Five steps....
1. Isolate the drive
Many rootkit and Trojan threats are masters of disguise that hide from the operating system as soon as or before Windows starts. I find that even the best antivirus and antispyware tools — including AVG Anti-Virus Professional, Malwarebytes Anti-Malware, and SuperAntiSpyware — sometimes struggle to remove such entrenched infections.
You need systems dedicated to removal. Pull the hard disk from the offending system, slave it to the dedicated test machine, and run multiple virus and spyware scans against the entire slaved drive.
2. Remove temporary files
While the drive is still slaved, browse to all users' temporary files. These are typically found within the C:\Documents and Settings\Username\Local Settings\Temp directory within Windows XP or the C:\Users\Username\App Data\Local\Temp folder within Windows Vista.
Delete everything within the temporary folders; many threats hide there seeking to regenerate upon system startup. With the drive still slaved, it's much easier to eliminate these offending files.
3. Return drive and repeat scans
Once you run a complete antivirus scan and execute two full antispyware scans using two current, recently updated and different antispyware applications (removing all found infections), return the hard disk to the system. Then, run the same scans again.
Despite the scans and previous sanitization, you may be surprised at the number of remaining active infections the antimalware applications subsequently find and remove. Only by performing these additional native scans can you be sure you've done what you can to locate and remove known threats.
4. Test the system
Once you finish the previous three steps, it's tempting to think a system is good to go but don't make that mistake. Boot it up, open the Web browser, and immediately delete all offline files and cookies.
Next, go to the Internet Explorer Connection settings (Tools | Internet Options and select the Connections tab within Internet Explorer) to confirm that a malicious program didn't change a system's default proxy or LAN connection settings. Correct any issues you find and ensure settings match those required on your network or the client's network.
Then, visit 12-15 random sites. Look for any anomalies, including the obvious pop-up windows, redirected Web searches, hijacked home pages, and similar frustrations. Don't consider the machine cleaned until you can open Google, Yahoo, and other search engines and complete searches on a string of a half-dozen terms. Be sure to test the system's ability to reach popular antimalware Web sites such as AVG, Symantec, and Malwarebytes.
5. Dig deeper on remaining infections
If any infection remnants remain, such as redirected searches or blocked access to specific Web sites, try determining the filename for the active process causing the trouble. Trend Micro's HijackThis, Microsoft's Process Explorer, and Windows' native Microsoft System Configuration Utility (Start | Run and type msconfig) are excellent utilities for helping locate offending processes.
If necessary, search the registry for entries for an offending executable and remove all incidents. Then reboot the system and try again.
If a system still proves corrupt or unusable, it's time to begin thinking about a reinstall. If an infection proves persistent after all these steps, you're likely in a losing battle.
What's your method?
Some IT consultants prefer a different strategy from what I outline above; however, I haven't found another process that works better at quickly returning systems to stable operation.
Some IT consultants swear by fancier tricks. I've investigated KNOPPIX as one alternative. And I've had a few occasions where, in the field, I've slaved infected Windows drives to my Macintosh laptop in order to delete particularly obstinate files in the absence of a boot disk.
Other technicians recommend leveraging such tools as Reimage, although I've experienced difficulty getting the utility to even recognize common NICs, without which the automated repair tool cannot work.
"Malware" is short for malicious software and used as a single term to refer to virus, spy ware, worm etc. Malware is designed to cause damage to a stand alone computer or a networked pc. So wherever a malware term is used it means a program which is designed to damage your computer it may be a virus, worm or Trojan.
Worms:-
Worms are malicious programs that make copies of themselves again and again on the local drive, network shares, etc. The only purpose of the worm is to reproduce itself again and again. It doesn’t harm any data/file on the computer. Unlike a virus, it does not need to attach itself to an existing program. Worms spread by exploiting vulnerabilities in operating systems
Worms are malicious programs that make copies of themselves again and again on the local drive, network shares, etc. The only purpose of the worm is to reproduce itself again and again. It doesn’t harm any data/file on the computer. Unlike a virus, it does not need to attach itself to an existing program. Worms spread by exploiting vulnerabilities in operating systems
Examples of worm are: - W32.SillyFDC.BBY
Packed.Generic.236
W32.Troresba
Packed.Generic.236
W32.Troresba
Due to its replication nature it takes a lot of space in the hard drive and consumes more cpu uses which in turn makes the pc too slow also consumes more network bandwidth.
Virus:-Virus is a program written to enter to your computer and damage/alter your files/data. A virus might corrupt or delete data on your computer. Viruses can also replicate themselves. A computer Virus is more dangerous than a computer worm as it makes changes or deletes your files while worms only replicates itself with out making changes to your files/data.
