- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Detecting and Recovering from a Virus Incident
- Abstract
- There is an ongoing battle between the creators of computer viruses and malicious code and the firms creating software to prevent their actions. While antivirus firms are adding proactive technology to their software, when it comes to new types of viruses, they still largely depend on reacting to the actions of the virus creators. Short of dismantling your network, there is no way to totally protect your environment from the next new fast-spreading virus. This document lays out what information to gather and the steps to take in the event malicious code enters your environment. It assumes that you may not have in place all the tools or infrastructure necessary to deal with the intrusion effectively. It explains how to detect a virus if you are infected, what immediate response you should make, the stopgap measures you should put in place, how to approach the task of environment cleanup, and some long-term solutions. In this document, we will call all malicious code a virus, even though that term may be technically inaccurate in some circumstances.