Internet Security

What to do if you suspect your computer of being infected

If you suspect infection of your computer, use the System Restore Wizard neutralizing the consequences of malicious activity in the system. Kaspersky Lab recommends that you run the Wizard after the computer has been disinfected to make sure that all threats and damage caused by infections have been fixed.

The Wizard checks whether there are any changes to the system, such as: access to the network is blocked, known format file extensions are changed, the toolbar is blocked, etc. Such damage can have various causes. The latter may include the activity of malicious programs, incorrect system configuration, system failures or even incorrect operation of system optimization applications.

After the review is complete, the Wizard analyzes the information to evaluate whether there is system damage which requires immediate attention. Based on the review, a list of actions necessary to eliminate the problems is generated. The Wizard groups these actions by categories based on the severity of the problems detected.

The wizard consists of a series of screens (steps) navigated using the Back and Next buttons. To close the wizard once it completes its work, use the Finish button. To stop the wizard at any stage, use the Cancel button.

To start the System Restore Wizard:

1. Open the main application window and select the Tools section in the left part of the window.
2. In the right part of the window click the System Restore button.

Detailed discussion of the wizard steps.

Starting system restore

Make sure that the wizard option to  Search for problems caused by malware activity is selected and click the Next button.

Problems search

The Wizard will search for the problems and damage, which should be fixed. Once the search is complete, the Wizard will proceed automatically to the next step.

Selecting the troubleshooting actions

All damage found during the previous step is grouped on the basis of the type of danger it poses. For each group of damage, Kaspersky Lab recommends a sequence of actions to repair the damage. There are three groups of actions:

• Strongly recommended actions eliminate problems posing a serious security threat. You are advised to perform all actions in this group.
• Recommended actions eliminate problems presenting a potential threat. You are advised to perform all actions in this group as well.
• Additional actions repair system damage which does not pose a current threat, but may pose a danger to the computer’s security in the future.

To view the actions within a group, click the + icon to the left of the group name.

To make the Wizard perform a certain action, check the box to the left of the corresponding action name. By default, the Wizard performs all recommended and strongly recommended actions. If you do not wish to perform a certain action, uncheck the box next to it.

Unchecking the boxes selected by default is strongly discouraged because doing so will leave your computer vulnerable.

Having defined the set of actions, which the Wizard will perform, click the Next button.

Eliminating problems

The Wizard will perform the actions selected during the previous step. The elimination of problems may take some time. Once the troubleshooting is complete, the Wizard will proceed automatically to the next step.

Closing the Wizard

Click the Finish button to close the Wizard.