This step-by-step guide describes how to reboot and clean your server or workstation after a virus attack.

Requirements

• The file system on the infected computers must be FAT or FAT32. If your file system is the NTFS File System, refer to the notation in the "Troubleshooting" section in this article.
• A virus-free and write-protected Windows 98 or Windows Millennium (Me) startup floppy disk (disk 1).
• A working installation of an antivirus program with current virus definitions installed on a non-infected computer with which you can create a bootable MS-DOS-based virus scanner on a disk.
• The infected computer must be set to boot from a floppy drive denoted as drive "A".

Cleaning and Rebooting the Computer After a Virus Attack

1. Shut down the infected computer.
2. Start the infected computer from the startup disk:
   1. Place the startup disk (which is referred to in the "Requirements" section in this article) in drive A.
   2. Turn off the computer.
   3. Restart the computer.
3. Scan the infected computer with the antivirus disk:
   1. Remove the disk from drive A.
   2. Insert the antivirus disk (which is referred to in the "Requirements" section in this article) into drive A.
   3. Follow the instructions that are provided by your antivirus vendor to run the disk(s) to clean the infected computer.
   4. Restart the computer when you finish.

Troubleshooting

There are viruses which can maliciously attack a server or workstation system files and render it unrecoverable. In such cases, it is recommended to rebuild the system from scratch and restore the data from a known good backup.

If your file system is NTFS, the MS-DOS-based boot disk will not be able to gain access to NTFS-formatted drives, therefore the virus scanning software will not be able to clean your files. There may be third-party programs which will allow you to start from an MS-DOS-based disk and read and/or write to an NTFS volumes; however, any third-party program or utility is not supported by Microsoft.