If the system has any data classified as Protection Level 4 (P4)
disconnect it from the network - don't turn it off or unplug it - and
immediately contact at (510) 664-9000 (option 4)
Attackers often leave “backdoors” on a compromised computer and removing them all can be difficult, if not impossible. We recommend reinstalling your operating system, but if that is not practical you can try this option first.
Note: If you receive a security notice from ISO after attempting to clean the computer, you MUST reinstall the operating system (see Reinstalling Your Compromised Computer for instructions).
Instructions for Microsoft Windows operating systems:
1. Make sure your antivirus software is up-to-date.
Windows 10 comes with Windows Defender.
1.1 Double-click on the white shield icon in the icon tray bar (notification area) on the lower right portion of your screen (or search for “Windows Defender” from the Start Menu). When you move your mouse over the icon, it should say "PC Status: Protected".
1.2 Click the "Update" tab, click on the "Update" button and follow the prompts.
2. Reboot your computer into safe-mode
Follow these specific instructions for Windows 10: https://support.microsoft.com/en-us/help/12376/windows-10-start-your-pc-in-safe-mode.
2.1 Once in Safe Mode, you’ll want to run a virus scan. But before you do that, delete your temporary files. Doing so may speed up the virus scanning, free up disk space, and even get rid of some malware. To use the Disk Cleanup utility included with Windows 10 just type Disk Cleanup in the search bar or after pressing the Start button and select the tool that appears named Disk Cleanup
2.2 Next, while still in Safe Mode, run a full scan of your system: Double-click on the white Windows Defender shield icon in the icon tray bar (notification area) on the lower right portion of your screen and select. When you move your mouse over the icon, it should say "PC Status: Protected."
2.3 On the "Home" tab select "Full" and click the "Scan now" button.
3. Download and install an Anti-Spyware program
3.1 These programs have free versions that can be run for personal use and have solid reputations.
- MalwareBytes (https://www.malwarebytes.com/),
- Spybot - Search and Destroy (http://www.safer-networking.org/) or
- Ad-Aware (http://www.lavasoft.com/products/ad_aware_free.php).*
Note: Keep in mind that some adware/spyware alerts, particularly cookies, may be fairly innocent and not represent a serious threat to your system's safety. The alerts to be concerned about are primarily those that represent installed programs or browser plug-ins/add-ons that you cannot identify.
If these steps do not return any significant problems, then the system is probably ok to use. However, be wary of any issues you notice. If these steps do not resolve the issue, you must rebuild your operating system: Reinstalling Your Compromised Computer.
* This list does not represent endorsement by the University of California or its affiliates.