How To Cure A Malware Infection
3 Easy Methods
What do you do when your PC is displaying all the signs of having been infected and/or hacked but your antivirus and anti-spyware scan reports come back clean.. or fail to remove the infection?
This was the case for a fella who called me for advice recently. He had done things ‘right’ — and by that I mean he has a firewall, he keeps his antivirus definitions up to date, 
and he runs a couple of anti-spyware applications — but suspected his machine had been hacked anyway.
He couldn’t do things he was used to doing (like deleting a file) and his machine was “really slow.” But according to his scanners, his machine is in perfect shape!
He was right, btw, he was infected.
Tip of the day: If you should find yourself in a similar situation there are several steps you can take to help resolve your questions and (hopefully) fix your machine without taking the drastic step of wiping your hard drive, formatting, and reinstalling Windows.
The first step is to use a scanner that isn’t installed on your machine. Here’s two ways to do that: one, if your antivirus allows it (and most of them do these days), follow its instructions and make an antivirus recovery disk. This is a bootable disk that scans your system before Windows loads.
[note: for a quick method to create an AV disc, keep reading..]
To use one, put it in your CD tray and restart your machine. A plain-text sentence will appear* telling you to “press any key to boot from CD…” When you see it, hit your spacebar or, well, any other key, and then follow the instructions. When it’s finished, remove the CD and restart your machine again. (* If you don’t get a “press any key” prompt, you need to set the boot order in your BIOS. For instructions, click here.)
[note: you may also use a properly prepared USB thumb drive. Click here to read my article on how to do that.]
A second method is to use an online scanner. I have a list, with links, of several good online scans on my website, here. (My reco is Housecall) Quite a few of the online scanning tools will try to sell you their full application, but you’re under no obligation to buy. The big advantage to these two methods lies in the fact that they have not been compromised, or altered, and the files and scanners on your machine may be– the modification being done by the virus or hacker specifically to thwart your removal attempts.
[note: most modern malware blocks access to these sites. If that happens, do the repair found here, Can’t Download? Reset IE, and then try.]
Another thing to do is scroll down to my “Today’s free download” and download HiJack This!. Run it and dump the result into a .txt file (there’s instructions for this) and then register on one of the HiJack This! forums (there’s instructions for this too) and post your results there. Before too long, an expert anti-malwareologist [don’t bother looking: I just now made that word up] will have looked over the intricacies, and will post their analysis and instructions. These folks are really, really good at what they do, and you can trust their answers. These volunteers get a big tip of my hat.
Hopefully these efforts will be rewarded with a rejuvenation of your machine, and you will be back in business again. If not, you have my sympathy. You may have a rootkit and then your best solution is to re-format your hard drive and reinstall everything, or enlist the aid of a professional. There’s no shame in that last — the modern versions of viruses and worms are devilishly difficult to remove.
Today’s free downloads:
HijackThis™ is a free utility which quickly scans your Windows computer to find settings that may have been changed by spyware, malware or other unwanted programs. HijackThis does not clean infections, but creates a report, or log file, with the results of the scan. A large community of users participates in online forums, where experts help interpret the scan results to clean up infected computers.
Avira AntiVir Rescue System This is a small download that, when launched, will create a self-contained anti-virus disc with the latest definitions. All you have to do is insert a blank CD. (You may have to go to an un-infected machine to do this..) It will boot even if your machine won’t load Windows. Avira gets a big tip of my hat for offering this free tool, too!
Today’s recommended reading: How to Protect Your Child on the Internet
Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix
| Share this post : |  |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Geek+Spyware*
I want to apologize to you in advance for a word I will use in this blog from time to time, and that word is “geek.”
When I was a boy–many years ago now–“geek” was a completely pejorative and insulting word. A “geek” was typically a socially inept, small, quiet, know-it-all (who usually wore glasses) kid who couldn’t connect his bat with the softest-thrown baseball or catch a football to save his life…and he used big words all the time. Perhaps in your day you referred to ‘him’ as a Pointdexter, nerd, dork, or wimp. Back then there was no doubt or question about it–“geek” was a put-down: a derogatory statement. Period.
Today, I proudly declare: I am a geek. When I do, I am not broadcasting my pride in my inability to catch a football. (I can catch; and, even throw a tight spiral.) I am saying that I’m “into” computers and electronic gadgets, and I know a little about how they work.
At some point and time our common usage of the word “geek” has changed. It is no longer used strictly as a ‘slam’ and a put-down (however, if that is your intent, I believe the other words I listed above are still 100% negative…although Bill Gates may have softened the word “nerd” some…). If, in the course of reading this blog, you see me use the word “geek”–please rest assured that I am always using it with the nicest of meanings. I even use “geek” as a compliment. Really.
