-
Notifications
You must be signed in to change notification settings - Fork 0
Ops 201 Class 13
For starters, there are some classic signs of malware; slower than usual performance, pop ups, and other anomolies. However, sometimes it is simply hardware issues that are causing your computer to lag. Below is a step by step methodology for safely routing out any malware that may be hiding on your machine.
Disconnect your machine from the internet, and discontinue use of the machine until you're ready to clean it if possible. This will minimize the risk of malware spreading or your personal information being leaked.
In order to run a check on your PC effectively, you'll want to boot into Safe Mode. In this mode, only the bare minimum of programs and services required for your machine to run are loaded and enabled. If malware has made its way into your machine and is set to activate on startup, this mode may prevent that from happening. The less of a chance these malicious programs have to run, the better your odds at finding and removing them.
Booting into Safe Mode in Windows 7 or 8 is easy compared to Windows 10; In Windows 7, all you have to do is reboot your computer and hold down F8 once your computer begins to restart. Windows 8 is the same. Windows 10, however, requires a much more complicated approach. An explanation of how to go about it can be found here:
Once you've managed to get you machine booted into Safe Mode, you're in business, and ready to move on to the next step in the process.
Once you're in Safe Mode, you'll want to run some kind of virus scan. Before taking this step, however, you'll want to get rid of any temporary files (cookies, cache, etc) as doing so will help with the scan expediting its' process more efficiently. It may even get rid of some malware in and of itself. You can use the Windows utility "Disk Cleanup" to accomplish this, just type "Disk Cleanup" into the search field in the task bar, and an icon for the program should populate in the results.
Now you can move on to the antivirus software of your choice.
Ideally, you've read through these notes and already downloaded whatever malware scanners tickle your fancy, or better yet, they wee already on your computer to begin with! In any event, running a scanner is usually enough to do the job of removing most infections. If you already had an antivirus software on your computer though, it would be wise to select a second scanner specifically for this operation, as there is a good chance your software wasn't able to detect the issue, hence why you find yourself in this process. Therefore, it's a good idea to get another scanner to see if there's anything it can turn up that your go-to hasn't yet. No program is perfect.
While you should only have one type of real time antivirus program running, on demand scanners are plentiful and you are free to have as many at your beckon call as you wish to. The name of the game here is redundancy in scanning, as some of those on demand programs may miss some malicious files that others pick up on. The recommended order of operations, once you're in Safe Mode, is running an on demand scanner firstly, then following up with a full scan your real time software.
After you feel like you've satisfied your suspicions, feel free to move on to the next step.
For illustrative purposes, we’ll describe how to use the Malwarebytes on-demand scanner. To get started, download it. If you disconnected from the internet for safety reasons when you first suspected that you might be infected, reconnect to it so you can download, install, and update Malwarebytes; then disconnect from the internet again before you start the actual scanning. If you can’t access the internet or you can’t download Malwarebytes on the infected computer, download it on another computer, save it to a USB flash drive, and take the flash drive to the infected computer.
After downloading Malwarebytes, run the setup file and follow the wizard to install the program. Once the program opens, it will automatically activate a trial of the paid version that enables real-time scanning. You won’t get charged after the trial ends, however—by default, the program reverts to the standard free version in 14 days. In the meanwhile, you can disable the real-time scanning for those two weeks if you prefer.
To run a scan, switch from the Dashboard tab to the Scan tab. Keep the default scan option (“Threat Scan”) selected and click the Start Scan button. It should check for updates before it runs the scan, but make sure that happens before you proceed.
Though it offers a custom-scan option, Malwarebytes recommends that you perform the threat scan first, as that scan usually finds all of the infections anyway. Depending on your computer, the quick scan can take anywhere from 5 to 20 minutes, whereas a custom scan might take 30 to 60 minutes or more. While Malwarebytes is scanning, you can see how many files or objects the software has already scanned, and how many of those files it has identified either as being malware or as being infected by malware.
If Malwarebytes automatically disappears after it begins scanning and won’t reopen, you probably have a rootkit or other deep infection that automatically kills scanners to prevent them from removing it. Though you can try some tricks to get around this malicious technique, you might be better off reinstalling Windows after backing up your files (as discussed later), in view of the time and effort you may have to expend to beat the malware.
Once the scan is complete, Malwarebytes will show you the results. If the software gives your system a clean bill of health but you still think that your system has acquired some malware, consider running a custom scan with Malwarebytes and trying the other scanners mentioned earlier. If Malwarebytes does find infections, it’ll show you what they are when the scan is complete. Click the Remove Selected button in the lower left to get rid of the specified infections. Malwarebytes may also prompt you to restart your PC in order to complete the removal process, which you should do.
If your problems persist after you’ve run the threat scan and it has found and removed unwanted files, consider running a full scan with Malwarebytes and the other scanners mentioned earlier. If the malware appears to be gone, run a full scan with your real-time antivirus program to confirm that result.
Malware infections can damage Windows system files and other settings. One common malware trait is to modify your web browser’s homepage to reinfect the PC, display advertisements, prevent browsing, and generally annoy you.
Before launching your web browser, check your homepage and connection settings. Simply go to the settings window of your browser to check your homepage setting.
If you can’t seem to remove the malware or if Windows isn’t working properly, you may have to reinstall Windows. But before wiping your hard drive, copy all of your files to an external USB or flash drive. If you check your email with a client program (such as Outlook or Windows Mail), make sure you export your settings and messages to save them. You should also back up your device drivers with a utility such as Double Driver, in case you don’t have the driver discs anymore or don’t want to download them all again. Remember, you can’t save installed programs. Instead, you’ll have to reinstall the programs from discs or redownload them.
If Windows won’t start or work well enough to permit you to back up your files, you may create and use a Live CD, such as Hiren’s BootCD (HBCD), to access your files.
Always make sure that you have a real-time antivirus program running on your PC, and make sure this program is always up-to-date. If you don’t want to spend money on yearly subscriptions, you can choose one of the many free programs that provide adequate protection, such as Avira Antivirus Free Edition and Bitdefender Antivirus Free Edition. If you’d prefer a more robust AV program, we recommend Norton Security Premium—see our roundup of the best antivirus software for more information.
In addition to installing traditional antivirus software, you might consider using the free OpenDNS service to help block dangerous sites. And if you frequent shady sites that might infect your PC with malware, consider running your web browser in sandbox mode to prevent any downloaded malware from harming your system. Some antivirus programs, such as Comodo, offer sandboxing features, or you can obtain them through a free third-party program such as Sandboxie.
When you think that you’ve rid your PC of malware infections, double-check your online accounts, including those for your bank, email, and social networking sites. Look for suspicious activity and change your passwords—because some malware can capture your passwords.
If you have a backup system in place that automatically backs up your files or system, consider running virus scans on the backups to confirm that they didn’t inadvertently save infections. If virus scans aren’t feasible, as is the case with online systems since they usually will only scan a drive attached to your PC or just the C:\ drive, consider deleting your old backups and resetting the software to begin saving new backups that are hopefully free from infections.
If you don’t currently have a backup system in place, see our roundups of best backup software for Windows and best online backup services.
Keep Windows, other Microsoft software, and Adobe products up-to-date. Make sure that you have Windows Update turned on and enabled to download and install updates automatically. If you’re not comfortable with this, set Windows to download the updates but let you choose when to install them.
Steps 4-7 cited from article
This article is relevant to our coursework this week because we have been learning about how to make backups, restore files, and all about destroying or salvaging data. This is another great tool to have in your kit in the event that System Restore doesn't do the trick when encountering suspect behavior in a system.