What can I do if I've been infected?

Step 1: Isolate the infected device.

Your first priority when dealing with a device infected by malware is to isolate the device - not only can they jump from file to file in order to evade detection by  antivirus software, but malware such as worms can spread from one infected device to another via the Internet. Using this method, the piece of malware may also be able to leak private data. That being said, the first thing to do is to disconnect the device from the Internet and any other devices it may be connected to otherwise. 

The only exception to this is that If the device does not have anti-malware software already installed on it and requires said software to be downloaded, then the device should be immediately disconnected from the internet as soon as anti-malware software has been installed. 

Step 2: Scan the device for malware.

Once the device has been isolated, the next step should be to thoroughly scan the device for the malware that has infected it. Since the malware may be able to jump from file to file, depending on its sophistication, the best practice is to run several full system scans until the malware on the device is found, quarantined and removed from the device. Try to avoid running other applications on the device and keep processes being run to a minimum, so that most of the device's resources can be dedicated to the scan and there's slightly less of a chance that the malware comes across sensitive information stored in the device's random access memory. 

Step 3: Start addressing the aftermath.

After the malware has been found and dealt with on the device, now starts the hard part - starting to clean up in the wake of the aftermath. There's a very good chance that any logins, passwords and other sensitive information that was stored on the device have been compromised. Start resetting those credentials, and keep track of the ones that you've reset to make sure that the cleanup is as efficient as possible. If other sensitive information, such as bank card numbers and credit card numbers were stored on the device while it was infected, it would be a very good idea to contact the relevant banks and credit companies to ensure that no unauthorized charges are made with the compromised data. 

Step 4: Review the breach and reflect.

The best kind of mistake is the kind that you can learn from. It's time to review what's happened, and figure out exactly why it happened the way that it did. How did your device get infected? Was there some website you visited that you didn't fully trust? Was there an e-mail you got with a link that you weren't 100% sure about? Now that we've dealt with the problem at hand, hindsight should be 20/20. Commit to figuring out how the infection took hold of your device and, once you figured out how it happened and why, commit to learning from what happened.