Carleton College

Windows -

There are a variety of tools that we use to remove viruses from Windows computers. You are responsible for updating the standalone data files which contain virus definitions. Start by installing a virus scanning program from below. Then, install these manually via a flash drive before starting any scans. These files are what you use when Rich Graves has blocked a computer from the network.  

McAfee: Download .dat
MBAM: Download rules
Spybot: Download includes

We treat computers by level of offense:

First Time Offense: 
Run these three programs. MalwareBytes (MBAM) , McAfee , and Spybot. The programs can all be found on the DOC flash drives or you can download them from their websites. Use the standalone virus definition links above to manually update the virus definitions of each program; particularly if internet access is blocked on the virus ridden program. If you suspect that there is a rootkit infection (a deeper level infection that targets memory not occupied by the Operating System), then run Combofix. You may suspect a rootkit in the following scenarios: 1. Rich Graves's technical report indicates that a rootkit infection is possible. 2. This is a second time offense (see below). 3. McAfee detects a rootkit infection, blue screens (and fails to remove it), has incomplete logs, or fails to complete its scan. 

Before running the scans

Before running any scans, be sure to download the most recent virus definitions updates. If you have internet access on the computer you're working on, you will get an automatic message to download the updates after installing the programs.  If you do not have internet access, you can download the updates on a different computer and transfer them to the desired computer with a flash drive. You can download the updates from the following links:

After downloading the definitions, restart the computer into safe mode and run the virus scans there and remove anything they find.  Once those finish, rerun the scans in normal mode.  If the viruses are still there, we'll need to back up the user's data and ask for permission to wipe and reinstall the operating system on the hard drive. 

If the virus doesn't let you log in or install any of the virus removal tools, scan the hard drive externally.  To do this, remove the hard drive and plop it in the toaster and connect it to one of the mac minis.

Macs - 

We don't have a specific Mac virus removal tool, but in the past we have used clamxav which was successful. 

Skip to end of metadata
Go to start of metadata