How to Avoid Computer Viruses

Published on Friday, 10 June 2011 12:16 | posted by Louise Ellis |

There have been a few incidents regarding viruses, trojans and other malware on This Way Up. Whilst these infections have not originated from the site, we have compiled this useful guide to help you fix any potential problems, writes Edd Strickland, TWU’s technical manager.

I’m breaking this into some useful headings which will hopefully allow you to find and fix problems on your machine.

The first and most important part of being secure on the internet, and indeed also the cheapest form of anti-virus you can get, is your common sense. Ask yourself some basic questions before investigating further, such as:

Did I install a program which might have made my machine act in a funny way recently?
Did the machine always behave like this?
Have I asked a program to check me for a virus/spyware/adware or others?

If the answer to these is ‘No,’ then ask again about anyone else who has access to your machine. If the answer is still ‘No,’ then the likelihood is this is some kind of trick to get access to your machine. Chances are if the offer looks too good to be true, then the age old pre-internet rule still applies: it will be too good to be true.

If you do think your machine has a problem, then the first thing to do is. . . nothing. Thay may sound counter-intuitive, but if the thing is already causing problems, then clicking on the offending item or interacting with it can, and often does, cause further problems or infection. If, like me, your Mum used to tell you to stop picking at scabs, then you’ll have heard this solid advice before.

For example, scareware, which even has its own its own Wikipedia entry, http://en.wikipedia.org/wiki/Scareware, is a harmless, but annoying virus, which accesses your machine by “scaring” you into thinking that you do indeed have a virus. At some point a user will have installed a program, such as PC Security Guardian, on to their machine, and it is now reporting anything which it chooses, including legitimate things such as email links on newsletters, as being infected. This is called a false positive and is designed to scare an uninitiated PC user into parting with their hard-earned cash and paying for a ‘solution’. The only way this virus gets on to a machine is for the user to download and install it, by clicking on the installer exe. It has no self-installing action, silent download, or secret way of getting on to your machine.

This has become the most prevalent manner in which Mac computers are now compromised. Apple has released patches for the OSX operating system which will resolve this and you should update your OSX to ensure you are safe. This may mean in some cases purchasing a newer version of the OSX software.

Scareware can remain in a computer’s cache and will pop up every time you access certain websites. Each time you go to a site, your browser takes a copy of the files from the site and stores them locally; common images, javascript files, documents and page code etc are all stored in your machine in its browser cache. The reason for this is historic and to make the internet appear quicker than it really was. If you already had a local copy of a file when visiting a site, then it wouldn’t download this again if it had the same name. This meant when users were on dial up they didn’t have to continually download files to make the web pages work. Although internet speeds have increased the technology behind this process has not.

If you last visited the site in that browser when it was infected, and downloaded a local copy of these files to your machine at the time, then this will remain on the machine until you clear out your cache. As this process is a standard home computer maintenance process and specific to the individual, then there is no way the site can force a user to refresh these files, in fact doing so breaks the way the browser works normally.

.Therefore, before you panic about something unusual happening to your computer, first of all find out what the problem does. Make a note of its symptoms when it happens. Does it only happen when X program is launched etc. Use Google to find out if others have similar symptoms to you, and to search to see if any program name which pops up has removal instructions.

Good search terms for this include X Removal, or X Removal tool, inserting the name of the program which is popping up where X is the program name.

Chances are you’re not the first to have this problem, or the last, and there is usually something written about the it.

Read more than one article about the issue however, and never pay for a service which claims it can remove your virus or problem. There is always a free alternative, and often this is another scam designed to make you hand over cash whilst not fixing your problem.

There are a number of tools you can use to protect your machine and also to disinfect it some of these are:

Online virus scanners

Housecall | http://housecall.trendmicro.com/uk/

Housecall will find most things and will remove them from your system if at all possible.

Kaspersky | http://www.kaspersky.co.uk/virusscanner

Kaspersky doesn't remove them but does tell you what they are and how to remove them.

Removal Tools

Spybot is good for preventing trojans and some keyloggers, (programs which log your keystrokes to record your password and other secure information as you type it)and will remove in a non-destructive manner these entries from your registry.

http://www.safer-networking.org/en/ownmirrors1/index.html

CCleaner removes unwanted temp files and some other rubbish which can build up.

http://www.piriform.com/ccleaner

HiJackthis is a program which shows you what's starting up in your DOZE system, use with caution if you get it wrong you'll kill your pc, post your log file to the forum and we'll look at it if you're unsure of what you’re looking at.

http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

If you get a particularly nasty key logger called Win32 Virut, then you have two choices. You can try and run the removal tool from AVG, which kills off most variants of it, but you will take a lot of time doing it (around 5 days on average trying to sort it out on some machines. It's a lot longer dependant on how many gigs of data you have, or conversely, buy a new drive and reinstall everything after removing your mother board power connector and battery.)

