How To Find Malware On Your Computer AND How To Get Rid of It FREE!
Types of Malware - Glossary
Before you can begin to find malware on your computer to get rid of it, you have to know what it is, what you are looking for and how you got it. Like a bad cold or infection, you can probably guess where you got it, but you probably will never really know for sure.
Malware is an umbrella term covering a few subcategories. It is not easy to tell the difference, so here are some definitions:
Malware is software that is malicious - hence the word "malware." This an overall term for any program or type of software that ends up on your computer, tags along with other programs which you may or may not have knowingly installed, and does things you don't want done to your computer in the first place.
Malware distribution is always known to the party who distributed it and rarely known to you. It can be popup ads, programs that offer to speed up your computer, or even programs that offer to store your passwords. It is always an infection of some sort and to varying degrees.
Malware can document your internet use by looking at your browser history and watching what you are doing online in real time - where you've been, what you bought, who you spoke to, which games you played, and even those places you go that you don't want anyone to know about. lol The party who planted the malware on your computer benefits by selling your information (likes, dislikes, purchases, browser shopping) to advertisers so they can best show you ads as per your likes and purchases.
Malware can steal your passwords, count your keystrokes, and corrupt your files so that when you open them it is all gibberish. The term malware covers spyware, adware, viruses, hijackers and hitch hikers. Some malware steals passwords, some don't.
This is software that collects your information from your hard drive and sends it back to the party who planted it in the first place. This may include your website history, your computer IP address, and browser and system information. This has a subcategory of maliciousness all by itself which I will detail in another article. This type of malware program can steal passwords.
This is the most common malware. This is any software that is financially dependent on another program by showing you ads. Usually Adware comes along as a hitch hiker whenever you download a program or any software. Adware collects your information to better steer ads to your preferences. This type of malware program typically doesn't want or steal your passwords, but that doesn't mean someone hasn't figured out how to include it in their Adware program.
This is any kind of software that can regenerate or duplicate itself. It spreads from computer to computer and can be individually programmed by its developer. Most viruses cause a lot of damage by deleting files or corrupting files, by eating up your computer memory and by reformatting your hard drive so that original factory software is now corrupted or lost. This type of malware program steals passwords.
Browser hijacking programs (hijackers)
This is the second most common type of malware, directly after Adware. It is a program that sneaks in there when you aren't paying attention to the install screens on a download. Hijackers can and will change your default browser, and can add toolbars that are in the interest of third party companies.
Rarely do virus protectors (scanners) catch hijackers because they appear innocent. Usually virus protectors are only looking at the main program you want to download ... just to make sure that one is safe and rarely looks deeper into the program for a hijacker.
Sometimes hijackers are so well hidden, no one can detect them before downloading. They aren't always on the install screens. Hijackers change your search engine (for example: ask.com, conduit.com) without you knowing it and the only way you find out is when you go to use it and see that you don't have Google or Bing anymore.
This is software that besides changing your search engine actually adds to, or changes your computer settings - changes your home page, over rides set toolbars by adding a new one, and redirects you to their reference pages. These are all supported by third party websites, who pay them to get into your computer, all so they can add to their customer base and market their product. Hijackers create shortcuts on your desktop for third party programs, sometimes for games, news service websites, and programs that promise to clean your PC. If you start noticing popup ads that you didn't see before, chances are you have been hijacked. This type of malware program steals passwords.
Hitch hikers are slightly different from hijackers because they tell you up front that they are contained within your download. They are actually listed on the Terms of Service (TOS) and on the install screens for you to see. They always come with downloading a program, be it Freeware, Shareware, or something you paid for.
Hitch hikers are usually trial versions of game, utility or task management applications. They often have strings attached, allowing you to use them for a certain length of time as long as you agree to their TOS.
If you end up with a Hitch hiker, chances are you, the user, are at fault for letting them into your computer in the first place, because you did not uncheck the boxes on each permission screen of the download. Instead, you let the pre-checked YES box go all the way through the rapid fire install process.
Also hidden in those install screens can be the hijacker programs where they change your search engine (for example: ask.com, conduit.com - see directions below on how to remove) or install their personalized toolbar. Hitch hikers are sometimes referred to as a piggyback. This type of malware can steal passwords.
As you can see, it is not easy to tell the difference and almost all are harmful to your computer files and to your hard drive.
Examples: Malware Terms of Service
As you have just read, malware attaches to other programs, usually.
But, sometimes malware IS the program itself. But most of the time, it comes along as a hitch hiker.
Often, you can head it off at the pass by reading the Terms of Service on any and all programs and applications you want to download. If you choose "express install," you can be sure there are hitch hikers and hijackers along for the ride.
