You are invited to Log in or Register a free Frihost Account!

Caught A Virus? Here's what to do.

Caught A Virus?

If you've let your guard down--or even if you haven't--it can be hard to tell if your PC is infected. Here's what to do if you suspect the worst.

Heard this one before? You must run antivirus software and keep it up to date or else your PC will get infected, you'll lose all your data, and you'll incur the wrath of every e-mail buddy you unknowingly infect because of your carelessness.

You know they're right. Yet for one reason or another, you're not running antivirus software, or you are but it's not up to date. Maybe you turned off your virus scanner because it conflicted with another program. Maybe you got tired of upgrading after you bought Norton Antivirus 2001, 2002, and 2003. Or maybe your annual subscription of virus definitions recently expired, and you've put off renewing.

It happens. It's nothing to be ashamed of. But chances are, either you're infected right now, as we speak, or you will be very soon.

For a few days in late January, the Netsky.p worm was infecting about 2,500 PCs a day. Meanwhile the MySQL bot infected approximately 100 systems a minute (albeit not necessarily desktop PCs). As David Perry, global director of education for security software provider Trend Micro, puts it, "an unprotected [Windows] computer will become owned by a bot within 14 minutes."

Today's viruses, worms, and so-called bots--which turn your PC into a zombie that does the hacker's bidding (such as mass-mailing spam)--aren't going to announce their presence. Real viruses aren't like the ones in Hollywood movies that melt down whole networks in seconds and destroy alien spacecraft. They operate in the background, quietly altering data, stealing private operations, or using your PC for their own illegal ends. This makes them hard to spot if you're not well protected.

Is Your PC "Owned?"

I should start by saying that not every system oddity is due to a virus, worm, or bot. Is your system slowing down? Is your hard drive filling up rapidly? Are programs crashing without warning? These symptoms are more likely caused by Windows, or badly written legitimate programs, rather than malware. After all, people who write malware want to hide their program's presence. People who write commercial software put icons all over your desktop. Who's going to work harder to go unnoticed?

Other indicators that may, in fact, indicate that there's nothing that you need to worry about, include:

* An automated e-mail telling you that you're sending out infected mail. E-mail viruses and worms typically come from faked addresses.
* A frantic note from a friend saying they've been infected, and therefore so have you. This is likely a hoax. It's especially suspicious if the note tells you the virus can't be detected but you can get rid of it by deleting one simple file. Don't be fooled--and don't delete that file.

I'm not saying that you should ignore such warnings. Copy the subject line or a snippet from the body of the e-mail and plug it into your favorite search engine to see if other people have received the same note. A security site may have already pegged it as a hoax.

Sniffing Out an Infection

There are signs that indicate that your PC is actually infected. A lot of network activity coming from your system (when you're not actually using Internet) can be a good indicator that something is amiss. A good software firewall, such as ZoneAlarm, will ask your permission before letting anything leave your PC, and will give you enough information to help you judge if the outgoing data is legitimate. By the way, the firewall that comes with Windows, even the improved version in XP Service Pack 2, lacks this capability.

To put a network status light in your system tray, follow these steps: In Windows XP, choose Start, Control Panel, Network Connections, right-click the network connection you want to monitor, choose Properties, check "Show icon in notification area when connected," and click OK.

If you're interested in being a PC , you can sniff around further for malware. By hitting Ctrl-Alt-Delete in Windows, you'll bring up the Task Manager, which will show you the various processes your system is running. Most, if not all, are legit, but if you see a file name that looks suspicious, type it into a search engine and find out what it is.

Want another place to look? In Windows XP, click Start, Run, type "services.msc" in the box, and press Enter. You'll see detailed descriptions of the services Windows is running. Something look weird? Check with your search engine.

Finally, you can do more work by selecting Start, Run, and typing "msconfig" in the box. With this tool you not only see the services running, but also the programs that your system is launching at startup. Again, check for anything weird.

If any of these tools won't run--or if your security software won't run--that in itself is a good sign your computer is infected. Some viruses intentionally disable such programs as a way to protect themselves.

What to Do Next

Once you're fairly sure your system is infected, don't panic. There are steps you can take to assess the damage, depending on your current level of protection.

