Malware and Spyware Removal Guides - Prevent, Identify and Remove
Anti-Virus vs Anti-Spyware
The term 'malware' already covers 'spyware' literally but I chose to write it down separately as many of us use 'malware' to refer to anti-virus only, leaving out spyware. The definition of 'malware' is any program that attempts to leak, change or destroy your data, applications or even the hardware without your knowledge and intentions.
This post is, basically, a compilation from different malware and spyware removal guides that I read over the past few days while trying to strengthen my computer protection. I request you to contribute your own experience and knowledge about the malware identification and removal techniques with us so that it benefits others too.
Stay Alert: Prevention Better Than Fix
How To Prevent Virus/Malware From Entering Your Computer/Network
The obvious response would be to use a good anti-virus. There are both paid and free anti-virus available in the market. You can choose your package according to your needs while also keeping an eye on your budget. Note that the anti-virus may or may not contain anti-spyware. In the latter case, you will have to install one or more anti-spyware separately.
If it is a single, standalone computer, you can go for a cheap or free antivirus. In case of networks, it is advised that you have anti-virus or anti-malware - to be precise, on each computer of the network. A network can be either P2P or Client-Server.
In the P2P type networks, each computer can access the Internet directly. That increases the risk of acquiring malware that may then propagate to other computers in the network. This kind of risk is less in client-server model as one has to request the server for Internet data packets. If the anti-virus on the server is among the best, you can better prevent virus from entering your network.
Education or training people on the dangers of acquiring malware is a must if you are using a network as people may assume there is anti-virus on the server and hence they can use portable drives etc. on the nodes. But you know that is not true. Each node is susceptible both in P2P and Client-Server model.
The best method is to allow Internet connection via only the main computer - server or P2P - having good anti-malware. Further, train people to use virus scan for all removable media and downloads. If it is a corporate network, you can completely block portable media and downloads at the node levels. That would further prevent malware from entering your computer.
How To Identify A Virus Infected Computer?
A virus can lie dormant for weeks before some activity on part of user triggers it. That means, your computer could be virus infected even when you bought it but was dormant. While you cannot go and argue with the person you bought the computer from, the first thing to do when you find a virus on a computer is to isolate it from the rest of the network.
In other words, if you suspect that a computer on your computer is infected, unplug it from the network to troubleshoot, identify and remove the malware. That should be the first step and it intends to stop the malware from replicating itself to other computers on the network.
But how do you know if a computer or network is infected by malware? There are many signs that tell you that a particular computer is infected. Some of the signs to identify a virus infected computer are listed below.
1. The Virus/Malware may disable your anti-virus protection
2. The virus/malware may make your applications act or terminate in an unexpected way
3. You may not be able to log on to sites related to anti-virus or malware
4. Your Control Panel items may not work - especially the Windows Update
5. You may start getting unwanted prompts and popups in some cases
6. You may see unfamiliar process(es) in the Task Manager
The list is too long but if your computer is really infected and the virus is active, you will notice the difference in the functioning of the computer.
What To Do If Your Computer Has Malware?
As they say, "It is better to be safe than sorry", if you feel one or more computers on your network are infected, run a scan using online safety scanners. I won't recommend the one you already have on the computer as if it were to detect the virus, it would have done it in the real time. There are many online safety scanners available - from Norton and Microsoft likes. Personally, I use Malwarebytes if I have any doubt. It is not a real time protection but you can download it for free and run it to scan and remove most types of malware.
If you are using Windows 7 or above, you can also use the built in tool called MRT to scan and fix malware. You can also download MRT: Malware Removal Tool from the Microsoft website. Please note that MRT too does not provide constant monitoring and is hence, not a substitute for an antivirus.
Like I said above, first of all, isolate the computer with unexpected behaviors. Then connect directly to Internet to download software from Norton or Microsoft Online Safety Scanner. Run the software to see if it can find any malware. I recommend using two-three such tools - including MalwareBytes - for removal of malware from your computer.
You may additionally scan the entire network to see if the virus already replicated to other computers. Once fixed, you can add the computer back to the network.
IMPORTANT: Note what made the computer susceptible to malware. Was it someone using a portable storage device? Or was it an attempt to download something directly from the computer? Was it an email attachment? Based on the results, you take suitable action so that such incident is not repeated in future. You cannot foolproof your network but you sure can take steps to prevent malware from entering your computer network.
NOTE: If the computer was really infected, it proves that your existing defense is not good. You have to change whatever anti-malware you were using to avoid further infections.
Here are some key points revisited from the section:
- Change the current anti-malware system as it failed to detect the virus;
- Check the reasons why the computer was infected and take remedies to ensure it doesn't repeat;
- Using more than one antivirus is dangerous because of clashes; Do not install two antivirus on same system; You can, however, add anti-spyware in addition to anti-virus as an additional line of defense; Windows 7 and 8 have built in anti-spyware called Windows Defender so you won't have to necessarily install an anti-spyware;
- You may want to block sites that have poor ratings (example: sites offering pirated audio/video/software, social networks, porn etc.);
- Train the users and educate them on how to use different sites without harming the security of the network; If they want to use Facebook, tell them how to distinguish between a genuine and a malicious link; If they wish to download anything, inform them on how to check site information in Alexa etc. before they actually use the site for downloads;
- If possible, block/stop users from using their own portable storage devices on just any computer;
- Use the security features provided by your browsers as well as add-ons or extensions that provide security against malware;
- Use a DNS server that offers malware protection such as Comodo DNS servers
Malware and Spyware Guide: Malware Defense System
There are many guides and tutorials on what to do when your computer is infected and on how to protect your computer from malware. But the most efficient thing you can have is your own Malware Defense Plan. You, as a network admin, for home or office network, can create a list that defines how to prevent virus entry/infection followed by what to do in case of infection and finally, how to improve the current defense system to avoid further intrusions/infections. The list can include:
- Current practices - network rules for Internet access; storage usage; browser settings etc.
- Identification - regular checkup of network for any suspicious process in Task Manager and/or irregular behavior;
- Remedies - Steps to be taken in case of infection; and
- Strengthening the Malware Defense System
A Malware Defense Plan will not only help you act swift in case of an attack/infection, it also provides you an opportunity to explore the options available for you and your likes to prevent malware entry into your network. Thus, each time you face a problem, you will have a better malware defense system in place.