Tip of the day: A reader mentioned in a comment to yesterday’s post on defragmention that spyware, if it gets onto and runs on your machine, will cause it to (amongst other unpleasant things!) suffer performance degradation and make it run slower. I intend to spend a fair amount of time discussing malware, and spyware in particular, and how you can combat and remove it. I will return to this topic in the future. But for today I just want to make this point: If you connect to the Web, you need to run anti-spyware programs. Notice I that I wrote programs. Plural.
That fact is, no one anti-spyware application is 100% effective at stopping and removing spyware. There are many anti-spyware programs available and some are more effective than others. Some are great at stopping keylogger’s but fall down when it comes to Trojan Horses, and others are visa-versa…as an example. So I strongly recommend running two anti-spyware’s, in the hopes that one will catch what the other missed. (There are many free anti-spyware applications [and some are adware disguised as anti-spyware, (called “rogue apps“)] available. For my more detailed descriptions and a fuller listing of free anti-spyware tools, click here.) I cannot stress to you strongly enough to install and run some kind of anti-spyware program…and preferably, two. In that vein, today I will provide not one, but two, Today’s free links.
Today’s free link #1: AdAware SE Personal from Lavasoft. “Ad-Aware 2007 Free remains the most popular anti-spyware product for computer users around the world, with nearly one million downloads every week. Our free anti-spyware version provides you with advanced protection against spyware…”
Today’s free link #2: SpyCatcher Express from Tenebril. From site: “Allows novice PC users to remove aggressive spyware . Stops next-generation, mutating spyware. Blocks reinstallation of aggressive spyware. Removes spyware safely and automatically.”
*Original posting 6/13/07
Copyright 2007-8 © Tech Paul. All rights reserved.
post to jaanix
| Share this post : |  |
 |
|
|
|
|
|
 |
|
|
|
 |
March Madness repost: Infected picture frames
An unexpected interruption has delayed the writing of the “using Certificates to encrypt your e-mail” post, and it may not appear until much later on today. In the meantime, I am re-posting a recent article. This post appeared as “Cyber Crime News”, 2/16/08.
Nowadays, all you need to do is plug in a digital picture frame, and you lose your life savings.
Sound unbelievable? Guess again.
* Regular readers of this series should know that the hackers and viruses/malware of today aren’t about ego, or twisted maliciousness, but are all about profit — namely getting your money. It is cyber-crime, and you are the target. Your computer is their weapon.
* Regular readers will know that phishers send spam e-mails which contain links to fraudulent, malware-laden websites in the hopes that you will enter your account password so they can steal your identity (and drain your funds); and they know that merely visiting this site will “drive-by download” spyware (such as a keylogger) onto you machine, which will eventually report your logins… or anything else you type, like, your credit card number. [note:in April 2007, Google reported that it had found “hundreds of thousands” of webpages serving up malware.]
* Regular readers know that these hackers use trojan horses (a type of worm) to install a backdoor on your machine and turn it into a zombie (aka “bot”, short for ‘robot’) under their control [ http://techpaul.wordpress.com/2007/06/14/the-fbi-and-operation-bot-roast/ ] which they then use, however they like, as part of their botnet. Typically, they use your machine to send spam and copies of the trojan horse (to make their network of bots larger) itself.
All very depressing stuff.
But what you may not already know, Dear Reader, is that these cyber-criminals are always looking for new ways to infect your machine, for the uses mentioned above, (okay; you might have figured that, though) and the method they’re trying for is through the use of USB devices. So that, when we plug in our thumb-drive it infects our machine.. and any other machine we plug it into. The bad guys know that antivirus tools don’t scan USB storage devices before they’re opened (“accessed”).
Because of this fact, I am very leery of thumb-drive give-aways (free gifts) and generally decline to reach into the bowl.
A security nightmare come true:
What if the virus writers and cyber-criminals could get in cahoots with the device manufacturers (or, someone who works there) and pre-install their malware onto brand-new devices? Well, you would go to your local MegaGigaMart* and buy a new device, open the box (or ‘blister pak’), plug it in, and bingo!, you’re identity is stolen, fraud is committed in your name, your accounts are drained.. and your life is ruined. And consider this, folks– darned near everything is made in China.
If that isn’t scary enough, what if the malware was undetectable? What if it could shut down all known antivirus programs? Don’t laugh: it’s real.
