Virus or Malware Handling Information

Overview of Viruses and Malware and the required call information.

Service Description

Computer viruses are unwanted files and programs that pass from computer to computer and can then infect other programs or documents. Users can protect themselves from these viruses by running a secure operating system, avoiding programs from unknown sources, and running virus protection software such as Symantec Endpoint Protection.

"Spyware" (sometimes also referred to as "Adware" or "Malware") is a category of computer software that is installed on a computer system for the purpose of gathering information about the user and relaying it to advertisers or other interested parties. Most existing spyware is designed for computers running Microsoft Windows. It's typically installed as a "bundled" component with other more useful software packages.

Viruses and spyware can have a detrimental impact on privacy, security and system performance.

Symantec Endpoint Protection, licensed by UW-Madison for faculty, staff, and students, includes virus detection and removal capabilities. However, additional software (such as Spybot - Search & Destroy) should be used in calls where the machine is known to be infected with spyware that Symantec is unable to remove. Procedures for removing viruses and spyware can be found in Help Desk - Agent Process for Virus and Spyware Removal.

Support Conditions

Service Users: N/A
Availability: N/A
Server Information: N/A
Unique Support Conditions: If a customer is unable to resolve a virus or spyware infection with the assistance of the Help Desk, they should be referred to the onsite help desk. Make sure to include a detailed description in the case notes, and provide the customer with their case number.

Creating WiscIT Incidents

Select an appropriate service, category and subcategory from the options below.

Computers, Hardware & Software

Software Repair

Malware Cleanup

For ALL incidents, gather the following minimum required information:

✔ Clear, detailed description of the problem

✔ Complete customer contact information

Copy/paste the following additional required information into the WiscIT Description field:

 
  Machine type (desktop or a laptop): 
  Manufacturer of the machine and model: 
  Specific version of operating system: 
  Virus or Spyware behavior patterns noted:    
  Name of any anti-virus or anti-spyware software customer has installed: 
  Name of virus or spyware detected: 
  Steps taken to remove virus or spyware: 
  Recently installed or upgraded software: 
  Confirm whether customer has recovery media:

Click the text box to select all, copy with Ctrl+C.

Example Case:

Machine type (desktop or a laptop): Laptop
Manufacturer of the machine and model: Toshiba Satellite C655
Specific version of operating system: Windows 7 Home Premium
Virus or Spyware behavior patterns noted (e.g., multiple browser windows popping up sporadically, slow network performance, unusually high CPU-utilization, lots of icons displayed in the windows system tray, etc.): Multiple suspicious pop-ups; antivirus crashes while running scans
Name of any anti-virus or anti-spyware software customer has installed: Windows Defender, Malwarebytes
Name of virus or spyware detected: N/A
Steps taken to remove virus or spyware: Attempted to run scans with Windows Defender and MBAM in normal mode and Safe Mode.
Recently installed or upgraded software ("Gator" and "New.net", for example are known spyware components, popular file sharing programs, some are known to include bundled spyware): None
Confirm whether customer has recovery media:

HDQA Notes

None.

For a visual depiction of this workflow, see the following image: Process Diagram

The Help Desk receives one or more customer contacts for an issue that is identified as a potential outage.
HDQA checks the outages page for any related open planned outages. HDQA then chats SNCC via Service Support Chat Room and confirms an outage should be declared.
If an outage is identified, SNCC should immediately begin creating an Outage.
HDQA receives the Incident from the agent(s) who handled the initial contact(s).
HDQA creates a problem in Cherwell by selecting New > Problem. HDQA then fills out the fields in the Identify and Classify section of the Problem with the information they gathered from the Incident(s). For assistance with Problem creation, reference: Help Desk Training - Create a Problem in WiscIT without the Problem Manager or Help Desk Training - Create a Problem in WiscIT with the Problem Manager.
When the Problem has been created and saved, HDQA clicks the team name in the Owned by pane and assigns the Problem to 'SNCC-Sysops' or 'SNCC-Network' as directed by the service handling doc or SNCC staff.
SNCC receives the Problem and links the Problem to the Outage from the Problem screen.
HDQA links the original Incident(s) and any additional relevant Incidents they have received to the Problem. For instructions on performing this step, see WiscIT - Linking an Incident to a Problem.
As calls continue to come in, Help Desk agents should link the Incidents to the Problem themselves. Level 1 agents should simply save the Incident at this stage; do NOT resolve these Incidents or escalate them to HDQA.
When the outage is resolved, SNCC will go into the open Problem and select the Resolve Attached Incidents link on left side of screen; this will email all customers that their Incidents should be resolved. The email will direct customers to contact the Help Desk if they believe the issue is still occurring.
If the problem needs follow-up investigation, SNCC will assign the Problem to the appropriate team.

After Hours Handling

None.

Keywords:

Virus Spyware Malware Adware Handling Information MALWARE AND VIRUS CLEANUP spyware removal

Doc ID:

8773

Owned by:

Wanjiru P. in DoIT Help Desk

Created:

2009-01-06

Updated:

2025-04-15

Sites:

DoITHelpDesk-internal, hd-cps-internal, SNCC-internal

0 0 Comment Suggest new doc