Here is a typical Terms of Service agreement for a very widely known malware removal tool. I have substituted my name for the name of the program: (emphasis added)
The O'Halloran Computing software may contain links to third-party Web sites, which are not under the control of O'Halloran Computing. O'Halloran Computing makes no representations whatsoever about any other Web site to which you may have access through the O'Halloran Computing Web site. When you access a non-O'Halloran Computing Web site, you do so at your own risk and O'Halloran Computing is not responsible for the accuracy or reliability of any information, data, opinions, advice, or statements made on these sites. O'Halloran Computing provides these links merely as a convenience and the inclusion of such links does not imply that O'Halloran Computing endorses or accepts any responsibility for the content or uses of such Web sites.
So as you can see, they KNOW they are putting third party links in with their software but they don't want to be blamed for any damage that software does - if you choose to access it. Do so at your own risk is written into every TOS of every program who attaches third party links or software.
Here's another that IS an actual malware application. Their Terms of Service are a little more detailed and can confuse even the smartest computer sciences teacher. The name of the company has been changed to MALWARESPY to protect their copyright, and although the same message comes through, I also slightly changed the wording so I don't get tagged with duplicate content! (emphasis added)
What information does MALWARESPY collect and transmit to other third party websites? MALWARESPY does their utmost to inspect all third party sources for malicious applications. For each entry you identify and transmit to us, MALWARESPY collects and transmits -- and MALWARESPY may also retain and use -- the full directory, file name, and last accessed timestamp. A file will be created on your hard drive in two or more directories: SPY368 /create/ timestamp; SPY368/last accessed/ timestamp; SPY368/last write/ timestamp; the digital signature information, with your connection information. Third parties are given this information and they will retain and use the timestamp files along with your domain name information to target the best applications to offer to each user. All data collected and transmitted may change at any time with the changes to MALWARESPY's software, its upgrades, its functionality, and its user interface, however MALWARESPY will not vary from the type of information described above without updating this Agreement. If MALWARESPY changes or amends these terms, you will be notified via email. Your continued use of the software assumes your consent of the changed Agreement. If you do not agree to any of the changes, you must notify us via email. We will send you uninstall directions to ininstall the program so you can stop using the software. You will be responsible for uninstalling any and all third party software that was included in the initial download. MALWARESPY will not be held responsible for any damage done by third party contractors, their product or the results of using their product.
As you can see in the above TOS, MALWARESPY company's software creates a file on your hard drive to store information so that third party companies can access via their hitch hiker software that comes with their Malware application install. Also this Malware company depends on their users to transmit names of malicious files back to them so they can improve their software. This is an unusual clause to actually see in a Malware TOS, even though that is how they update and improve their product. But usually it is not spelled out in TOS, it is implied with ambiguous wording in the third party wording.
Do's and Don't's
There is a way to cut down on these programs getting into your computer.
- Never allow the program to "express install."
- Always choose "custom install" so that on each screen of the download, you will be prompted to "uncheck" the box to allow or disallow inclusion of trial versions of another program in addition to the program being downloaded. Unchecking the box means "no" they do not have your permission to include them in the download.
- Check each download to make sure none attached anyway. Some companies are very unscrupulous and have built in malware that dumps it in your computer anyway.
- Always read the TOS "before" you download, because they are not all standard.
- In some TOS, you are agreeing to letting them give you more trial version applications in the original download (those checked boxes), to give them access to your online habits that include, but are not limited to, a program offering storage for your passwords, tracking your most frequently visited websites, your geographical location and the types of games you play.
- If a download is asking for credit card information and promising not to charge you until the trial period is over, don't give your credit card numbers and don't bother download the program. Find a reputable site that has no strings attached. See list below.
- Ignore pop-ups telling you that you're infected with a virus, and that if you buy their product, they will remove it for you.
See sidebar for more detail about "Speed Up Your PC" types of programs.
But sometimes these hitch hiker programs are not really "friendly" trial versions at all.
Sometimes they are malware, also called spyware.
They have one purpose and that is to plant certain software within the application you are downloading to monitor your activities and usage. It may happen when you download from their site or if you use their disk. Malware is big business and they will get into your PC any way they can.
Installing malware can happen to anybody
But it was a reputable site!
Just because a site brags it has 1 million downloads to their credit, doesn't mean they are a reputable site.
- A reputable site won't change your search engine and/or hide it in the download screens.
- Always check the comments at the bottom of the page before downloading. People who have ended up with any kind of malware from the program will often leave a comment to warn other users. A reputable site will not only allow the comment to stay but will often address it, offer a remedy or inform of a patch or update.
