Even careful PC users can fall prey to the sticky fingers of evil malware. Loading an innocent looking file from a USB stick, clicking the wrong link in search results, cancelling a suspect alert box - all these actions could mark the beginning of a malware infection.
And let's not be coy - if your internet activities include downloading torrents or using pirated software, you're even more likely to fall prey to worms, spyware and trojans.
In some ways, discovering that your computer is virally infected is worse than realising that it's been compromised mechanically. You could have lost valuable data, your backups could be infected, and the machine may need a wipe and full reinstall of Windows.
But there are things you can try first, and there's a workflow you can use to clean your PC and recover your files. We'll take you through it.
Signs of malware
Some malware infections are easy to spot - others less so. There are many infections we might call 'scareware' in the wild. These are trojans that malicious websites trick you into downloading by popping up an alert claiming that your PC is already infected with malware. Once on your machine, these annoying infections will replicate themselves in several places, popping up further messages, browser windows and alerts.
Infections like this are easy to identify. Unusual new toolbars, shortcuts on your desktop to software you don't remember installing and your browser switching its homepage are all classic symptoms. Other, less obvious signs might include increased use of your broadband download allowance, router lights showing activity when there shouldn't be any, your browser popping up unexpected windows and even unexplained rebooting.
Some malware behaviours are just plain odd, like a mouse pointer that flips orientation. Whatever the signs, the cure is the same: removal of the malicious code.
Stabilise your system
The first thing to do is to attempt to stabilise your system as much as possible. This might prove difficult if your machine is popping up windows and alerts every second, so the first trick to try is to reboot in safe mode.
Restart your computer and press [F8] during startup (press it twice if you're given a choice of operating system first). Choose 'Safe mode' from the Advanced Boot Options screen. This will launch Windows with all startup programs disabled, and limited hardware drivers loaded. You'll also be without any networking functionality, which is essential for stopping spyware programs phoning home or pulling data from pop-up windows.
Type msconfig in the Start Menu search box and launch the program. Click the 'Startup' tab and untick all but the essentials - or simply choose 'Disable all'. Click 'Apply' to confirm, then go to the 'Boot' tab. Check 'Make all boot settings permanent'.
Next, go to the Control Panel and choose 'Add/Remove Programs'. Remove any non-essential programs, especially toolbars and browser add-ons. In some cases, these actions may be enough to stop malicious code from loading at startup.
Now you need to remove temporary files. Empty all browser caches, and all files in the following folders if present:
C:\Windows\Temp\
C:\Temp\
C:\Documents and Settings\yourusername\Local Settings\Temp\
C:\Documents and Settings\yourusername\My Documents\Downloads\
You can get your browser to wipe temporary internet files too. Go to 'Tools | Options | Clear browsing data' in Chrome, or go to 'Tools | Internet options' in Internet Explorer, then choose 'Delete' under 'Browsing History'. Tick every box and click 'OK'.
A faster way to clean out temporary folders and browser caches is to employ the all-powerful CCleaner - a tool that removes all the non-essential files that could be having a negative effect on your system.
Download it and run it with default settings intact to let it wipe anything nasty lurking in your temp folders. It also identifies dodgy registry settings, orphaned shortcuts and redundant associations, which will go a long way towards stabilising your system.
Detect malware
With your machine still in safe mode, you can begin the process of detection and removal using three freeware key tools. The first of these is Sophos Anti Rootkit.
This software specialises in the removal of software that's grabbed administrator privileges on your machine. This type of malware is particularly difficult to remove because it requires admin user permissions, and tends to be difficult to detect.
You have to register with Sophos before downloading the software, but you can opt out of receiving emails about their products if you want.
The tool begins with a scan of your registry, then moves on to a scan of local drives and an analysis of processes in memory. It searches for hidden files that can't be identified. When it finds them, they're added to a list. It's up to you to check those files and make a decision about whether they're naughty or nice.
You can select items one at a time and choose 'Clean up checked items' if the software recommends it.
Why remove rootkits first? These are the particularly stubborn form of malware that seems to refuse to go away. You can delete executables, registry entries and files associated with a particular piece of malware, but if there's a hidden file launching at boot, they'll all come back.
Search and Destroy
Our next step is to remove any spyware using SpyBot Search and Destroy. This is another free download, and one that, fortunately, is happy to run while your machine is in safe mode. It searches for spyware applications, but also flags up any less than honest tracking cookies - the kind used for nefarious marketing purposes.
Of course, if you've already thoroughly cleansed your machine's temporary internet files, it shouldn't find any. Again, once SpyBot has searched your machine's Registry, memory and drives, it generates a list of files that can be fixed.
Cookies aren't really a problem by themselves, and you can choose whether you want to remove them or not. Bona fide, executable fileware, on the other hand, should always be removed - no questions asked, no quarter given.
Antivirus programs generally tend to struggle in safe mode. They need network access to check virus definitions, for one thing. AVG Free is our usual choice for removing trojans and worms, but it runs from the command line when Windows boots in safe mode. That's the bad news.
The good news is that AVG Free 2011 loads a command line composer GUI when it detects that it's in safe mode, which lets you start a scan using a set of checkboxes instead of having to type in a string of commands.
Back up now
Hopefully you already have a backup of any essential files, but if not, you should take advantage of the relative safety of safe mode and grab any documents you need from your machine. In a worst-case scenario, you may end up having to wipe your drive completely, so it's important to retrieve what you can now.
Our activities so far should have made your system stable enough to install anti-malware tools and back up your most important files. You may not have caught everything, but if you've been able to clean up some at least some of the damage, you might be ready to boot back into Windows proper and remove any malware remnants remaining.
Make sure you unplug your router first, though. The last thing you want when your machine boots up is for it to connect to the net.
Cleaning malware
Before you boot back into Windows proper, take some time to assemble a malware removal kit using an uncontaminated machine.
In addition to the software we've already used and mentioned, we'd also recommend Malware Bytes, AdAware and ComboFix. Keep them on a USB stick for malware emergencies.
Before you run these, remember that every version of Windows from XP onwards has a tool for tracking down malware manually: Task Manager. Launch it by hitting [Ctrl]+[Alt]+[Delete]. Click 'Processes' to see what's running.
Better yet, download Process Explorer, which makes malware processes easier to spot. Processes without icons or descriptions that are using up memory are prime suspects.
You can use either tool to suspend applications and suspect processes. Suspension is the best approach - if you end processes instead, those tricky programs will simply launch themselves again.
Finally, bring on your barrage of anti-malware tools. Once you've run AdAware, Malware Bytes and Combofix, reboot and run them again.
Desperate measures
After all that, does it look like your machine is just too messed up to save? It can happen. Some malware can hijack your machine so perniciously that you simply won't have the chance to install any kind of removal tool.
If that's the case, it's time to bypass the operating system altogether. Kaspersky Rescue Disk 10 lets you boot from a USB stick or CD, bypassing your own system, then scan and remove malware threats without being hassled by the malware itself.
There are other tools, but Kaspersky's is free and by far the easiest to burn and use because it's provided in ISO format.
If all this fails, it's time to back up your documents, wipe the hard drive and reinstall Windows.
 |  |
Source: http://feedproxy.google.com/~r/techradar/allnews/~3/yu7LBZ__ivc/story01.htm
Megan Fox Michelle Malkin Charlies Angels Rose Byrne Willa Ford
No comments:
Post a Comment