If you have this virus, there is currently no known cure for it, and it can and does live on in the Bios memory of the machine even after complete removal from your machine, and will survive reboot after reboot and power down..

If it were me I'd say buy a new disk and start again. It's quicker than disinfecting an entire machine. The Virut exe will infect every single of the following file types:

.cfg (all your windows config files)
.html
.php
.exe
.text
.doc
.ppt

In fact if you can edit text on it, then it can be infected. If it runs as a program on your machine, it can be infected. It overwrites and replaces known system files, which means that you cannot even delete them without blowing a huge hole in your PC.

Seriously if you have this one you've lost your PC. Buy a caddy and stick your drive/s into it and buy a new hard drive and re-install you machine. Once your new machine is rebuilt and has a decent AV and Firewall, then you can plug your old drive in and scan it BEFORE copying over any files from it. To prevent any cross contamination from the old drive to the new machine, it's best to ensure you aren't connected to the internet whilst doing this.

Failure to do this will result in re-infection and you will need to buy another hard drive and start all over again. There are no short cuts to disinfecting this one.

If you are brave download the removal tool.

http://www.avg-antivirus.com.au/avg_virus_removal.htm

From past experience of this virus and removing it from others machines I would seriously weigh up the time factor over the cost; a new 1 TB drive costs £75 and takes 1 ½ hours to install a machine on.

The disinfect process done thoroughly will take a minimum of 16 hours to do and this will go up if you have more than one drive (as most modern machines do) and you may still be left with a non working computer.

If you are coming across strange behaviour from Windows / Internet Explorer, such as:

Home page being changed all the time
Mysterious pop-ups appearing
Constantly redirected to a particular site

It is likely that you have been infected with adware, a program designed (as the name suggests) to bombard you with adverts.

The best way of getting rid of it is to run one of the specialised programs that do this.

Ad-aware - http://www.lavasoftusa.com/software/adaware/

Or again Spybot Search & Destroy

If those don't work, you might like to try:

Bazooka - http://www.kephyr.com/spywarescanner/index.html

Please be careful when using other programs, as some of them actually install spyware/adware. There is never any need to pay money for them - ones which ask you for money are usually rip-offs of other people's work. Never use any program advertised in spam or popups, you could do more damage to your computer with these so-called "solutions".

One particularly persistent piece of adware is called CoolWebSearch. If you have a variant of this and the above programs aren't helping, you might find the following program useful: CWShredder. - http://free.antivirus.com/cwshredder/

Spyware and adware are installed either by other programs that you have downloaded and installed, or through security holes in Internet Explorer.

You might wish to switch to another browser such as Firefox (http://www.mozilla.com/en-US/firefox/new/)or Opera (http://www.opera.com/).

Anti-virus programs and firewalls will not necessarily protect you against spyware and adware, though they are important in their own right.

AV/Firewall

Use a decent AV and Firewall set up.

Comodo is very good and free. - http://www.comodo.com/home/internet-security/free-internet-security.php

AVG is good and free. - http://free.avg.com/gb-en/homepage

Zone alarms is ok but can cause issues in accessing online games and other things and is a bit of a nagging worrier which can get tiresome. - http://www.zonealarm.com/

If you're using Norton, you might as well give me your IP and I'll login to your machine and disable it permanently, AS you have no business being on the internet!! It might come free with every PC, but it's about as much protection as a bag of sand. The technical reason for this is Norton runs on the graphical layer of your PC, which means it removes things which affect what your PC looks like, but makes no attempt to remove things in the Core system of your machine, which is a bit like using cover up make up to hide a gunshot.

It goes without saying but just in case;

DO NOT USE PAID FOR PRODUCTS DOWNLOADED FROM TORRENT OR WAREZ SITES.

If they can hack it to stick it up there in the first place guess what can happen to your machine.

You're kidding yourself and everyone else if you think you are protected in this manner.

To be honest you'd have to be pretty unlucky to have malware silently install, and you'd have to be somewhere dodgy in the first place for this to happen (warez sites, certain porn sites etc) for this to be a case of them installing invisibly.

That’s not to say that other legitimate files don't also carry malware packaged with them, however the user has to interact with the carrier in order for the payload to be deployed. This means that the user may not be aware they are executing the payload for sure, but they will be doing something else which then deploys it.

