Computer viruses - beware of re-infection
If a filesystem went down due to the virus attack and was subsequently
recovered, the files restored from the damaged volume will still contain
dormant virus copies. These files should be cleaned before they
enter the working system. The virus will lay dormant until you
launch one of the infected files or open an infected document.
Unless an infected file is opened, you are safe. However,
recovered files are of no use if you cannot open them.
This is typically solved just as any other virus infection. You should
run your usual antivirus software to check the files you've recovered.
Some of the files may be corrupted and you may get a warning from the
antivirus software notifying you that it was unable to analyze the
particular file(s). These files should be deleted without attempting to
launch them, because they are useless anyway and there is still a chance
they may contain a virus. Another drawback is that antivirus software is
usually not very robust in regard to damaged executables. This usually
manifests itself as occasional AV scanner lockups. Files that cause your
antivirus to lock up should be deleted as well.
A simplistic approach is to delete the executable files altogether.
Usually most of the executables are readily available from their
corresponding distribution disks and do not contain any data of interest.
Valuable information is stored in data (document) files instead. So, just
reinstall the software you need and put your data files back into the
working environment. Take care with Microsoft Office documents though. They
are somewhat unique in their ability to hold both useful data and virus
code at the same time.
We advise to you treat any kind of data loss as virus-induced
unless proven otherwise. This is simply because the question "what
exactly went wrong" is often difficult to answer and we prefer to err on
the safe side. The only exception is physical drive damage (no virus
strain is known to damage a hard disk physically, at the time of this