Skip Navigation Links 

U of A University Information Technology Services

Was this page helpful?
 [+]





...Or log into AskIT
and request help.

 

I think I have a virus; what should I do?

If the University IT Services Security Group detects a virus on your computer, you will be notified that your network connection to the internet has been disabled until the virus is eradicated. If you suspect you have a virus, or if you've been notified that you have one, below are some basic steps you can take to find and eradicate a virus.

  1. Verify the latest Symantec AntiVirus (SAV) software is installed and the Virus Definitions current. The Virus Definitions File should be no more than two weeks old. To verify the last virus definitions update, open SAV from your programs list. The Virus Definitions File Version will be listed as a date with a Revision number.
  2. Update SAV software and definitions if necessary.
  3. Unplug your computer from the network (even if you have been notified you have been blocked).
  4. Reboot your system in Safe Mode. To enter Safe Mode in Windows, restart your computer while tapping the F8 key until you see a screen offering boot options. Select Safe Mode.
  5. Run a full system scan for viruses with Symantec AntiVirus. SAV should find the virus(es) and remove them. There is no need to watch the scan, but pay careful attention to the scan results.
  6. Scan with SAV again until the report comes up clean.
  7. After the virus has been removed, reconnect your computer to the network.
  8. Run Windows Update to update your Operating System.
  9. Run Windows Update again to ensure all available updates are installed. Repeat until all necessary updates are installed.
  10. Ensure Automatic Updates are enabled using the Automatic Updates applet in Control Panel. Set to automatically download and install updates.
    Note: If you have been blocked from the network due to a virus, run Windows Update and configure Automatic Updates to automatically download and install updates as soon as you are unblocked from the network.

Frequently Asked Questions

What if SAV finds nothing?
If your network connection has been disabled because University IT Services Security Group has detected a virus on your computer, then SAV should find something. An antivirus scan that finds nothing usually indicates that your virus definitions are not up-to-date.
Note: You may also wish to verify that you have the latest version of SAV installed.

  1. Open SAV from your Programs list.
  2. Click Live Update to get up-to-date virus definitions.
    Note: If you are using an unmanaged version of SAV and your computer is blocked from the network, Live Update will not work. Contact Tech Support (Note: You will be asked to log in with your UARK email address and password. ex. username@uark.edu) for your area. If you do not have a Technical Support person in your area, contact University IT Services for assistance via AskIT.uark.edu. In the Request Help area fill in a desription of your problem. When you click Submit Request you will be asked to log in with your UARK account credentials.
  3. After updating Symantec AntiVirus definitions, unplug your computer from the network.
  4. Reboot your system in Safe Mode. To enter Safe Mode in Windows, restart your computer while tapping the F8 key until you see a screen offering boot options. Select Safe Mode.
  5. Run a full system scan for viruses with Symantec AntiVirus. SAV should find the virus(es) and remove them. There is no need to watch the scan, but pay careful attention to the scan results.
  6. Scan with SAV again until the report comes up clean.
  7. After the virus has been removed, reconnect your computer to the network.
  8. Run Windows Update to update your Operating System.
  9. Run Windows Update again to ensure all available updates are installed. Repeat until all necessary updates are installed.
  10. Ensure Automatic Updates are enabled using the Automatic Updates applet in Control Panel. Set to automatically download and install updates.
    Note: If you have been blocked from the network due to a virus, run Windows Update and configure Automatic Updates to automatically download and install updates as soon as you are unblocked from the network.

What if I can't get the virus definitions date to change?
Update your Symantec AntiVirus software from UITS Symantec web page.
Note: If you are running a version of SAV 7.x, you will need to remove SAV using the Add/Remove Programs applet in control panel and then install the latest version of SAV.

  1. After updating the SAV software and Definitions file, unplug your computer from the network.
  2. Reboot your system in Safe Mode. To enter Safe Mode in Windows, restart your computer while tapping the F8 key until you see a screen offering boot options. Select Safe Mode.
  3. Run a full system scan for viruses with SAV. SAV should find the virus(es) and remove them. There is no need to watch the scan, but pay careful attention to the scan results.
  4. Scan with SAV again until the report comes up clean.
  5. After the virus has been removed, reconnect your computer to the network.
  6. Run Windows Update to update your Operating System.
  7. Run Windows Update again to ensure all available updates are installed. Repeat until all necessary updates are installed.
  8. Ensure Automatic Updates are enabled using the Automatic Updates applet in Control Panel. Set to automatically download and install updates.
    Note: If you have been blocked from the network due to a virus, run Windows Update and configure Automatic Updates to automatically download and install updates as soon as you are unblocked from the network.

What if I can't get the SAV window to appear at all?
Take a look at the Troubleshooting SAV article. If none of the fixes work for you, contact your Technical Support assistant (Note: You will be asked to log in with your UARK email address and password. ex. username@uark.edu). If you do not have Technical Support in your department, contact University IT Services for assistance at askit.uark.edu. Log in and click the Request Help button. Please turn your computer off until technical support can assist you.

Note: If you feel uncomfortable removing the virus yourself, contact Technical Support in your area. If you do not have Technical Support in your area, contact University IT Services for assistance at askit.uark.edu. Log in and click the Request Help button. Please turn your computer off until technical support can assist you.

University IT Services Security Group strongly recommends not using a computer that is virally infected. The longer a virus is on the system, the more damage it can do to your files. Extremely malicious viruses that delete or modify files on compromised systems not only cause problems for you, but due to their potential access to network shares, they can also modify, delete, and infect files belonging to others.

 
 
Thank you for visiting UITS. This page can be found at:
http://security.uark.edu/virus.htm