Malware infection on your device? Here are 8 steps to take after the attack

by | July 20, 2021 | How to

Malware infections have increased these past few years, and that is not a secret anymore! So, although we might think that the Internet is a safe place where we can spend our time, it’s actually full of risks and threats around every corner. If you own a company, you should protect yourself and prevent such attacks from happening, as they can destroy your business. How do you react when you actually find malicious software on your device(s)? Well, that’s why we’re here, to show you some basic steps to do after the attack occurred!

What other kinds of malware you need to know about?

Malware comes in many different forms, but all of them put your data at risk! “Virus” is basically the term used to describe all the “nasty stuff” that finds its way to your computer and infects it. However, the correct term is actually malware, and there is lots of it:

Detecting the symptoms of infection

Although you may have an antivirus program that detects the infection for you, it might not catch everything if it is not updated with the latest definitions. Even if it is updated, some might not detect the new types of infections that might appear over night, also called 0-day infections. And that is why it is better to know what to look for than depending on software.

1. Hijacking of homepage and search engine

Have you casually opened your computer one day and notice that your homepage redirects you to some weird websites? Or that your default search engine has been replaced by one that you’ve never heard of before? These are early signs of malicious activity on your computer.

2. Pop-up ads everywhere

Although they are not as common as they used to be, adware programs still bombard their victims with pop-up ads. It may be ads for legitimate products, but other times they contain links to malicious websites in an attempt to drop more malware on your device. If you’ve noticed these pop-ads often lately, it might be a good indication that you’ve been infected with malware.

3. Slow computer

One thing is internet connectivity issues, and another thing is your computer is always running slow, whether you’re online or offline. Malware running in the background would most definitely cause your computer to slow down, especially when it’s mining crypto or using your device to infect others.

4. Unfamiliar programs/toolbars

Another sign of infection is the presence of toolbars in your browser you’ve never installed. If they showed up unannounced, it was either your bad program installation habits, or it snuck its way onto your computer.

5. Ransom screen

ESET has researched the BadRabbit ransomware and believes the malware is spreading through fake flash updates. The majority of victims targeted are large companies in Russia, followed by Ukraine, Bulgaria, Turkey, and Japan.
ESET has researched the BadRabbit ransomware and believes it is spreading through fake flash updates. The majority of victims targeted are large companies in Russia, followed by Ukraine, Bulgaria, Turkey, and Japan.

We hope you’ll never see this one, as it most certainly spells trouble. If you’re greeted with a sign claiming that your files have been locked and you need to pay a ransom in order to get access back to your data, it’s a clear sign you have installed ransomware.

What to do after the infection?

I know that your first response after detecting the infection might be to panic and worry, therefore, being more vulnerable. However, this does not mean you can’t protect your data and remove the infection from your computer. That is why we’ve laid for you some steps you need to take after you or your anti-virus software detected malware on your system!

1. Disconnect from the Internet

The best way to put an immediate stop to the attack is to disconnect from the Internet immediately. If you’re connected via Wi-fi, phone, or Ethernet cable, you need to disable the connection as soon as possible to prevent data from being sent to the attacker. You can do that by physically unplugging from the router of the network connection and also disabling the connection on your device, following the next steps:

  • Click on the “Start” menu
  • Click on “Settings”
  • Select “Network Connections” (from settings)
  • Right-click and select de “Disable” option

After doing this, you might consider contacting the IT department as soon as possible. They, then, will know what to do to stop the infection from spreading or compromising the company’s data or your personal information.

2. Enter safe mode

If malware is set to load automatically, entering safe mode will prevent the malware from loading, making it easier to remove. To enter safe mode, follow these steps:

  • Restart your PC
  • When you see the “sign-in” screen, hold down the Shift key and  select Power → Restart
  • After your PC restarts, to the “Choose an option” screen, select: Troubleshoot → Advanced Options → Startup Settings
  • On the next window, click the Restart button and wait for the next screen to appear
  • A menu will appear with numbered startup options. Select number 4 or F4 to start your PC in Safe Mode.

Pro tip: avoid logging into accounts while malware is removed to avoid sharing your personally identifiable information.

3. Check your activity monitor for malicious applications

If you have installed a suspicious application, close it if it’s running. Your activity monitor shows the processes running on your computer, so you can see how they affect your computer’s performance.

In Type search  → Resource Monitor → Find End Task → Right Click → End Process

4. Scan your device

Luckily, malware scanners can remove many of the infections. However, keep in mind that you should use a different scanner for the malware attack if you already have an antivirus program active on your computer. Ant that is because your current antivirus software may not detect the malware initially.

5. Fix your web browser

It may happen that malware is going to modify your browser’s homepage to re-infect your PC. Check your homepage and connection settings using the next steps (for Chrome and common browsers):

  • In the top right corner of your Chrome browser, click More → Settings
  • Select the dropdown menu in the “Search engine” section.
  • Verify your default homepage

6. Clear your cache

After verifying your homepage setting, it’s important to clear your browser cache. Learn how to clear your cache from Chrome following the steps below:

History → Clear Browsing Data → Time Range → All Time → Clear Data

7. Backup your files

Creating a backup for your files and folders is a good practice. As the purpose of the attack is usually to steal information or that, there is a great possibility that files may be lost or destroyed in the recovering process. Therefore, you can make backups by using backup software, another hard drive, flash drive, and so on.

8. Change your passwords

Eventually, it would be best to change your passwords to make sure that no information was potentially obtained. However, at the same time, your computer was infected and can be used against you and cause even more damage.

Final thoughts

Online security risks are common and can cause a lot of damage in the event of an attack. Although we cannot control the behavior of cybercriminals, we can take necessary measures to protect ourselves and minimize the risk of becoming a victim of attacks by installing good Internet security software, backing up our data, and being vigilant. 

by Andreea Popa

Content writer for Attack Simulator, delivering your daily dose of awareness for cyber security! Love to write passionately about any subject and my mainly inspiration are people's stories. You can also find me on social media, for some more friendly things!

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.