If you've suffered a virus attack, you must act immediately to minimize the damage and prevent it from spreading to other machines on your network, if it hasn't already. Follow these steps to remove the virus and restore your computer to its healthy state so you can get back to business.

1. Isolate and disconnect

The first thing you should do if you think -- or know -- you've suffered a virus attack is to physically disconnect your computer from the network. An infected machine endangers all computers connected to the network. It is essential that your computer stay isolated until you are sure it's been restored thoroughly from the attack.

If you're not sure whether another computer has been infected as well, act as though it has. Remove it from the network and go through the same steps as the machine you know has been compromised. It's counter-productive to clean off one machine while an infected computer is still connected to the network, waiting for you to plug back in so it can continue its path of infection.

2. Remove the virus

Once the computer has been isolated and removed from the network, you must remove the code that caused the damage in the first place. The most reliable method of getting rid of a virus, worm, or Trojan horse from your computer is to use removal tools written for that specific code. Your antivirus software should have updates or patches available for the specific security threat, released as soon as the malicious code is discovered. Symantec Security Response makes both removal tools and updated definitions available as soon as a threat is discovered.

Simply deleting the virus program or infected file is not enough. Most viruses, worms, and Trojan horses copy and spread themselves in different forms, hiding in and infecting other programs and documents. Trojan horses especially can install back doors in your system, leaving an entry point for hackers or additional malicious code. Even if you destroy the Trojan file, the security hole remains. Downloading a removal tool or patch for that specific Trojan will help eliminate additional vulnerabilities.

You should also check Symantec Security Response for security alerts that are released whenever new viruses are found. Alerts warn you about the spread of a new virus, the forms it comes in, and the methods you should use to remove it if you've already been infected.

3. Restore your data

You may experience varying degrees of data loss from an attack, ranging from altered file names to total obliteration. A nasty virus may render your applications useless, or an annoying worm may rename your Word documents. Regardless of the extent of damage, you'll need to restore your computer to its original state.

Reinstall programs

Some viruses can completely destroy an operating system. In this case, use a "quick restore" CD, if your computer came with one. The CD will return your computer back to its state at the time of purchase. Keep in mind that you will lose any applications you have installed or data files you have stored if you reinstall your OS. To restore applications, gather your documentation together, including original software, licensing, and drivers where applicable. You will need the documentation to register the software when you reinstall these programs.

Scan for viruses

Once you are up and running, perform a thorough antivirus scan. Scan all files and documents, and keep track of those that have been altered. If your data files are stored in a central location, such as a server, they should be scanned there as well. Scan all computers on the network, including your server.

Restore files

If your data files are stored on your individual machine, your data loss will depend on the virus' payload and how recently you backed up your files. If the virus attacked applications, you may find your data files have been left untouched. Unfortunately, some viruses specifically target data files. If you keep a regular schedule of backing up to tape, CD, or other media, your loss will be contained to the time period between your last backup and the virus attack. If you don't observe a schedule of backups, your files will be lost permanently.

Before restoring the backup files to your computer, you may wish to make an image copy of your system using a utility such as Norton Ghost. This will allow you to quickly restore the machine to a known clean state in the event of future compromise.

Scan each file with antivirus software as you restore it to your system. Watch for unexpected macros or documents with suspicious file extensions like ".vbs", which may be viruses.

Document the process

Document the steps you took to repair your system after the attack, including which files and applications you restored and the method you used to restore them. If something else goes wrong, you can retrace your steps, or use the information for future reference.

4. Prevent future infection

After all this trouble, you'll definitely want to keep your system free of viruses in the future. It is imperative that you run antivirus software and keep the definitions current, preferably with a program that automatically updates them for you. If you aren't running antivirus software, start now. If you are, immediately update the virus definitions from your vendor site. Then download the latest security patches for your operating system and all of your applications to fix any known security holes.

Next, change all of your passwords, including ISP access passwords, FTP, email, and Web site passwords. This is a free, easy, and effective way to boost security. Some malicious code can capture passwords or crack them, so a security breach may be evidence that they have been tampered with. It's a good idea to change your passwords regardless. Any secure data on your computer should have a password, and it should be created or changed at this time. Passwords should be at least eight characters long, combining capital and lower case letters, numbers, symbols, and punctuation. Avoid using recognizable words, phrases, or names.

5. Learn from your mistakes

Although the wreckage of a virus attack can be difficult to remedy, you can use the disaster as an opportunity to assess your current security practices. If a virus got in this time, it could infiltrate your network again. It's important to evaluate the security measures, if any, you were using and why they weren't effective. Do you need a firewall? Are employees downloading files without scanning them? Are you opening attachments from unknown users? Are your virus definitions up to date?

Did you lose data in this breach that could have been restored using backups? Create a regular backup schedule that involves copying files from the computer onto removable media like CD or tape, and storing a set of them offsite. Make frequent backups part of your routine and in the future you won't be at a loss.

A virus attack can cost you considerable time, money, and frustration. Prevention is always the best security policy. But if your network has been compromised by malicious code, follow these steps to get up and running again as quickly as possible so you don't lose your data -- or more.