Why do I have to format and re-image my computer after it is infected with a virus?

Request security assistance

The Process

When a virus or malware infection has been detected, ITS will disconnect the infected computer from the network in order to prevent the infection from spreading. In order for network access to be restored to the infected computer, it must first be formatted and re-imaged. This means all data stored on the computer will need to be erased and a fresh copy of Microsoft Windows or Apple MacOS along with all relevant security updates will need to be installed.

Why?

ITS Security requires systems infected with malware to be formatted and re-imaged because it is the only way to ensure that the malware is thoroughly cleaned from the system, the system meets all security standards and the system is in good working order.

Many malware infections that are detected by Anti-Virus, Anti-Malware and Anti-Spyware tools are just the tip of the iceberg. In many cases, there is other malicious software on the system acting as a carrier for yet more malware. Removal tools may focus on the malware which was detected, but completely miss others, such as "droppers," which may have been used initially to install the malware.

There is no way to ensure that the system won't be re-infected because modern malware can enter a system in countless ways. Additionally, modern malware can make many changes to the system and therefore enable the success of more complex attacks. If the malware is removed, those changes are not automatically reverted, leaving the system open to re-compromise and often causing strange and unexpected behavior.

Back Ups

This process removes all data on the system. Therfore it is important that good backups are kept, or data is stored on the shared drive or OneDrive so that will not be lost in the event that a system is re-imaged.