In my experience of working in IT for the last 10 or so years it is always one of the following:

dodgy porn sites,
stupid tool bars which give you bonus smilies or comet cursors or the like or
pirated software,
user in-experience or plain arrogance, “I know what I'm doing so it'll never happen to me,” or “ I own a Mac I don’t need to worry about viruses”.

Running the programs above give you a better chance of catching these malicious bits of code etc before they take root.

It’s also worth noting unscrupulous groups will attempt to gain access to your details in particular emails and passwords and it’s profitable to do so.

You should be aware, no site, company, tax office, bank etc will ever ask you for your login details or passwords via email. Ever. If you get an email which asks you for these details check carefully who it's from. Attackers have been known to change single letters in usernames to appear legitimate; username becomes u5ername and so on. So again if you receive emails with links from a known name which isn't displayed, as it usually would be, then it's also likely to be a spoof/phishing type email.

It's also worth noting it's entirely possible to spoof genuine names by corrupting the header information which is used to send through the email, so even if the name is 100% and you think it's legit, you should proceed with caution if the email is asking you for specific information, or written in a style which is unfamiliar to you from your legitimate contact.

In short it's best to not click on links in emails unless you 100% know who it's from, and always copy and paste them into your browser.

If you use programs like outlook or outlook express or windows mail/windows live mail, always ensure you have the preview pane turned off, as although you may not have read the email, the software has already opened it and could have deployed it's payload before you've even known about its malicious intent.

There's really no excuse for it in this day and age. Everyone should know that you don't click on links in emails from anything which looks suspicious or appears out of the blue. It is your own responsibility to educate yourself about the dangers out on the web, as well as learning to combat them.

So far, this has all been Windows and PC related and Mac users might think, I'm on a Mac so they don't write viruses for Macs which is mainly true, although there's still some BSDUnix viri which if you input your password will launch from inside of a Mac, but you'd have to be monumentally stupid to do so. In this situation the worse case scenario is far less threatening to your machine than a PC, as the infection will be limited to the user account which you can delete from another user account. Mac’s are still vulnerable to XSS or cross site scripting via javascript exploits. In fact any browser from safari through to opera will have a certain level of XSS vulnerability.

They are also more worryingly exposed to Root kit viri which are designed to allow others to get into your machine and have a spy around. Root kits themselves aren’t really viruses. They are in effect like a computer version of a door wedge. They hold the door open for other things to come in to your machine. This can include Key loggers which will record your key strokes and can steal your password and banking information.

There are several Root kits out there which also attack Macs, again due to the application layer firewall, these still need you to put in your password but can disguise themselves as being legitimate programs.

Don't fall into the trap of thinking that because you're using a Mac your safe, you're not. Phishing emails will still steal information from you on a Mac, as they would on any (including Linux) system. In fact, any web based interaction you have can be corrupted to steal data and this is OS independent.

Equally, and more importantly, on a Mac you can pass on Trojans/Root kits/Key loggers to other PC users who may be on systems which are simpler to compromise. It’s advisable therefore to run an AV product as well as the built in firewall (or paid for firewall) to prevent your machine becoming a 'Typhoid Mary' to others.

Macs also have a series of Trojans aimed at them which again due to the nature of the system aren't designed to destabilise the machine, but steal and log information. The latest one is iServices, which they are still to patch, even in the latest release.

Distributors of Viri and malware know that users will look for certain types of files, and will create files with names of popular programs, such as films, music, tv shows, which are labelled as something else to encourage people to download them., and once they are deployed by the user, attempting to interact with this file. It's not the case that these files were ever legitimate in terms of being what they say they were, they were always malware, but have been renamed as non-threatening things to fool the unsuspecting.

It’s a bit like buying a fake Rolex with a lead back. You knew it was a fake, you just didn't assume they'd be so cheap as to make it out of something which could kill you!

Other useful links:

PC Problems

Oh, No--My PC Won't Even Boot!

http://www.pcworld.com/article/125161-2/never_call_tech_support_again.html

Why Is My PC Behaving Strangely?

http://www.pcworld.com/article/125161-3/never_call_tech_support_again.html

Why Does My PC Run So Slowly?

http://www.pcworld.com/article/125161-4/never_call_tech_support_again.html

Support Tips from the Pros

http://www.pcworld.com/article/125161-6/never_call_tech_support_again.html

Tools and Tips for the Most Frustrating PC Problems

http://www.pcworld.com/article/125161-7/never_call_tech_support_again.html