- If you download from a non-reputable website, or a website that doesn't have the WoT (Web of Trust) emblem or padlock, you are more likely to pick up a hitch hiker program that will have ulterior motives for you and your computer.
One Famous Hitch Hiker
You've seen hitch hiker programs already. These are almost always trial versions of other applications allowing you to use them FREE for a certain length of time.
The many types of SPEED UP MY PC programs are the most popular. You download and run their FREE program hoping it will speed up your PC, only to find out that it will remove "up to 20" files. If you want the program to continue removing the other 9560 files, you will have to pay a certain amount of money to get the files removed from your computer.
They make sure to put the fear of God into you when they cite an exorbitantly high number of bad files have been found on your computer. Whether you actively searched for the SPEED UP MY PC type program (as a stand alone product) or whether it came as part of another application you downloaded, either way FREE has its limitations.
You have to agree to their TOS (permissions) and sometimes have to put a credit card on HOLD until the trial period is over. If you don't cancel within the trial period, they charge your credit card. You should read the TOS because they are not all standard. (see sample TOS in this hub). In the permissions they make you click to agree to use it on your computer, you are giving them access to your online habits that include, but are not limited, to a program offering storage for your passwords, tracking your most frequently visited websites, your geographical information and games you play. At the end of the trial period, did you remember to cancel the charge on your credit card so they wont charge you? Did you also remember to get their software out of your computer? Most people don't.
Failing to notify the company before the trial period expires that you don't want the program will result in your credit card being charged and it is rarely the price they quoted on the download screen.
That is only one type of hitch hiker program. There are millions more, all masquerading as something other than what they truly are.
Malware Removal Program Promises
You will find a plethora of downloadable programs on the internet that promise to get rid of the malware on your computer. What you don't know for sure is if they are also going to plant malware during their download.
They will promise that their product detects and removes spyware, malware, worms and other malicious programs, automatically.
They will promise to monitor your system for you, detect and remove malicious software that is hiding out in your files and folders, to remove unwanted toolbars and add ons, and provide regular updates to your system from the latest malware and threats.
They will promise 24/7 support if you buy the PRO version and limited support with the FREE version. Sounds good? They are hoping it does. But not every site is the direct link download for the program. There are many third party sites and you can tell when you look at the URL and see that the name there is not the name of the product you are downloading. Be vigilant. Download only from the website belonging to the malware removal program.
What Happens If I Don't Remove Malware
If you don't remove malware, you run the risk of all the problems mention heretofore with browser and desktop changes, etc. But you will also run the risk of more frequent system crashes, hardware failure, and blue screen. The red screen of death is a virus. The black and blue screen is malware.
Most malware removal tools will promise to remove malware but some will have nice decorative touches like they will remove trojans, spyware, repair your computer errors, and make sure your computer speed is up to potential.
The job of malware removal tools is to scan your computer, figure out what malware programs have infected your PC, remove the malware and check to make sure your programs have not been corrupted. It is supposed to remove anything that has damaged your PC. The individual tool will also have a file that allows for updating of their software on each bootup or use, so that you don't have to keep downloading updates to their drivers and security programs.
What malware removal tools do not typically do is promise to speed up your PC, improve your bootup time, and maximize your performance.
If a malware tool is promising to do that, you need to be VERY observant of the install screens to see what other software it is downloading with their program, because therein lies the programs that will fulfill that promise.
How To Completely Remove Malware From Your Computer
If you choose not to use a Malware Software Removal Tool and want to remove the malware yourself, I advise against it, but this is how to do it. Removing the icon from your desktop or dragging it to your recycling bin is not uninstalling the program. You only removed it from your desktop; it's still in your computer, leaving behind a ".dll" and a ".exe" file. They keep the software running even if parts of the program were deleted.
There are several other files that are installed but usually when you delete the major part of the program under "trial version" name of file, those files delete. But the "exe" and "dll" stay until you totally remove them by the Program list in your control panel. No one has proven that these programs continue to monitor long after the user has terminated their trial period, and there is only one way to be sure it is entirely gone.
To show you that they software left a lot behind, bring up a search box for your hard drive. Type in the name of the program and click enter. As it searches your hard drive, it will show you anywhere from 2 to as many as 20 files left in your computer. Mostly they are cookie, tracking, and browser activity files which accounts for the popups you are still seeing.
