How to recover from a hacking attack

There's nothing like a good backup in a time of crisis. Sadly, however, it's something you only ever appreciate after the fact. If you have serious reason to believe you have a malware infection that has subverted your defences, it may be time to do something drastic.

Before re-installing the system from scratch or rolling back Windows to a time before the infection, you need to make sure your data is safe. Luckily, Linux can read the same filesystem formats as Windows, which means booting a live CD version of Linux will grant you access to the data stored on an infected Windows computer.

Ubuntu live

On another computer, download a Linux distribution ISO file and burn it to a bootable DVD. The download page for the current Ubuntu distribution even shows you how to burn the ISO to a disk or to a USB memory stick.

We'll use this distribution as an example. Once you have Ubuntu on a bootable disk or memory stick, running it is as simple as rebooting and making sure the BIOS boot order puts the DVD or USB controller before the hard disk. When Ubuntu loads, click 'Try Ubuntu' and the desktop will appear.

You can access the hard disk by clicking 'Places' in the menu at the top. If you can't identify your hard disk in the list, select 'Computer' to access a list of drives. The resulting window lets you navigate the file-system, including the parts usually locked by a running Windows system. Once you're happy that you can find your data, you can insert a new USB stick, double-click it on the desktop to open it, then drag and drop your files onto it.

You can also decant data onto a DVD using a program called Brasero. Click 'Applications | Sound and video | Brasero Disk Burner'. Select a data project from the list, then drag your files and folders onto Brasero's interface. Once you're done, insert a blank DVD and click 'Burn'.

Roll back infection

Windows restore

Once you have a copy of your data, you can do one of two things. First, if you believe you have installed a program that has messed up your OS, you can try rolling Windows back to a point before the installation.

Open Control Panel and select 'System and security | Restore your computer to an earlier time'. Click 'Open System Restore' and a wizard appears. Click 'Next' and select the restore point prior to the questionable installation. Click 'Next', then 'Finish'. Click 'Yes' and the restoration begins, after which the machine reboots.

If rolling back Windows doesn't help, it's time to run the manufacturer's initialisation disk to wipe the PC and return it to factory condition.