Protecting Against and Dealing with Malware
Malware, virus and spyware removal.
Since Microsoft Windows is still the most prevalent operating system in use on most desktop computers today, the prevalence of malware on Windows is also the highest. However, with the release of Windows Vista and Windows 7, Microsoft has produced operating systems that appear to be getting better and less prone to malware (Ref1). But, rather than producing more bug-free software, it's my belief that Microsoft is beginning to adopt the computing model that's long been used by operating systems like Unix and Linux. Essentially, you should NEVER use administrator accounts on a day to day basis, and it's generally considered much better practice to use your computer with a very restricted user account. The idea is that if malware does attempt to infect your machine, it only has the level of access your user account has. So, if you're using the administrator account, you have access to change AND delete important files and settings on your machine. If however, you are using a standard user account with limited privileges, that same malware also has limited ability to damage your computer's software, and therefore it will cause far less damage.
With Windows XP, using a user account with limited privileges was quite problematic as a lot of software you might want to use was written and produced under the assumption you would be using Windows XP's default user account...an administrator account. Windows Vista improved upon this slightly in that the default user account was automatically granted administrator privileges, but there were numerous (and annoying) pop-ups asking if you really wanted to do something that required admin access. Windows 7 has gotten even better, but the fact remains that you will be asked for elevated privileges on occasion. And simply put, most people just aren't savvy enough to know all the time when and when not to grant that access. And this is where we all must rely on security programs like antivirus and antimalware to help keep our computers and data safe.
First, I'd like to clarify what the term malware means. Some time ago, we really only talked about viruses, but over time, we learned about viruses, worms and trojans. And several years ago, we began to see the emergence of spyware. Since there seemed to be a growing number of terms for various kinds of threats to your computer's operating system, a more generalized term was coined: Malware (Ref2). Essentially, malware is any software that is intended to cause harm, damage or loss to your computers software and/or your data.
So, lets cut to the chase and get to the nuts and bolts of this article.
Protecting your computer
1. Keep your antivirus and anti-spyware software updated!
Speaking from experience, very few commercial or free antivirus packages provide complete protection. Now days, you must take a multi-layered approach to keep your computer clean. It's highly recommended to have an antivirus program AND an anti-malware program.
Recommend Free Tools: AVG Free Edition or Comodo Antivirus and Malwarebyte's Anti-Malware.
Recommended Non-Free Tools: Trend Micro Internet Security, Kaspersky Internet Security
NOTE:
- AVG Free edition doesn't give you everything the paid version does, and judging from the number of infected PCs I deal with that use AVG, I'd have to say it's level of protection is somewhat disappointing. However, the ease of obtaining, installing and keeping AVG up to date, and the protection it does provide, make it an obvious choice for antivirus software.
- Comodo Antivirus seems to provide MUCH better protection, but it comes at the cost of complexity. Comodo Antivirus will ask you a LOT of questions about programs that are trying to change your system, and the problem is that most people don't know whether they should block a program or not. I've seen this go both ways in that sometimes malware is allowed to do what it wants, and legitimate software blocked. Both scenarios can lead to problems.
- Malwarebyte's free tool is also limited in that it doesn't provide real-time protection. Although, you can get away with the free version, buying each's commercial version will provide better protection.
2. Use a more secure browser such as Mozilla Firefox or Google Chrome!
I know, I know! There have been many studies to analyze just how secure Internet Explorer is when compared to Firefox or other browsers. Statistics show (Ref3) that Internet Explorer "should" be just as secure if not better than Firefox, but in my experience, customers that convert to Firefox definitely seem to have less infections on their computers in the future.
One thing to know however, is that even Firefox won't protect you from one of the most common threats floating about recently, Personal Antivirus. I've witnessed this threat in action on numerous occasions, and it takes advantage of a crafty design to 'trick' you into thinking your machine is already infected and tries to get you buy and download their removal tool.
