If your computer has been compromised it needs to be returned to a trusted state. Trusted state is a requirement for access to the S&T network. The idea of "cleaning" a system is not realistic, especially in the case of a system compromise, as there is no reliable way to determine if the system has been completely cleaned. To return a computer to a trusted state requires reformatting the hard drive and reinstalling the operating system. If your computer has not already been disconnected from the network then do so before taking any of the following steps.
Before reformatting the hard drive, back up important files. As a rule of thumb, only backup data files (word processor documents, pictures, presentations, etc.). Backing up program files and directories is not recommended because applications can be modified to reinfect the system.
Wipe, Reformat and Reinstall
Wiping and reformatting the hard drive is necessary for two reasons. First, installing Windows over an existing file system does not overwrite every file which can result in the system still being compromised. Second, boot sector viruses are used to reinfect systems that have been reinstalled. It is necessary that the boot block and the file system are both overwritten. A reliable way to ensure this has been done is to wipe the hard drive. An example of a hard drive wiping tool is dban.
After the operating system has been reinstalled it needs to be configured to automatically download and install updates. All operating systems need this: none are immune from bugs. To minimize the chance of being compromised before getting patches installed it is imperative to install as many patches as possible before reconnecting the computer to the network. Microsoft facilitates this by providing service packs. Download the latest service pack using a different computer and move it to the reinstalled system via CD or flash drive.
The need to patch extends to all applications, especially those that either offer a service to the network (such as a web server or database server) or process files obtained from the Internet (such as Adobe Reader or Adobe Flash).
Windows Restore Points
Windows provides some conveniences that are very attractive alternatives to a complete reformat and reinstall procedure. However they are not effective when it comes to the remediation of a compromised system. For example, the system restore points are a good way to recover from a bad driver installation, but do nothing for virus infections. The reason is that a system restore point is neither a complete snapshot of the system nor protected from malicious changes being only a copy of a limited set of system data. The restore point does what it was intended to do (recovering from bad drivers or system settings), but nothing more.
Passwords and Financial Information
A compromised system often has a key logger installed. Key loggers are usually used to steal passwords and bank account information, but in general can be used to let someone else know everything you type. It is highly recommended that you change your S&T password, as well as any password used to access sensitive, confidential, or financial information. It is also highly recommended to put a credit watch on any financial accounts that may have been compromised.
If S&T Security has determined that there was a key logger installed, changing your S&T password is mandatory.
The best way to avoid these problems is a combined approach.