Malware Part 2: Malware Detection and Removal
In Malware Part 1: Viruses, Trojans, Worms, Spyware, Adware, we discussed the different Malicious Software types. The reason why we started with the description of each type is for us to be able to identify the right type of infection we have on our computer and be able to do the right steps of removal.
Let us start with the easiest one to detect, Spyware and Adware. As was discussed from part 1, for us to know that we have these two types of malware, is first, if we get popup messages, Normally advertisements. If we get a lot of messages like asking us to purchase a software, most of the time Anti-virus software that are unknown to us. Another way to detect this is if our system has significantly slowed down. Spywares have these effect on the computer. The reason why it slows the computer down is because of the processes that it takes to spy on your computer. So if you have those two things then most likely you are already infected by any of these two types.
The next one are worms. Worms are a bit tricky because there are still a lot of types but if we know some signs to watch out for then we will be able to know that our computer is already infected. Worms most of the time slow down the computer as well. Much like the spyware, worms search your computer for traces of data it could use to be able to transmit itself, like email addresses, network IP adresses that you have previously connected to, websites and sometimes even chat IDs. It slows down not only the computer but also your network connection since it would try to send a lot of email copies of itself, or even try to locate different computers in the network and scan for their vulnerabilities. If your computer is significantly slow when connecting to even another computer in the network then this may be the cause. Another way for you to detect if you have a worm, specially an email worm, is if you are using a standalone email software and also when you noticed your family and friends telling you that you have been sending them lots of mail, mostly spam, without you knowing. The worst way to discover this is when your ISP calls you up that you are eating a lot of bandwidth or that your computer has been sending a lot of spam mail, again without you knowing, and tells you that unless you put a stop to it they will disconnect you.
You will be able to detect a virus if you noticed also that your system is slow, that you have a hard time doing a particular task on the computer like opening certain programs. Also, you suddenly find that your hard drive is taking a lot of space and there are tons and tons of unknown folders in your computer that suddenly appeared. Also aside from that, your Flash drives also appear to be full all the time. There are no popups. This is particularly hard to detect. Most viruses would be noticeable only after a few days, weeks, or even months after infection, which most likely would lead to the damage of the operating system or other software that would require you to do a complete reinstallation of your operating system.
And, last but not the least, Trojans. Trojans very much like viruses are hard to detect as these malware is specifically made to be stealthy. You will sometimes see some slowdown on the computer but most of the time your computer would run as it would be. It would take a lot of time before you notice one. Most common trojans are keyloggers. Would be hackers would try to install these software into your computer to be able to steal your passwords or any other information that they could use against you. The best way to detect these malware is to be aware of the programs you have personally installed on your computer and also the original programs installed on it. You could go to the System Configuration Utility (Start > Run > msconfig) to check each of the startup programs from there.
Now, we go to the basic removal of viruses. The main important thing with these malicious software is that as soon as we suspect that our computers are infected, we need to scan and remove them right away. The longer it takes for us to remove these malicious software, the worse the computer gets and the harder for us to remove them. Which, as i have said, would often lead to the full reinstallation of the operating system and loss of valuable data.
Here are some basic steps that we could take to remove these malicious software:
1) Clear your temporary internet files and cache. Go to control panel and click on internet settings. From there click on the general tab and click on delete under history. Clear everything.
2) Stop some startup applications first. Go to start > run. Type in "msconfig" then click on OK. Click on the services tab and put a mark on "Hide all Microsoft Services" then click disable all. Next, go to the startup tab and uncheck everything except for your antivirus software. When you are done click on "Apply" then "OK". It would ask you to do a restart then click restart. The reason why we need to disable some startup applications is that viruses would normally hide on the startups and services. Disabling them would help with the removal once the antivirus scans the system.
3) On restart, Scan the whole system. Make sure that you have a legitimate antivirus software that has been updated and is not expired. Most people would ask me, do i really need an antivirus software? Do I really need to purchase these? What antivirus software do you recommend? The answer to these questions are Yes, Yes, and Any one would do. Everyone needs an antivirus software. Everyone gets infection from time to time specially if we go online all the time and if we like to share digital media like usb Flashdrives.
Without the antivirus software your computer is wide open and most likely to be attacked and damaged by malware. Now we do not want just any free antivirus software. Even though being free seems good enough most people do not know that free softwares have their downsides. Specially for antivirus software. Most, if not all, free antivirus software would update their customer's copy with a week old data update. This means that when you are getting an update for malware it is most likely a week old already. Most likely unable to detect the latest malware. Some of the antivirus software would also include that information on their License Agreement. This gives an advantage to those who purchase the software.
Would you need two or more? No. You only need one. Adding another antivirus software does not increase your chances of blocking malware from infecting the computer. It would even, most of the time, cause more problems to have two or more antivirus software since they would normally conflict with each other. So to choose which one is the best, I would say that any of these well-known antivirus software would do. All antivirus software is not actually a 100% guarantee that you are protected. There is still a small percentage or chance to get infected when 1) you do not upgrade the software regularly and 2) when you get infected by a very new malware that has not been detected by the antivirus companies yet. They would need some time to get a copy of the malware and dissect the code to get a proper detection schema and deletion process.
4) Scan your system thoroughly. Most people would scan the system files only. I suggest that if you suspect infection is to scan the whole computer. It would take a lot of time specially if you already have a lot of files on the computer but it is worth the wait. Do not be tempted to use the computer while doing the scan. Sometimes without us knowing we add another virus to the system, in a folder that was already scanned by our antivirus.
5) If you get popups, take note of the popup messages. The names of these popup messages would be very helpful at times. Search in google for a removal for that specific popup. Run the removal tool and you will be free from that popup.
In summary, these are the basics of malware removal: We first disable startups that would most of the times include the virus. Disabling the startups would stop reoccurrence. Update your antivirus and then Scan the whole system.
In the next part, Malware Part 3: Defense, Protection and Prevention, we will be discussing some ways for us to defend, protect and prevent our system from being infected by these malware.