1ComputerCare

Viruses and Malware

What are they ?

Viruses are programs that run without the userís informed consent and do harm to the host computer or operator

Malware refers to either all types of malicious software, or just unwanted non-virus programs

Trojans  These are programs that may purport to do something favorable, but come with an undesirable payload.

Worms are self-replicating programs that require no human intervention to spread.  They aim to reproduce themselves on any accessible network

Root kits are designed to take control of the computer and often prevent human interruption.  They typically cloak themselves to be invisible to regular virus cleaners

Adware automatically displays, plays or downloads inducements to purchase goods or services

Spyware is designed to surreptitiously record information for the benefit of the author.  Subtypes include keyloggers, screen grabbers and personal information sniffers.

Scareware falsely claim you have viruses and offer to remove them if you just click and give your credit card details.

Phishing is fraudulently gaining information by masquerading as a trustworthy hyperlink.

Browser hijackers attach add-ons to common browsers so that the author can gain use of your PC.

How did they arrive ?

Viruses are sometimes the result of teenagers with nothing better to do trying to impress one another, but more often now they are designed to net income for the author: identity theft is big business and just a few small pieces of information can be sold on and lead to potential riches.

Anyone with a less than fully protected computer can unknowingly spread viruses.  Sometimes a harmless looking e-mail from a friend will be hijacked to incorporate a virus.  Other times viruses can come from simply visiting a website that has been prepared (by the owner or a hacker) to include code (ActiveX controls, Java applets or other scripts) that include a small virus installation program that runs silently.  Mostly though, file sharing networks (e.g. LimeWire, eDonkey, Morpheus, Kazzaa) are implicated in propagating viruses.

Cleansing Methodologies.

There are two ways to fix virus ridden computers.  One is to locate and identify each infection then painstakingly remedy itís effects.  This is time consuming but has the merit of leaving the computer in much the same state as it was before the infection.  The other approach is to wipe everything off the disk and reinstall Windows from scratch.  This has the benefit of being relatively fast and is guaranteed to work, but all programs need to be reinstalled which means hunting down installation disks and activation codes.  Application settings, e.g. stored usernames & passwords, usually need to be reapplied also.

The main stream outlets usually take the second approach as the fault is certain to be fixed and time is minimized.  I take the first approach generally as it is what I would want were I an informed customer.  The problem with my approach is that it is not possible to test the computer with all permutations of running programs, so occasionally a problem appears after I return the computer to the client.  In this case I typically suggest wiping the disk and starting from scratch Ė this is done without further charge.

Disinfection Process.

The hard disk drive(s) are removed from the home computer then completely scanned several times (two or three for virus detection, the same for malware, then repeated for each Windows account).  Each time a virus is found (there are usually multiple infections) automatic removal is attempted first.  When that fails Ė perhaps because of other virus cross contamination, the strains of virus have to be researched and their consequences manually undone.  The disk drive is then returned to its own computer and further programs are run to remove lesser malware.  The disk is then checked for logical errors and corrupt files and repaired from a Windows installation disk if necessary.  The next step is to verify that dynamic link library files are uncorrupted.  If necessary, the operating system and drivers are patched to include the latest security updates.  Then basic tests are done on commonly used programs to confirm that they appear to work as required.  Anti-virus and spyware protective software is then confirmed to be present, updated and working before the PC is ready to be fully tested then returned to the owner. 

How to prevent infection ?

Ensure that Windows and MS Office are kept updated with security patches as soon as they are published.

Maintain a full, updated and paid for copy of a reputable Internet security suite (not simply anti-virus).

Run a firewall to prevent unwanted visitors to your computer gaining access.

Do not use an administratively privileged account for day-to-day activities.

Password protect Windows accounts and encrypt sensitive files.  Passwords must be robust and private.

Do not open e-mails from unknown sources in HTML compatible readers.

Scan all removable disks, downloaded files and e-mail attachments for viruses before opening them.

Run housekeeping procedures regularly, described at http://www.1computercare.co.uk/housekeeping.htm

Which Antivirus program is best ?

No antivirus program can be 100% effective.  All major suppliers update their programs in the Autumn, and at about that time I read all the reviews of the current yearís releases I can find and publish my view of the consensus on my blog at http://www.1computercare.co.uk/blog/index.php  After downloading the installation of a new antivirus program (and checking it for viruses with your existing program), it is essential to remove the previous yearís program after physically disconnecting from the internet.  After restarting the PC you may now install the new program.  Do not simply extend the data file subscription as the old program may remain unupdated.

Links & references.

http://en.wikipedia.org/wiki/Computer_virus

http://aumha.org/a/parasite.htm

http://computer.howstuffworks.com/virus.htm

http://www.windowsecurity.com/articles/Protecting_Email_Viruses_Malware.html

http://www.aarp.org/learntech/computers/howto/Articles/a2002-07-18-virus.html

http://antivirus.about.com/cs/tutorials/a/whatisavirus.htm

 

The information here is opinion reflecting personal experience; it does not claim to be complete or authoritative.  Whilst believed to be accurate at the time of writing, absence of mistakes cannot be guaranteed as the nature of the topic is that information becomes out of date quickly.  This information sheet is made available on the understanding that responsibility for confirming any facts you rely on rests with the reader.  For information about virus removal services please contact 1ComputerCare on

0845 108 0254

Eugene@1ComputerCare.co.uk