* If you don't have any antivirus software on your system (shame on you), or if the software has stopped working, stay online and go for a free scan at one of several Web sites. There's McAfee FreeScan, Symantec Security Check, and Trend Micro's HouseCall. If one doesn't find anything, try two. In fact, running a free online virus scan is a good way to double-check the work of your own local antivirus program. When you're done, buy or download a real antivirus program.
* If you have antivirus software, but it isn't active, get offline, unplug wires-- whatever it takes to stop your computer from communicating via the Internet. Then, promptly perform a scan with the installed software.
* If nothing seems to be working, do more research on the Web. There are several online virus libraries where you can find out about known viruses. These sites often provide instructions for removing viruses--if manual removal is possible--or a free removal tool if it isn't. Check out GriSOFT's Virus Encyclopedia, Eset's Virus Descriptions, McAffee's Virus Glossary, Symantec's Virus Encyclopedia, or Trend Micro's Virus Encyclopedia.

A Microgram of Prevention

Assuming your system is now clean, you need to make sure it stays that way. Preventing a breach of your computer's security is far more effective than cleaning up the mess afterwards. Start with a good security program, such Trend Micro's PC-Cillin, which you can buy for $50.

Don't want to shell out any money? You can cobble together security through free downloads, such as AVG Anti-Virus Free Edition, ZoneAlarm (a personal firewall), and Ad-Aware SE (an antispyware tool).

Just make sure you keep all security software up to date. The bad guys constantly try out new ways to fool security programs. Any security tool without regular, easy (if not automatic) updates isn't worth your money or your time.

Speaking of updating, the same goes for Windows. Use Windows Update (it's right there on your Start Menu) to make sure you're getting all of the high priority updates. If you run Windows XP, make sure to get the Service Pack 2 update. To find out if you already have it, right-click My Computer, and select Properties. Under the General tab, under System, it should say "Service Pack 2."

Here are a few more pointers for a virus-free life:

* Be careful with e-mail. Set your e-mail software security settings to high. Don't open messages with generic-sounding subjects that don't apply specifically to you from people you don't know. Don't open an attachment unless you're expecting it.
* If you have broadband Internet access, such as DSL or cable, get a router, even if you only have one PC. A router adds an extra layer of protection because your PC is not connecting directly with the Internet.
* Check your Internet ports. These doorways between your computer and the Internet can be open, in which case your PC is very vulnerable; closed, but still somewhat vulnerable; or stealthed (or hidden), which is safest. Visit Gibson Research's Web site and run the free ShieldsUP test to see your ports' status. If some ports show up as closed--or worse yet, open--check your router's documentation to find out how to hide them.

Edited by GhostRider103: Next time do not just copy and paste someone else's article, make sure to use quote tags.
A few things:

1. If you're going to copy and paste, it must be quoted in [quote ][/quote ] tags and the original author mentioned.
2. Worms? Dude, the original article was written back in 2005. ZoneAlarm and Ad-Aware aren't the best software anymore. Comodo and SAS / MBAM have replaced those "roles."
3. It isn't impossible to stay away from viruses / malware without a antivirus software. I've found this wonderful Firefox-plugin / software that WONDERFULLY encrypts everything I've typed. For example, the word "antivirus" translates to 6\]c8,0b4. I've even tested it with a keylogger (home use) and it works wonders. I'm not afraid to enter my credentials over the internet anymore. If the pro version is purchased, it can protect MSN convos, word documents and thousands of other programs. It's something I'd like to look into just to keep myself safe, but for now Firefox is all I need.

For a few days in late January, the Netsky.p worm was infecting about 2,500 PCs a day. Meanwhile the MySQL bot infected approximately 100 systems a minute (albeit not necessarily desktop PCs). As David Perry, global director of education for security software provider Trend Micro, puts it, "an unprotected [Windows] computer will become owned by a bot within 14 minutes."

I'd assume most users, here at least, know the difference from downloading a fake and legit file. Those stats represent the non-tech savvy people.

By hitting Ctrl-Alt-Delete in Windows, you'll bring up the Task Manager

Most malware programs actually disable the task manager. For example, I was playing around with a fake "antivirus" and it disabled my desktop (no icons, although it's easy to get around) and each time I opened msconfig or services.msc it would say "msconfig is infected with such-and-such, please purchase the ...". I even had a hard time removing it, even though it was in a Virtual Machine. It cleverly hid itself in the ApplicationData folder, which would be a place to look but highly suspicious for a file to be "installed" there. Yes, I downloaded it myself, just for testing purposes. Smile Heck, I even test malware on my main system, because it's fun and easy.