There are, right now, digital picture frames (which connect via USB) coming from the (Chinese) factory with a trojan horse pre-installed (and a while back, a few iPods were infected at the factory). This trojan seems to be — for now — limiting itself to stealing online gaming identities, but displays the fierce anti-removal characteristics of truly advanced malware. If it can be programmed to steal gaming identities (do I need to say it?) in version 1.0, who knows what 2.0 will be designed to steal?
Scary, scary (and depressing) stuff.
Today’s free link: For more details on the digital picture frame infection, please read Deborah Gage’s article; “Trojan Horse probing defenses– New virus is smart, aggressive and blocks antivirus protection at will“, published in the San Francisco Chronicle, Friday, Feb. 15th. 2008. Business Section.
* Beware of “Hillary video” e-mail. (Source= Symantec) Spammers are taking advantage of the election season to send a poisoned link (it downloads a trojan) in an e-mail promising a video of an interview with Hillary Clinton. For details, click here.
Copyright 2007-8 © Tech Paul. All rights reserved.
| Share this post : | |
|
|
|
|
|
|
|
|
|
|
Cyber-crime news
Nowadays, all you need to do is plug in a digital picture frame, and you lose your life savings.
Sound unbelievable? Guess again.
* Regular readers of this series should know that the hackers and viruses/malware of today aren’t about ego, or twisted maliciousness, but are all about profit — namely getting your money. It is cyber-crime, and you are the target. Your computer is their weapon.
* Regular readers will know that phishers send spam e-mails which contain links to fraudulent, malware-laden websites in the hopes that you will enter your account password so they can steal your identity (and drain your funds); and they know that merely visiting this site will “drive-by download” spyware (such as a keylogger) onto you machine, which will eventually report your logins… or anything else you type, like, your credit card number. [note: in April 2007, Google reported that it had found “hundreds of thousands” of webpages serving up malware.]
* Regular readers know that these hackers use trojan horses (a type of worm) to install a backdoor on your machine and turn it into a zombie (aka “bot”, short for ‘robot’) under their control [ http://techpaul.wordpress.com/2007/06/14/the-fbi-and-operation-bot-roast/ ] which they then use, however they like, as part of their botnet. Typically, they use your machine to send spam and copies of the trojan horse (to make their network of bots larger) itself.
All very depressing stuff.
But what you may not already know, Dear Reader, is that these cyber-criminals are always looking for new ways to infect your machine, for the uses mentioned above, (okay; you might have figured that, though) and the method they’re trying for is through the use of USB devices. So that, when we plug in our thumb-drive it infects our machine.. and any other machine we plug it into. The bad guys know that antivirus tools don’t scan USB storage devices before they’re opened (“accessed”).
Because of this fact, I am very leery of thumb-drive give-aways (free gifts) and generally decline to reach into the bowl.
A security nightmare come true:
What if the virus writers and cyber-criminals could get in cahoots with the device manufacturers (or, someone who works there) and pre-install their malware onto brand-new devices? Well, you would go to your local MegaGigaMart* and buy a new device, open the box (or ‘blister pak’), plug it in, and bingo!, you’re identity is stolen, fraud is committed in your name, your accounts are drained.. and your life is ruined. And consider this, folks– darned near everything is made in China.
If that isn’t scary enough, what if the malware was undetectable? What if it could shut down all known antivirus programs? Don’t laugh: it’s real.
There are, right now, digital picture frames (which connect via USB) coming from the (Chinese) factory with a trojan horse pre-installed (and a while back, a few iPods were infected at the factory). This trojan seems to be — for now — limiting itself to stealing online gaming identities, but displays the fierce anti-removal characteristics of truly advanced malware. If it can be programmed to steal gaming identities (do I need to say it?) in version 1.0, who knows what 2.0 will be designed to steal?
Scary, scary (and depressing) stuff.
Today’s free link: For more details on the digital picture frame infection, please read Deborah Gage’s article; “Trojan Horse probing defenses– New virus is smart, aggressive and blocks antivirus protection at will“, published in the San Fransisco Chronicle, Friday, Feb. 15th. 2008. Business Section.
* Beware of “Hillary video” e-mail. (Source= Symantec) Spammers are taking advantage of the election season to send a poisoned link (it downloads a trojan) in an e-mail promising a video of an interview with Hillary Clinton. For details, click here.
Copyright 2007-8 © Tech Paul. All rights reserved.
| Share this post : | |
|
|
|
|
|
|
|
|
|
|
Botnets hurt Rockies and, poison .pdf’s (updated)
You have to feel sorry for the Colorado Rockies, even if you’re not a fan. After a miraculous run of victories swept them into World Series, the Red Sox slammed them 13-1 in Game One (ouch!). To add insult to injury, their online ticket sales website crashed (after only 500 tickets were sold) on Monday, which they believe was the result of a cyber-attack; namely a DoS attack launched from a botnet.
