1 / 14

Chapter 8

Damage Control How to remove viruses and spyware infections. Chapter 8. Synopsis. What to do when you think your computer is infected with malware. Strategies that use antivirus or antispyware products. How to remove infections with system restore and free infection specific tools.

lilian
Download Presentation

Chapter 8

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Damage Control How to remove viruses and spyware infections Chapter 8

  2. Synopsis • What to do when you think your computer is infected with malware. • Strategies that use antivirus or antispyware products. • How to remove infections with system restore and free infection specific tools. • Removing infections manually. • Removing browser hijackers with HijackThis and CWShredder

  3. What to do when you think your computer is infected with malware. (1) • Symptoms: • An antivirus or antispyware program has signaled that your system is infected • Your system is behaving oddly. • Your ISP calls you to tell you your system is infected and doing bad things across the Internet.

  4. What to do when you think your computer is infected with malware. (2) • Disconnect your computer from the Internet; wired is disconnected with a phone-like plug, turn wireless off. • Boot into Safe Mode with Internet. • Reconnect your computer • Check your antivirus and antispyware programs; you might want to re-install and update them to make sure they work.

  5. What to do when you think your computer is infected with malware. (3) • Recommended Antivirus Programs: (choose 1) • Grisoft AVG free.grisoft.com • Avast from www.avast.com • Trendmicro from www.trendmicro.com ($$) • Microsoft VirusScan (support.kent.edu) • F-Secure from www.fsecure.com ($$)

  6. What to do when you think your computer is infected with malware. (4) • Recommended Antispyware Programs (at least 2) • Microsoft Windows Defender www.microsoft.com/defender • Spybot Search & Destroy www.safer-networking.net • AdAware www.lavasoft.com • Webroot Spy sweeper www.webroot.com $$ • PC Tools Spyware Doctor www.pctools.com $$

  7. What to do when you think your computer is infected with malware. (5) • Boot into Safe Mode without internet. • Gather Information: do a deep/full scan if possible; jot down all information. If your software has been disabled, run the software in safe mode with networking and update them. • Google all the infections found. (on another computer) • The following sites are useful: • Mcafee.com • Symantec.com • Sophos.com

  8. What to do when you think your computer is infected with malware. (6) • Quarantine all infections found. • Beware of false positives. • System Restore may be able to eliminate viruses; your files may still contain the viruses, however.

  9. How to remove infections with free infection specific tools. • If you have successfully determined what is infecting your system, but your antimalware tool is having difficulties, there is one more recourse: a Targeted Tool. They can be found at • www.symantec.com/business/security_response/removaltools.jsp Dates back to 2000 • http://us.mcafee.com/virusinfo (limited) • www.kaspersky.com/removaltools • www.microsoft.com/security/malwareremove/ (selection) • www.bitdefender.com/site/Downloads/browseFreeRemovalTool/ • www.f-secure.com/download-purchase/tools.shtml (includes an antivirus program that can be run in DOS mode).

  10. Removing infections manually • A list of tools can be found in chapter 12. • Do your research: • Name of the infection • Name and location of the infected Windows files or of the files that make up the malware. • Registry keys inserted/modified by the malware. • Windows “services” started by the malware. • Help can be found at: • www.symantec.com/norton/security_response/threatexplorer/threats.jsp • http://vil.nai.com/vil.

  11. Removing infections manually (2) • Steps: • Disconnect • Back up your data: be careful about backing up malware. • Disable System Restore (page 254) • Enter Safe mode without internet • Clean out Windows Startup with msconfig • Startup tab • Services tab (click Hide ALL Microsoft Services) • Clean out Registry with regedit (p 257) • Delete Files and folders • Restart and check

  12. Removing browser hijackers with HijackThis • Written by a Dutchman called Merijn Bellekom. • Sold to TrendMicro. • Still free. • Download from www.trendsecure.com • Run (as administrator). • Close all browsers • Start HijackThis (may need to kill it first) • “Do a System Scan and Save a Logfile” • Post your log at one of the forums listed at www.merijn.org/forums.html and follow instructions. • Send the expert a nice reward

  13. Removing browser hijackers with HijackThis (2) (DIY version) • P 263-268 Very detailed explanation which will not be covered.

  14. Removing browser hijackers with CWShredder • Download from www.intermute.com/spysubtract/cwshredder_download.html • Two buttons: • Scan Only • Fix: searches for infections and cleans them.

More Related