What to do when an antivirus detects a virus?
TL;DR: The short answer is call a computer security professional!
Long answer: What is a virus? A virus is a type of malware or MALicious softWARE. There are many types of viruses. Some fill your screen and overwhelm the system so you can not do anything on it. Some fill your hard drive so you can not add data. Some delete files, others can damage hardware, etc. These can deny you control or access to the system or resources.
Dealing with a virus is a complex matter. Why is it complicated? You can not just delete a virus because it is still on the hard drive, even if it is not in the recycling bin. When you delete a file or permanently delete a file, that file is still on the hard drive until it is overwritten in the exact same place.
A file can be stored in pieces called fragments, which is why some computers or operating systems (e.g., windows) automatically defragment files on certain types of hard drives. A virus is also a file or a collection of files just like software is a file or a collection of files. Technically speaking, you have to overwrite all sectors on the hard drive that the file(s) occupies multiple times. How it is done depends on the type of drive. A virus can reassemble itself locally or download itself in parts or whole. Therefore, it can come back if not properly overwritten.
Another thing to consider is the way that most antivirus solutions work. All an antivirus does is alert you that there is a virus and quarantine or delete it. When an antivirus deletes a virus it can be a safer way of deleting than a manual delete. However, it is basically the same situation. It is still on the hard drive out of the control of the system.
Most antivirus solutions usually look at the behavior of a file, called heuristics. Unless, it is a registered virus in a central public database where everything is known about the virus including how it infects the system, then it is called a signature. Some files look like a virus but is not a virus. So, if you write a program that all it does is print "Hello, World!" once to a screen, the antivirus will mark it as a virus even though it does not do anything else. That is called a false positive.
There are also false negatives where a virus is not detected by the antivirus. Having more than one antivirus does not provide additional protection. You add more precision using more resources with the same accuracy meaning similar results. Using an online antivirus scan as a secondary solution does not provide additional protection either.
You will get the same amount of false positives and false negative. The less false positives and false negatives that an antivirus detects depends on the quality of the antivirus. Check out technical reviews, not customer reviews, when searching for an antivirus solution.
Here is a real world example. There is a file that is well known in the cybersecurity industry. The website that is used to download this file is also well known in the cybersecurity industry. When this file is downloaded sometimes an antivirus thinks it is a virus even though it is not. The fact that it is well know is not sufficient to say it is not a virus. There are file integrity checks, such as digests and different types of digital signatures. These are made to make sure what is downloaded is what the website and the author of the software intends for you to have.
Here is what to do about an actual virus. Physically disconnect the internet cable from the computer. Quarantine it until a computer security professional deals with it. Change your passwords on the computer and online accounts after dealing with it. Do not delete it, manually or with an antivirus solution.
Otherwise, now the operating system, e.g., Windows and the antivirus solution lose control of it. Yet, it is still on the hard drive. Now the virus has free reign to do whatever it wants to do to any hardware or software. This includes processors, memory, or other chips on or connected to your motherboard.
The virus can even affect other things like printers and routers connected to your computer. If it gets to the router it can go to other devices connected to the router. A virus can still travel to the hardware even if the virus is not deleted meaning with the protective role of the operating system. Antivirus does not scan hardware but that is not the point. The point is why give a virus unconditional access?
If you do not have the time or money to spend on properly dealing with the virus that is understandable. Your next best solution is to just quarantine it. Do not ever reinstall the operating system or using a whole system restore in the future. Even if you format the drive because formatting does not overwrite anything it just deletes a table. Otherwise, you still lose control of the virus.
Also, do not attach data backup solutions to your system until you have quarantined it. While we are on the subject, data backups should be regularly scanned for viruses because a virus can be inactive for a period of time then suddenly activate. A regular full scan is also advised. Why a regular full scan if the antivirus solution does a full scan in the beginning then scans every download? It is because there are false negatives and viruses can be inactive for a period of time.
How regular is a question of time and cost of resources versus value of the data. Do you see the complexity in such an archaic problem? It takes a lot of time and research to make sure that an actual virus is off the hard drive and has not affected other files or systems. If it is a different type of malware, then it is a different story with different procedures. Are you up for the task?
We guarantee fast and discrete handling of all your IT tasks. Our team of highly qualified professionals is available to meet your needs – because your satisfaction is our highest priority.
We need your consent to load the translations
We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.