3. Avoid gaming and warez sites. Beware of file sharing software like Limewire, Kazaa, eDonkey, etc. Also be VERY careful with Shareware software; this is software that can be used for free, but if you like it you're supposed to buy it.
Cleaning up your PC after an infection
Now, there's no silver bullet to fix your computer, and usually, the process of how you go about removing malware is more important than the tools used to fix it. None the less, it helps if you can use another computer to download clean copies of Comodo Antivirus, Malwarebyte's AntiMalware, and for good measure, CCleaner (a registry and temp file cleaner). Copy these to a usb drive or CD, so you can install them on the infected machine. This set of instructions is geared toward Windows XP, but the concepts apply to Windows Vista and Windows 7.
1. First, unplug your computer from the Internet. No need to give malware anymore chance to spread!
2. If your computer boots up okay but is just dog slow and seems to have a mind of its own, you should first disable System Restore. If it doesn't boot up or blue screens, you may need to seek professional help. To disable System Restore:
- Right-click on My Computer and click Properties
- Go to the System Restore tab and check Turn off System Restore
- Click Yes to confirm turning off System Restore, and reboot if asked to do so.
3. Now, you need to boot into Safe Mode. With the computer off, turn it on and begin pressing the F8 key about once per second. After the initial POST screen (where you see e.g. DELL or HP when you first turn on you PC), you should get a black screen with a screen full of white lettering. It will be obvious if you're at the right screen because you will see options to boot into Safe Mode. Choose 'Safe Mode with Networking' and press Enter on your keyboard (may have to press Enter a second time).
4. Now that you're in Safe Mode, install Malwarebyte's AntiMalware from the media you save it to previously. When the installation is near the end, you will be asked to launch Malwarebyte's AntiMalware and update it. Connect the Internet cable and then launch Malwarebyte's AntiMalware. Follow the instructions to update it, and when it's finished, disconnect the Internet cable.
5. Now, Perform a Full Scan with Malwarebyte's AntiMalware. When the scan is finished, click the Show Results button at the bottom right, and then click 'Remove Selected'. Finally reboot your computer, but this time, let it boot up normally, NOT into Safe Mode.
6. After the computer is up and running, install Comodo Antivirus, and when the installation is finished, plug the Internet cable back in, and update Comodo Antivirus. Once it's updated, run a full scan with it. Remove and threats detected.
7. Once you no longer see any threats detected by either Malwarebyte's AntiMalware or Comodo Antivirus, you can turn System Restore back on. Just uncheck the option to Turn Off System Restore as you did eariler and reboot.
8. Since most malware target our browsers, I would recommend resetting Internet Explorer to factory defaults. This works in IE7 and IE8, but older version don't have this feature. To reset IE:
- Open the Control Panel folder and double-click Internet Options.
- Go to the Advanced tab
- First click Restore Advanced Settings and then click Apply
- Next, click Reset and click Reset again on the popup window - Leave unchecked Delete Personal Settings
- Finally, click Close and click OK
- If you had any IE Windows open, you will be asked to close them for the changes to take effect.
9. Lastly, while you're fixing your computer, it's worthwhile to run a registry cleaner and remove unnecessary temp files. You'll do this with CCleaner. Install CCleaner (Uncheck the option to install Yahoo Toolbar, unless you really want it!) and then launch it.
- On the left-hand side, be sure you're on the Cleaner tab. Then click the Analyze button at the bottom.
- Next, click Run Cleaner and click OK to the warning to remove temp files
- Next, on the left-hand side click the Registry tab and then click the Scan For Issues button at the bottom.
- Next click Fix Selected Issues, click Yes to backup the registry (IMPORTANT!), save the backup in the default location i.e. click Save
- Finally, click Fix All Selected Issues
- Close CCleaner and reboot your computer
That's it! Hopefully this will help you, but I'm sure there will be cases where this process won't help, and you will then have to seek professional help.
Cheers!
Mike Kimmick