If you have broadband Internet access, such as DSL or cable, get a router

A router won't 100% protect you from viruses, actually it's very slim that it will do anything at all. There is a small chance of the malware running on a odd port and luckily your router has it blocked but that's a small chance. Malware is always downloaded through the internet (port 80) and routers automatically allow port 80 for browsing. Malware writers (hackers maybe?) are smart enough to know what ports are unblocked on a non-configured router. Routers could also be non-passworded and the hacker could easily get into your system and change your router configuration.

Most scams come from PayPal, MySpace and Facebook. Hackers target the big markets for a reason, to make money. Always make sure you're typing your credentials into the right place, and make sure that it has SSH (the lock in the URL-bar or status bar). If your bank doesn't have it, and you know it's the right site, don't enter your credentials. There's a high chance that somebody is sniffing (reading) the connection and your password could be stolen.

If anybody is looking for the anti-keylogger protection for Firefox, look up KeyScrambler, it works wonders. Keep in mind that antiviruses aren't the only thing needed. Malwarebytes and SuperantiSpyware are also rock-solid programs that can help you clean your system. Malwarebytes will help out a LOT so it's good to have by your side.
Ghost Rider103
Diablosblizz wrote:
A few things:

1. If you're going to copy and paste, it must be quoted in [quote ][/quote ] tags and the original author mentioned.

Just so you know, back-seat moderating is actually against the Frihost Rules, and this isn't the first time I've seen you do it. If you think someone is doing something wrong, then use the report feature instead of trying to take care of it on your own.

Original post has been edited with quote tags.
Fire Boar
Funny, whenever I catch a virus I don't do any of that. I just live with it, packing extra tissues, or if it's particularly bad I might take the day off work and stay in bed a bit later, taking it easy until I recover.
Because of the thread topic, I want to share how I fight viruses:
(because I don't wanna use free anti-virus programs)

1. Backup important data. It's good to do this every now and then, just in case.

2. Prepare all the tools. The main programs I use in fighting off viruses: regedit, task manager, cmd. More often, it's better to use third-party programs since these built-in programs can easily be overthrown by registry keys. For example, a registry key determines what program runs when you ctrl-alt-del.

3. Determine what programs run every startup. The easiest way is to use msconfig. The virus is probably there. But since this is not always the case, also look into the registry keys in Winlogon/shell, or the safeboot keys.

4. Remove the program from your startup. You can do that from Step 3. However, they will be probably iterating writing themselves to the startup keys, so ending the process first would be a good idea. You can find its name in task manager or in other third-party apps, but if it's good, it will appear as a service. If it's really really good, it will tweak your kernel to hide itself. In these cases, look for it manually.

5. Delete the program. It can appear as one, or it can duplicate itself, with random names. You can find their locations if you can successfully do Step 3 above. Deleting the exe itself might not be that easy, even with safe mode. I suggest you use Unlocker.

6. Restart. If it's still there, you might have missed one startup key.

7. If, after many trials, you fail, use another OS to delete the virus. That is one good reason why you should partition and dual-boot. If all else fails, download a trial pro version of an antivirus. Remove it afterwards.

8. And if the antivirus can't, insert your hard drive into another PC, get all the data, and then reformat the hard drive.

And for those who bothered to read the whole thing, please give some suggestions Very Happy
I usually take my computer to the computer doctor when I get a virus (touch wood, the last one I had was about four years ago). I then get him to completely reformat the hard disk and start from scratch. At that time I had viruses twice in one year and that was with Norton Anti-Virus. Since then I have changed to Kaspersky, and it may or may not be Kasperksy, and perhaps just good luck, but so far so good. I do believe however in reformatting my hard disk periodically, sort of speeds up the processes, as well as cleans up the system.
Related topics
Spying on the spyware makers
Anti Virus
Virus says - Pay me or else ....
can a virus cause unrecoverable damage to HD?
Michael Jackson 'Suicide' virus spreads
What to do when you get a virus
Stupid MSN virus
Windows Vista Virus!!
Nyxem virus set to strike tonight
very interesting virus
Brotok virus problem???
Run-time error '5', repeated virus alerts, help!
Extreme Virus
Reply to topic    Frihost Forum Index -> Computers -> Computer Problems and Support

© 2005-2011 Frihost, forums powered by phpBB.