Replace or repair? A guide to cleaning a virus-infected Windows computer

That’s the average number of days—almost nine months—it took to contain a security breach in 2022. When a ransomware hits your network, be it one machine or a 1,000 machines, it’s a tiresome process to identify and mitigate the attack. Even then, you cannot be completely sure that you’ve eliminated it. It’s possible that the virus remains concealed in your network.

A virus might replicate and resurge if it hasn’t been completely routed from your network. The productivity of your organization will suffer until you’ve completely disinfected your network which costs, a 2022 global report determined, around $4.35 million. The IT team will also spend valuable time to identify the root cause of the attack, analyze the computers affected, and contain the breach.

It’s vital to quickly detect and contain the breach as every minute your network is under attack is costly. It is often advisable to reboot and replace the affected machines rather than attempt to repair the damage.

In this article, we’ll discuss a quick way to eliminate viruses, and help users save time, money, and effort. Let’s start with a brief overview of a cybersecurity attack.

What happens during the attack?

An attack on your network can come from anywhere and the virus can quickly infiltrate your systems. A virus can breach all the computers in your network, steal passwords and other sensitive data, log keystrokes, corrupt files, and even take complete control over your machines. Replicating itself until it impacts your computers by deleting files and folders, a virus can reformat hard drives and perform other malicious activities.

How can OS Deployer help you?

Though there are multiple ways to deal with a virus attack, but one of the fastest ways is to use ManageEngine OS Deployer. It enables you to completely wipe a virus-infected Window OS and redeploy the OS on the virus-infected computers so you regain control over your computers almost instantly.

The steps to follow to accomplish this depend on how significantly your network is impacted. Let’s discuss the practices involved based on two different cases:

1. Clean a part of your network
2. Clean your entire network

Clean a part of your network

This process will be useful if a few machines in your network are utilized regularly and need cleaning. For example, computers used by students in a school, or internet devices used by passengers on a commercial airline.

1. From the OS Deployer server, image a computer that is not affected by the virus.
2. Customize your image according to your network preferences using a deployment template.
3. Under the deployment template, enable the option to completely erase the target computer’s partition and replace it with the created image.
4. Add the required applications to the deployment template and deploy the task. These applications will be automatically installed after OS deployment.
5. Create a bootable media with the necessary drivers and the latest WinPE tool.
6. Connect the affected computers to your network and boot them with the created bootable media.
7. Deploy the created OS image on the target computers.

Though cleaning a part of your network comes handy in a few cases, it is recommended that you completely overhaul your network in the event of a cyberattack. We’ll go over this process next.

Clean your entire network

1. Download and install OS Deployer on a computer that is not affected by virus.
2. Using OS Deployer, image a computer that is not affected by the virus.
3. Customize your image according to your network preferences using a deployment template.
4. Add the required applications to the deployment template. These applications will be automatically installed after OS deployment.
5. As all the computers in your network are infected, you can use the Standalone task to deploy images. This enables you to deploy images to computers that are not in your network.
6. Create a standalone, USB-bootable media specific to the deployment by downloading the standalone tool from the OS image.
7. Use this media to boot the infected computers individually.
8. This enables you to deploy OS images to all the infected computers.

This method can also be used to deploy OS images to affected computers in remote locations, such as employees working from home.

What if I have an isolated network available?

Do you have a separate network, besides the network where the computers are infected? If so, the disinfecting process becomes even easier as you need not deploy OS images one by one. Just the infected computers can be connected to your virus-free network and the OS images can be deployed using the PXE booting process.

1. Create a WinPE bootable media and boot the target computers after connecting them to the virus-free network.
2. You can now deploy the customized image to all the affected computers from your console with a single click.

For seamlessly containing a cyberattack we recommend replacement rather than repair. Interested in our solution, OS Deployer? Book a session with our product experts for a detailed demonstration of its features.

Article Contributed by Koushik is a product expert specializing in modern endpoint management and OS provisioning. He loves gaming, historical fiction, and is planning his next dance routine.