Steps for Students
If you suspect your computer has a virus or malware, do:
- Disconnect the machine from the network. This will prevent an attacker from doing further damage to your system, and from using your system to attack others. To disconnect your machine, simply unplug the ethernet cable, or if the computer uses a wireless connection, either deconfigure the wireless card or physically pull the card out of the socket. If you are not sure how to disconnect from the network, contact the Technology Support Center.
- DO NOT turn the machine off or reboot unless instructed to do so by Information Security. It is possible that processes left by an attacker may not get restarted after rebooting, which will make it more difficult for Information Security to determine the cause of your problem. Furthermore, other hacks left on the machine may take effect during reboot. Leave your computer powered on and disconnected from the network unless otherwise instructed.
- Contact the Technology Support Center or bring your computer to their office located on the Medford campus in Eaton Hall (Google Maps). Be sure to include the machine name, operating system type and version, contact person, and any other information relating to the suspected event.
- You will receive a response from the Technology Support Center or Information Security with further inquiries and instructions regarding your case. Once your computer is secure, notification will be sent letting you know it is safe to reconnect your machine to the network.
Technology Service Support Center:
Walk-in Hours: Monday - Friday: 9 AM to 5 PM
If you suspect your computer has a virus or malware, DO NOT:
- Launch a return attack on the suspected source system.
Incoming attacks often use forged source addresses, so that any repercussions fall to an innocent third party. Denial-of-Service attacks cause damage and inconvenience to innocent parties that share network or system resources with the actual party being attacked.
- Engage in a verbal/textual "flame war" with the suspected attacker.
The actual identity of the attacker is often purposefully obscured, and your response may inadvertently target an innocent third party. Due to the possibility of legal ramifications, attacks on the Tufts network are a matter to be dealt with officially by IT staff only.