Viruses on our computers are about as prevalent as the common cold.  It’s not a matter of if you’ll get infected (or a cold), but when.  Cold remedies are a multi-billion dollar industry.  Anti-Virus (A/V) and malicious software (aka malware) defense and clean-up is quickly catching up.  There are a few good sources on A/V products that may help you decide the one that’s best for you (note: these are all for PC):

The things with colds is that they usually go away on their own given 3-10 days (taking zinc early on helps, btw).  That’s often not true with computer viruses.  Anti-virus solutions aren’t 100% effective against all types of malware.

What can you do if your PC gets infected and your A/V product isn’t taking care of it?  Below is an email from a student who’s grandparent’s computer got infected along with my response.  It’s not intended to single-out this student or his grandparents, but to use it as a case on how to respond when the inevitable infection hits.

From the student:

We shouldn’t get tunnel vision when protecting our homes and with all the emerging methods to breach security (e.g. bash bug), we have to stay diligent. Indeed the low hanging fruit is the one to get plucked. I talked with my fiance’s grandparents this week and they have unfortunately fallen victim to a classic social engineering scam. Someone called the grandmother claiming to be a technician from her anti-virus software company. He then asked for various sensitive information from her (i.e. passwords, credit card numbers, etc.) and she naively gave up the information trusting this gentleman, when he told her that something was wrong with her computer.

Now every time she connects to the internet, this d%&$ has remote control over her PC. He contacts her saying that he will not give up control of the PC unless she pays him more money. I’m planning on doing some serious overhaul on their laptop the next time I visit.

My response:

This is a classic case of ransomeware.   Re-imaging the PC and starting with a clean slate is the only sure-fire way to get rid of the problem(s).  Most companies now don’t even spend time trying to remove malware.  They’ll just save any important files first and then re-image.  This person should be able to boot to safe mode to grab any local files on the PC before they re-image it.

If the you have time and wants to experiment, she/he can use SysInternals Suite tools to try to manually remove it.  Have her/him watch the video, “Malware Hunting with Mark Russinovich and the Sysinternals Tools.”   It’s a great tool to learn how to effectively use the SysInternals Process Monitor, Process Explorer, and Autoruns, focusing on the features useful for malware analysis and removal. He makes it look easy.

Of course, there’s always Malwarebytes, Junkware Removal Tool, and Malicious Software Removal Tool. These may also remove the offending files.

(I’m assuming this is a Windows PC.)

What tools / techniques do you like to use for malware defense and removal?  Please comment and share your ideas.

2 thoughts on “What to do about Malware?

  1. Kevin Watkins says:

    Combofix is a great go to tool for removal and catches changes and configuration issues.

    1. Ron Woerner says:

      Good addition. Combofix is found at bleepingcomputer.com (http://www.bleepingcomputer.com/download/combofix/), a site I regularly visit for IT and security tools. According to that site, Combofix doesn’t work with Windows 8.1.
      I appreciate the warning they provide, which is applicable to many, similar tools:

      You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

Comments are closed.