Examples of virus are: - W32.Sfc!mod
ABAP.Rivpas.A
Accept.3773
ABAP.Rivpas.A
Accept.3773
Viruses can enter to your computer as an attachment of images, greeting, or audio / video files. Viruses also enters through downloads on the Internet. They can be hidden in a free/trial softwares or other files that you download.
So before you download anything from internet be sure about it first. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, such as running an infected program to keep it going.
Virus is of different types which are as follows.
1) File viruses
2) Macro viruses
3) Master boot record viruses
4) Boot sector viruses
5) Multipartite viruses
6) Polymorphic viruses
7) Stealth viruses
2) Macro viruses
3) Master boot record viruses
4) Boot sector viruses
5) Multipartite viruses
6) Polymorphic viruses
7) Stealth viruses
File Virus:-This type of virus normally infects program files such as .exe, .com, .bat. Once this virus stays in memory it tries to infect all programs that load on to memory.
Macro Virus: - These type of virus infects word, excel, PowerPoint, access and other data files. Once infected repairing of these files is very much difficult.
Master boot record files: - MBR viruses are memory-resident viruses and copy itself to the first sector of a storage device which is used for partition tables or OS loading programs .A MBR virus will infect this particular area of Storage device instead of normal files. The easiest way to remove a MBR virus is to clean the MBR area,
Boot sector virus: - Boot sector virus infects the boot sector of a HDD or FDD. These are also memory resident in nature. As soon as the computer starts it gets infected from the boot sector.
Cleaning this type of virus is very difficult.
Cleaning this type of virus is very difficult.
Multipartite virus: - A hybrid of Boot and Program/file viruses. They infect program files and when the infected program is executed, these viruses infect the boot record. When you boot the computer next time the virus from the boot record loads in memory and then start infecting other program files on disk
Polymorphic viruses: - A virus that can encrypt its code in different ways so that it appears differently in each infection. These viruses are more difficult to detect.
Stealth viruses: - These types of viruses use different kind of techniques to avoid detection. They either redirect the disk head to read another sector instead of the one in which they reside or they may alter the reading of the infected file’s size shown in the directory listing. For example, the Whale virus adds 9216 bytes to an infected file; then the virus subtracts the same number of bytes (9216) from the size given in the directory.
Trojans: - A Trojan horse is not a virus. It is a destructive program that looks as a genuine application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. Trojans also open a backdoor entry to your computer which gives malicious users/programs access to your system, allowing confidential and personal information to be theft.
Example: - JS.Debeski.Trojan
Trojan horses are broken down in classification based on how they infect the systems and the damage caused by them. The seven main types of Trojan horses are:
• Remote Access Trojans
• Data Sending Trojans
• Destructive Trojans
• Proxy Trojans
• FTP Trojans
• security software disabler Trojans
• denial-of-service attack Trojans
• Remote Access Trojans
• Data Sending Trojans
• Destructive Trojans
• Proxy Trojans
• FTP Trojans
• security software disabler Trojans
• denial-of-service attack Trojans
Adware: - Generically adware is a software application in which advertising banners are displayed while any program is running. Adware can automatically get downloaded to your system while browsing any website and can be viewed through pop-up windows or through a bar that appears on a computer screen automatically. Adwares are used by companies for marketing purpose.
Spywares: - Spyware is a type of program that is installed with or without your permission on your personal computers to collect information about users, their computer or browsing habits tracks each and everything that you do without your knowledge and send it to remote user. It also can download other malicious programs from internet and install it on the computer.Spyware works like adware but is usually a separate program that is installed unknowingly when you install another freeware type program or application.
Spam: - Spamming is a method of flooding the Internet with copies of the same message. Most spams are commercial advertisements which are sent as an unwanted email to users. Spams are also known as Electronic junk mails or junk newsgroup postings. These spam mails are very annoying as it keeps coming every day and keeps your mailbox full.
Tracking cookies: - A cookie is a plain text file that is stored on your computer in a cookies folder and it stores data about your browsing session. Cookies are used by many websites to track visitor information A tracking cookie is a cookie which keeps tracks of all your browsing information and this is used by hackers and companies to know all your personal details like bank account details, your credit card information etc. which is dangerous .
Misleading applications: - Misleading applications misguide you about the security status of your computer and shows you that your computer is infected by some malware and you have to download the tool to remove the threat. As you download the tool it shows some threats in your computer and to remove it you have to buy the product for which it asks some personal information like credit card information etc. which is dangerous.
Thanks
0 comments:
Post a Comment