Go to your Control Panel, then Programs. Find the name of the file in the list, click Uninstall. Do a search again and see if there are any straggler or errant files, if so, delete them. Empty recycling bin. Defragment the computer if you choose. Now, after all that, please think about downloading a free malware software removal tool so you don't have to keep doing this. lol
If you do not go to your programs in your Control Panel to remove malicious software programs from that list, no amount of disabling the popups will get it off your computer until you uninstall it from the program list.
How to protect yourself against malware or spyware
Even with the strongest password, you will still need other security controls to keep from getting infected with malware. If you are an regular internet user, it is inevitable - you are going to pick up malware somewhere. It is best to have a malware software removal tool instead of trying to rough it on your own.
There are some very expensive programs, medium priced programs, low priced programs and free programs that are quite good to remove malware from your computer. The programs can be downloaded or installed with a disk. Sometimes free malware removers are not bad and this program I am offering as a suggestion is one of them.
Malwarebytes comes in a premium, pro and free version. Naturally I use and suggest the free version, but if it makes you feel safer, you can purchase it. I have been using the free version for about 5 years but some of my online friends said they got a popup saying their free version trial period had expired. If you get that popup, you downloaded a clone. This was not a true copy of Malwarebytes.
Always use at least two malware software removal tools. Run one. Then run the second one. You will be surprised that each one will find malware.
Below are suggestions - my best picks for you.
Malwarebytes: Overview of quick scan
Malware Protection Tool for Android or Mobile
Click here to view a video on how to get free (or nearly free) malware protection on your mobile or android devices,
How to remove Conduit as your search engine, Alert: Fake Virus scams, Norton Malware detection
- Fake Anti-Virus Scams - Alerting Users of Fake Viruses | SymantecTV
This video shows a series of rogue security software programs that detect a fake threat called "Spyware.Monster". Scams users into buying useless software.
- NORTON -Malware, Trojan Horse, Virus Detection - Support from Symantec
Malware is a category of malicious code that includes viruses, worms, and Trojan horses. Use advanced malicious virus code detection from Norton.
- HOW TO REMOVE CONDUIT AND GET BACK YOUR SEARCH PROVIDER
This shows users a number of steps to remove Conduit from hard drive and how to switch back search providers.
My Best Picks For Malware Removal Tools
ALWAYS use more than one malware removal tools because today's malware is able to hide from even the top name tools like AVG, CC Cleaner, to name a few.
I'm sure everyone has their own preferences, but I happen to like Malwarebytes and SUPERAntiSpyware. I find them both to be very effective. I run malware scans at least twice a day and if I am doing any amount of online shopping, I run it immediately after I'm done. Rule of thumb: For every 4 to 6 hours you are online, run malware tool at least once. If you shop during those 4 to 6 hours, run it twice.
Malwarebytes - make sure you download from the true Malwarebytes.org (notice the ORG address) site because there are other sites distributing this tool. Any other site is a 3rd party site and you don't know what hitch hikers or other software they include in their downloads. Use quick scan every day, at least once. It runs about 5 minutes. Use full scan once a week. It runs 1 hour and does not interrupt the user while working.
SUPERAntiSpyware - Make sure you choose the FREE EDITION download. This is one that is absolutely 100% free - always. I've been using the free edition for about 10 months now, so it is NOT a trial version. However, the Professional Edition is also a Free download, but it IS a trial where you have to pay later. It's only $19.95 and has a few perks to it. I have to say, the basic FREE EDITION that I am using is very thorough, works quietly in the background and doesn't interrupt any work I am doing. When it is done, you choose "select all" on the results page and it removes the corrupted files and no reboot is necessary. Works for all browsers, all operating systems.
The programs above recognize what has to be removed and automatically remove the infected files.
The following suggestions are two Malware Removal Tools I DO NOT recommend because YOU have to decide what to remove and not everyone is able to do that:
FreeFixer - a general purpose removal tool which will help you to delete potentially unwanted software, such as adware, spyware, trojans, viruses and worms. FreeFixer works by scanning your browser's plug-ins, your home page setting, etc. FreeFixer does not know what is unwanted, so it presents the scan result and it's up to you decide if some file should be removed and if some settings should restored to their default value. Please be careful!
WinZip - 100% free malware program. Read their Terms of Service. If you choose this one, make sure you use "custom install" so you can uncheck the hitch hikers - aka: third party applications which install automatically when you let the program run on its own.
It is best to have two malware software removal programs.
Do you use a Malware Software Removal Tool to get rid of malware on your computer?
Do Not Copy, Thank You
© Rachael O'Halloran. March 28, 2014.
No part of this article may be reproduced without prior permission from the author. Use the following link to refer to this article. Do Not Copy. TYVM
© 2014 Rachael O'Halloran