Malicious Viruses and What To Do If Your System Becomes Infected

26 08 2012

Malicious code (sometimes called malware) is a type of software designed to take over or  damage a computer, without the user’s knowledge or approval. Malware includes:

  • Viruses that attach to legitimate files and spread when the files are opened.
  • Worms that infect systems and spread automatically through the network.
  • Trojan horse programs that appear to be useful programs but which perform secret or  malicious acts.
  • Spyware that tracks your computer or browser activity.
  • Adware that displays pop-up advertisements based on your browser activity.
  • Spam that is unwanted, unsolicited e-mail, often carrying viruses or advertisements for    questionable or illegal products.

You should protect all systems with malware protection software to help prevent and control   malware on your system.

Here are two of my favorite programs to use, Malwarebytes and Avast.  Malwarebytes is reactive program that you install in a non-infected system and run and update to keep your computer safe.  You can also use it in a ‘cocktail’ of programs to run in Safe Mode if you ever have to clean up your system from infections.

Avast is a free anti-virus that has worked pretty good to keep our systems protected.  It is simple, very stealth, and low resource-consuming on any operatating systems we have tested it on.  It has picked up many viruses and removed them from infected systems.

  • Common symptoms of malware on your system include:

    • The browser home page or default search page has changed.
    • Excessive pop-ups or strange messages being displayed.
    • Firewall alerts about programs trying to access the Internet.
    • System errors about corrupt or missing files.
    • File extension associations have changed to open files with a different program.
    • Files that disappear, are renamed, or are corrupt.
    • New icons appear on the desktop or taskbar, or new toolbars show in the browser.
    • The firewall or antivirus software is turned off, or you can’t run antivirus scans.
    • The system won’t boot.
  • Some malicious software can hide itself such that there might not be any obvious signs of its presence. Other symptoms of an infection include:
    • Slow Internet access.
    • Excessive network traffic, or traffic during times when no activity should be occurring.
    • Excessive CPU or disk activity.
    • Low system memory.
    • An unusually high volume of outgoing e-mail, or e-mail sent during off hours.
  • Conducting regular system scans can detect and fix many problems.
    • Most software lets you schedule complete system scans, such as daily or weekly.
    • If you suspect a problem, initiate a full system scan immediately.
  • Remediation is the process of correcting any problems that are found. Most antivirus software remediates problems automatically or semi-automatically (i.e. you are prompted to identify the action to take). Possible actions in response to problems are:
    • Repair the infection. Repair is possible for true viruses that have attached themselves to valid files. During the repair, the virus is removed and the file is placed back in its original state (if possible).
    • Quarantine the file. Quarantine moves the infected file to a secure folder where it cannot be opened or run normally. You might quarantine an infected file that cannot be repaired to see if another tool or utility might be able to recover the file at another time.
    • Delete the file. You should delete files that are malicious files such as worms, Trojan horse programs, or spyware or adware programs. In addition, you should periodically review the quarantine folder and delete any files you do not want to recover.
  • If a scan reports a serious problem, disconnect your computer from the network. This prevents your computer from infecting other computers until the problem is corrected.
  • Some malicious software warnings, such as those seen in pop-ups or received through e-mail, are hoax viruses. A hoax virus instructs you to take an action to protect your system, when in fact that action will cause harm. Two common hoaxes are:
    • Instructing you to delete a file that is reported as a virus. The file is actually an important system file that will lead to instability or the inability to boot your computer.
    • Instructing you to download and run a program to see if your system is compromised or to add protection to your system. The file you download is the malicious software.

    Before taking any actions based on notices or e-mails, search the Internet for a list of virus hoaxes and compare your notice to know hoaxes.

Recovery from malware could include the following actions:

  • If scans detect malware, then repair, quarantine, or delete the malicious software.
  • Some malware cannot be removed because it is running.
    • If possible, stop the program from running, then try to remove it.
    • If you are unable to stop the malware, try booting into Safe Mode, then run the scanning software to locate and remove the malware.
  • If malware has caused damage to the system, it may be permanent and could require that you reinstall applications, features, restore files from a backup, or even restore the entire operating system from scratch.
  • If malware has damaged or corrupted system files, you might be able to repair the infected files using Sfc.exe.
    • Before running Sfc, be sure to remove the program that caused the damage (or it might re-introduce the problem after the fix).
    • You might need to boot into the Recovery Console to check system file integrity and repair any problems found.
  • Some malware can corrupt the boot block on the hard disk preventing the system from starting. To repair the problem, try using the Recovery Console in Windows XP, or perform an automatic repair in Windows Vista/7. Use fixmbr or fixboot in the Recovery Console to try to repair the damage.
  • If the organization uses imaging solutions, you can quickly reimage a machine if it is infected with malware. Reimaging or installing from scratch is often faster and more effective than malware removal and cleanup.

To conclude, the best thing to do in case the virus is not removed is to boot up in Safe Mode (restart the computer and right when it turns on press F8 until you are prompted to start in Safe Mode).  Then run your virus removal utilities.  If you will need the Internet, boot in Safe Mode with Networking (this mean you can connect online with minimal resources loaded).

Sometimes virus removal can be like peeling an onion- you remove one and it reveals another one that was not detected before.  IF this happens a lot, then as you go removing the viruses, some parts of your operating system can become corrupt, like system files and applications .  In this case, and in the case of rootkits, sometimes it’s just best to salvage whatever information you can and then re-install the operating system.

If you need help with any of the things mentioned above, or guidance, please feel free to contact technical support by visiting www.techsuperforce.com.

We are always available through phone, chat, or email.

We hope you enjoyed this article, and feel free to leave comments or questions here.


Actions

Information

2 responses

6 09 2012
backlink genie

Excellent weblog right here! Additionally your website loads up very fast! What host are you using? Can I get your associate link to your host? I desire my website loaded up as fast as yours lol

19 09 2012
superforceword

It just WordPress, no special host. I keep my content through low resolution and use Google to host the low resolution images with a plain background. Stick to light colors for your BG and LowRes graphics and you should be fine. Don’t overload your page with toomany scripts neither, one or two is enough.
Thanks for your comment!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: