How to protect from and remove virus, malware and rootkit infections for the layman

1 solved thread

This Tutorial addresses:
  • Malware
  • Virus



Once again I endeavor to provide not so much a highly technical narrative, but more so a resource for less technically astute members or visitors who simply want easy provision of resources related to the discovery and removal of infections in a variety of flavors.

We'll go through each type of infection individually, including methods for removal and where to get the necessary tools. It's highly recommended that if an infection is suspected, you should only attempt removal while in safe mode, otherwise there is an increased risk that the infection is currently spreading or actively attempting to block your efforts.

If downloading will be necessary then Safe Mode with Networking is recommended so you can download the necessary utilities if you are unable to download them from another machine for use on the infected unit. In any case, it's recommended to manually disconnect any internet connection before begging removal of the infection. If you are unable to run virus and malware tools due to the infection, try using Rkill or Malwarebytes Chameleon, which terminates known malware processes so removal can occur.

In reality, if you KNOW you have an infection, the best way to have a successful removal is to either attach the drive to another system as a secondary drive (Not booting or running the OS FROM that drive) and do full repetitive scans using all of the options below until all results come back clean, or if you have a spare drive you can temporarily install windows on or another drive with windows already installed, then attach the infected drive as a second drive on your current system and do the same series of scans until the infection is gone.



*How to boot Safe mode for Windows XP through Windows 7

*How to boot Safe mode for Windows 8 and 8.1

*How to boot Safe mode for Windows 10

*Rkill

*Malwarebytes Chameleon



____________ ____________ ____________


Viruses

A computer virus is a small software program that spreads from one computer to another and interferes with computer operation. A computer virus might corrupt or delete data on a computer, use an email program to spread the virus to other computers, or even delete everything on the hard disk. Computer viruses are frequently spread by attachments in email messages or by instant messaging messages.

Traditional "viruses" are far less common than they once were. Most computer infections these days are more likely to be variants of malware, spyware, rogue security software, adware or rootkits. That doesn't mean that viruses aren't still around or even that they're uncommon, they're just not AS common as other types of infections that are easier for hackers and punks to create or obtain, and release into the wild.



One thing that needs clearly defined is that viruses, malware, rootkits and rogue security software are ALL different infections, and scanners that remove one type, most often don't detect or clean other types of infections. This is why you NEED to have both Virus and Malware scanners installed and providing Real-time protection on your system in addition to running periodic full system scans.



Recommended free Antivirus software



Windows Defender (Included with Windows 8.1 and 10)

*Avira Free Antivirus

*Avast Free Antivirus

*AVG Free Antivirus


*360 Total Security
("360" is a more advanced tool with a complicated interface, but if that doesn't trouble you it's a good choice as it has many good features and uses four distinct A/V detection engines.)


I personally recommend scanning for viruses AFTER scanning for malware. Since malware is much more likely to be at fault and malware scanners generally look for a wider variety of infection types, it just makes more sense to start there and follow that up with viral scans.


____________ ____________ ____________


Malware, Spyware, Adware


Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Malware is defined by its malicious intent, acting against the requirements of the computer user, and does not include software that causes unintentional harm due to some deficiency. The term badware is sometimes used, and applied to both true (malicious) malware and unintentionally harmful software.

Malware may be stealthy, intended to steal information or spy on computer users for an extended period without their knowledge, or it may be designed to cause harm, often as sabotage, or to extort payment. 'Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software. Malware is often disguised as, or embedded in, non-malicious files. As of 2011 the majority of active malware threats were worms or trojans rather than viruses.



The best-known types of malware, viruses and worms, are known for the manner in which they spread, rather than any specific types of behavior. The term computer virus is used for a program that embeds itself in some other executable software (including the operating system itself) on the target system without the user's consent and when that is run causes the virus to spread to other executables (Programs/Softwares).

On the other hand, a worm is a stand-alone malware program that actively transmits itself over a network to infect other computers. These definitions lead to the observation that a virus requires the user to run an infected program or operating system for the virus to spread, whereas a malware worm spreads itself.


Recommended free Malware protection and utilities

*Malwarebytes

*Malwarebytes Anti-rootkit


*Spybot search and destroy

*Combofix

*SuperAntiSpyware

*Ad-aware Antispyware



After you've cleaned house with both Malware and Virus scanning, (And there's nothing wrong with running two or more of the above tools, in fact it's recommended) it's a good idea to run a couple of additional tools, which I'll expand on below. Sometimes even the best of protections and full system scanning with traditional tools doesn't nab it all. Using a "second opinion" scanner is always a good idea if there was a suspected infection, even if you think your system has been fully cleaned. Bit's and pieces of malware can still be hiding or only partially removed, so it's best to be thorough.


____________ ____________ ____________


"Second opinion" tools


A second opinion scanner is exactly what it sounds like, a malware tool that offers additional malware detection and removal capability. Just as it's a good idea to get the opinion of a second physician or medical specialist when you've been given a clean bill of health, but are still sure that something isn't right, so it is with virus and malware infections.

There are many, many instances where traditional scanning utilities are spoofed or simply aren't defined for searching out specific lesser known or as yet uncommon infections, or in some cases, simply bits and pieces that are still a danger to your system but do not fit the pattern criteria targeted by your standard protections. Running one or all of these after traditional scans is simply a good practice, especially if your system still seems to be exhibiting signs of abnormal behavior.



Before running the second opinion tools it's highly recommended that you reboot the system, and again boot into the Safe mode environment so that changes made by your Antivirus and Malware utilities can take affect.

Recommended second opinion tools

*Hitman Pro

*TDSSKiller Rootkit tool

*Rogue Killer




Finally, when you've determined the system clean of infections, it's a good idea to check the file system for damage that may have occurred as a result of an infection or simply due to other factors. It happens sometimes, so it just makes sense to check by running the file system checker SFC/Scannow. Follow the directions at the following link and be patient, it can take a little while to run sometimes.

*SFC/Scannow


If you've done everything above and are still having issues, I'd recommend checking out Spywarehammer, which is a forum, much like Tom's Hardware, dedicated specifically to the detection, identification and removal of all types of infections.

*Spywarehammer


If nothing works and the system is simply beyond repair, it may be necessary to reinstall the operating system. If possible, back up all your important data to another, preferably quarantined area, until it can be separately scanned prior to being moved back to your preferred location. Following the directions exactly is important, so don't skip any steps simply because you think you know how to proceed. If you have a restoration partition, and no installation media, you can restore the system to factory condition but when possible a clean installation is the preferred method as the boot partition can sometimes become corrupted as well.

*Windows 7 CLEAN install

*Windows 8 and 8.1 CLEAN install
[/b]


Can't find your answer ? Ask !
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter
  • add to twitter
  • add to facebook
  • ajouter un flux RSS