's actually running

2. Keep Everything Updated

• Windows updates (automatic)
• Browser updates (automatic)
• Application updates (check monthly)
• Firmware updates (routers, etc.)

Most malware exploits known vulnerabilities in outdated software.

3. Be Careful What You Click

Most malware requires you to do something:

• Open an attachment
• Click a link
• Download a file
• Enable macros

Rules:

• Don't open unexpected attachments
• Verify unexpected requests (call sender)
• Download software only from official sources
• Be suspicious of urgency ('Act now!')

4. Use Strong, Unique Passwords

• Different password for each account
• Use a password manager (Bitwarden, 1Password)
• Enable two-factor authentication everywhere

Additional Protection

Email filtering:

• Use business email with good spam filtering
• Block dangerous attachment types
• Consider advanced email security

Browser security:

• Use a modern browser (Chrome, Firefox, Edge)
• Install an ad blocker (blocks malicious ads)
• Be wary of browser extensions
• Don't save passwords in browser (use password manager)

Network security:

• Change default router passwords
• Use WPA3 or WPA2 for WiFi
• Consider a firewall (hardware or software)
• Segment guest WiFi from business network

User practices:

• Don't use admin accounts for daily work
• Don't install software without approval
• Lock computers when stepping away
• Report suspicious activity immediately

Staff Training

What Staff Should Know

Recognise phishing:

• Unexpected emails asking for action
• Urgent language ('Your account will be closed!')
• Requests for passwords or payment details
• Links that don't match the supposed sender
• Poor spelling/grammar (but not always)

Safe practices:

• Verify unexpected requests (call the sender)
• Don't plug in unknown USB drives
• Report suspicious emails to IT/management
• Keep work and personal separate
• When in doubt, ask

What to do if they click something bad:

• Don't hide it (time matters)
• Disconnect from network
• Report immediately
• The company would rather know

Training Options

Free resources:

• NCSC small business guidance (ncsc.gov.uk)
• Cyber Aware campaign materials
• Your IT provider may offer training

Paid training:

• KnowBe4, Proofpoint, Mimecast (security awareness platforms)
• Local IT companies often provide training
• £20-50/user/year typical cost

Simulated phishing:

• Send fake phishing emails to test staff
• Identify who needs more training
• Many platforms offer this (KnowBe4, etc.)

For Mac Users

'Macs Don't Get Viruses' Is a Myth

Macs are less targeted but not immune:

• macOS malware exists and is increasing
• Many threats are cross-platform (browser-based, phishing)
• Social engineering works on any operating system

Mac-Specific Advice

Protection:

• Use antivirus (Malwarebytes for Mac, Sophos Home)
• Keep macOS and apps updated
• Don't disable Gatekeeper
• Be cautious with App Store alternatives

Removal:

• Malwarebytes for Mac (free scanner)
• CleanMyMac (paid, good for cleanup)
• Activity Monitor to check for suspicious processes

The Bottom Line

Malware is a real threat, but manageable:

Prevention:

• Use proper security software
• Keep everything updated
• Train staff to recognise threats
• Be careful what you click

If infected:

• Disconnect from network
• Run scans in Safe Mode
• Change passwords
• Consider wiping if uncertain
• Get help if needed

Remember:

• Most infections come from human error
• Basic precautions prevent most threats
• Quick response limits damage
• When in doubt, ask for help