Malware Removal PT 1

This is probably the biggest problem area affecting users and keeping technicians employed. Once you get a virus or malware, it is close to impossible to get rid it for good.

I know your thinking to yourself, but there are all these companies out there that can protect us. Because the focus of this article is about the steps you can take to try and get rid of it, I will save that argument and the truth bombs that go with it, for another article. But, I will say this. The only anti-virus / anti-malware software you need on a Windows PC is Windows Defender and Malwarebytes. (I don’t get compensation from either company). Linux use ClamAV. Mac… There is no direct support anti-virus out there. (Yes, you can get a virus on a MAC.)

So, CompTIA has established a set of guidelines for removing Malware (Malicious Software) from your PC. Malware is defined as any software that does harm to the system, such as virus or spyware.
Next, we are going to properly identify the different types of Malware. This will also be part of a larger subject area of Security (and that’s big!)

1. Virus – viruses are typically spread through emails and are included in attachments, such as word processing and spreadsheet type documents. They can cause a number of problems for you, to include deleting files, modifying your system configuration etc.

2. Trojan – So, if you paid attention in History class (or watched Troy starring Brad Pitt) you know that the Greeks tricked the Trojans into accepting a large wooden horse as a peace offering gift. Pay close attention to that last statement. So a computer Trojan is software that tricks you into running it. The end user (victim) believes that the file they download and run, will fix a security issue. Once the user (victim) allows the malicious software to run, the Greeks (virus) come out of the horse and sack your PC! Effectively giving the hacker control of your computer.

3. Rootkit – Malicious software that gets put on your system for use at a later time.

4. Worm – A worm is a virus that can self-replicate and spread itself across the network without aid from any other users. Bad stuff!
5. Logic Bomb – It can run every day but was designed to attack and cause chaos at a specific date and time. They can also appear to be useful at first.

6. Spyware and Adware – Spyware monitors your online activity and reports back to the hackers where you go and what you do on the internet. Adware is sometimes more annoying than it is harmful. It basically just puts pop-up ads on your computer or browser. However, that is a sign that something more nefarious is in your system. Good practice dictates keeping safe browsing habits and anti-malware installed and up to date

7. Ransomware – Is particularly nasty stuff. The hackers get a hold of your files and encrypt them. They then demand payment for the key to unlock your files. This is why you always back up your files. Because you either pay them, or you sacrifice your data. Another good reason to keep security in mind at all times.

So, the above list was not meant to be all inclusive about viruses. It was just to give you a brief overview of what can happen if you ignore security best practices.
Now, what I said I was going to give you: The seven steps to address / remove Malware from your system
1. Identify the Symptom(s) – You need recognize what is happening to your PC. Is it running really slow? Are you seeing more pop-up / pop-under ads appearing? Is your browser getting redirected to a site you didn’t request? Yep, your infected!
2. Quarantine the System – Disconnect it from your network, even your home network. Turn off the wifi and / or unplug the Ethernet.
3. Disable System Restore – HUH? Why? Because the authors of the malware know you will try to go and restore your PC to a time when it was infected… So, they write the code to attack that area as well. Jerks!
4. Remediate the Infected Systems – There are several tools out there to remove malware. Too many to list here (I use Spybot Search and Destroy), but I promise an article on that as well. Whatever you are running for anti-virus / anti-malware / anti-spyware, make sure that all their definitions are up to date. Check prior to running the scans and removal.
5. Schedule Scans and Run Updates – Set your Task Scheduler to automatically install anti-virus updates and run them on a regular basis. I set mine to run at 3am each night.
6. Enable System Restore and Create a Restore Point – Well, I did tell you to disable it. Once you have scanned your system (doesn’t hurt to do it more than once, especially if you had a large number of files infected), go ahead and set up a restore point. Don’t skip this step!
7. Educate the User – This is where CompTIA says that technicians need to educate you about safe browsing habits, strong passwords (more on that in another article) making sure that you also know who else is on your system or home network.
There it is CompTIA’s seven steps to malware removal and protection for your PC. WAIT! You said it was close to impossible to get rid of malware! Thank you for reading this far. There is no foolproof positive way to know if a virus was truly completely removed. The one sure fire way is to wipe your hard drive and do a clean install. Viruses cannot survive that. If you regularly back up your files, this should not be an issue. If you want to learn more and see what type of I.T. services are right for your company, check out the guys at XL DIGITAL MEDIA, they are experts at this kind of thing and love to talk to just about anyone who will listen to them!

Leave a Reply