“Our website, and ultimately our fans and our organization, were the victim of an external, malicious attack that shut down the system and kept our fans from being able to purchase their World Series tickets,” Keli McGregor, team president, said Monday in a news release.
Very early in the history of Tech–for EveryoneI wrote two articles which discuss botnets and how your computer could be a zombie without your knowing it — and a couple of steps you can take to prevent a hacker from using your machine to mail out spam, or launch attacks.
The first I titled “Some basic security pointers #1“, which I always think of by its opening sentence, “is your computer a zombie?”. In it I discuss User Account passwords, what makes a good password, and the hidden Windows Administrator account, and provide a link to a tool that tests the effectiveness of your firewall. (Click the links to view the articles.)
The second article was titled “The FBI and Operation: Bot Roast” which opens by asking the question, “is your computer a threat to national security?” In this article I discussed malware, such as rootkits and trojan horses, and how hackers use these to take control of your machine, and use it for their own, nefarious, purposes. I explained what a botnet is, and I provided a link to the pages on my business website where I list several dozen links to the best free antivirus and anti-spyware tools.
Tip of the day: Read these important articles and get educated about hackers and their evil programs, and then download the tools, and take the preventative steps, and thwart these Evil Doers. It is a fact that your machine can be used to interfere with our economic system and way of living.
Tip of the day #2: Do not open any PDFs you receive via email for a while. (Loyal friends and true will note that this is the first time I’ve posted two tips in one day.)
There is currently making the rounds an exploit that uses a trojan horse embedded in a poisoned .pdf attachment to download malware onto your machine. The exploit uses a vulnerability in code found in IE 7 on Windows XP. Microsoft is aware of this, but has yet to release a patch (through Windows Update).
If you aren’t sure what an “exploit” is, I discussed it in an article titled “These folks had a very bad day“, which discusses exploits and vulnerabilities and how this is the Number One hacker technique for gaining control of your machine. In it I demonstrate how to configure your firewall and Update settings, and provide a link to website which will scan your machine for unpatched vulnerabilities and help you get updated and protected.
[update 10/30: From Secure Computing–
Ken Dunham, director of global response for iSight Partners, told SCMagazineUS.com today that one of his source’s honeypots received the infected email once every 10 seconds. This indicates “a fairly heavy spamming taking place,” especially for home users in advance of the weekend, he said.
The shadowy Russian internet service provider, Russian Business Network (RBN), is behind the attacks, which attempt to infect users with two rootkits that seek to steal personal and financial information from compromised PCs, Dunham said.
“You have what looks like a PDF attachment,” he said. “It’s actually exploit code designed to download code from a remote server.”
Adobe patched the bug Monday, so those who upgraded to Adobe Reader 8.1.1 and Acrobat 8.1.1 are safe.”
Today’s free link: By clicking the links to the three articles posted above, and scrolling down to this section of the posts, you will find links to 50+ highly rated free security tools. Please, take advantage of them!
You can help improve this blog by answering a 5-question opinion survey Click Here to take survey
Copyright © 2007 Tech Paul. All rights reserved.
Do you appreciate all the free advice and links to safe and free software I provide six days a weeks–ad free? Do your friends (and me) a favor and let them know about Tech–for Everyone.
| Share this post : | |
|
|
|
|
|
|
|
|
|
|
|
• About Tech Paul
I am a Retired computer & network technician. I used to think the machines were pretty cool. Now I don’t.
They’re anything but.
I regularly posted how-to’s and tricks & tips and general computing advice here starting in 2007. (Use the Search tool to find answers. But be aware, many are rather dated.) Sometimes I answered (your) specific questions in an article if I believed the answer was generally helpful to “everyone”. All the writing you see was my own, typos and all. There always is/was an implied “IMHO” in what you see here.
Note: You are responsible for using this blog and its content. I am in no way liable for any losses caused by user error, viruses and/or other malware, hardware or software failure, or any other conceivable reason.
-
Say "thank you!" Buy Tech Paul a cup of coffee (and keep T4E ad free).
-
-
McAfee® Cybersafety Resource Portal, an online help center designed to assist victims of computer crime and provide information on how to avoid becoming a victim.
-
Subscribe to Tech--for Everyone by EmailRecent Comments
-
-
-
-
Also:
-
-
Tech - for Everyone 