Malware Guide

What is Malware?

Malware (malicious software) is software designed to infiltrate and/or damage a laptop or desktop computer. Malware includes computer viruses, worms, Trojan horses, spyware, scare ware and more. It can be present on websites and emails or hidden in downloadable files, photos, videos, freeware or shareware. Viruses: Malware programs that can reproduce itself and infect other computers. Spyware: Surreptitiously monitors and collects information about you, your computer and/or your browsing habits without your consent — usually for advertising purposes. It can also gather info from your address book, and even your passwords and credit card numbers. Unlike viruses and worms, spyware does not usually self-replicate. Scare ware: You're surfing the net and suddenly an official-looking screen pops up warning you there is a problem on your computer, such as: "Your computer may be infected with harmful spyware programs. Immediate removal is required. To scan, click 'Yes'". You're not sure if it's real or not, so what do you do? Be careful, this might be scare ware. If there's any doubt, you can close your browser immediately by pressing ALT+F4 this will prevent any scare ware from loading.

How to protect your PC

The best way to avoid getting infected is to purchase a good anti-virus protection program, like AVG (full version). Do periodic scans for spyware, and avoid clicking on suspicious email links or websites. Sometimes malware is cleverly disguised as an email from a friend, or a useful website.

What do I do if my PC has become infected?

Even the most cautious of web-surfers will likely pick up an infection at some point. If you do, there are plenty of free tools available to help you remove it if you want to try doing it yourself.

A good indication of suspect malware is if the user reports unexpected 'popups', (browsers going to sites other than the ones they were actually trying to go to), and if the computer starts to run very slowly. Typically popups tends to have malware included. The more serious forms of malware however do not give any visible sign at all.

The first thing to check is if you have anti-virus software and more importantly, if it is up to date! We recommend AVG full version for our home users. It is worth running a scan at this point. Next, check for rootkits. Some antivirus/spyware software can detect rootkits natively but a stand alone scan is worthwhile. There are a number of free tools that can help, none of them however are 100% sadly as new virus's are coming out every day so the important thing is to use more than one in the hope that they will overlap their detection and be adequate enough to remove the problem.

Don't worry though; our engineers are on hand it if you need help. F-Secure have a rootkit detector available for free download - F-Secure Blacklight, see which works very much like an antivirus scanner and is easy to use. It may vanish however, as it is now integrated into their commerical products. SysInternals (now part of Microsoft) also have {RootkitRevealer=http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx } which displays files, processes and registry entries which exist in the raw data but are not visible to Windows. It is important to read the linked page carefully as some parts of the NTFS structure will always show up and are not indicative of a rootkit.

If you wish to use this tool run it a few times on known clean machines just to see what to expect. Note that until recently the presence of rootkit techniques was usually indicative of a complete compromise of the system. However rootkit techniques are now used by more and more of the lower level of malware (such as popup generators) in order to hide them from malware detection tools. This makes it far more complex to decide if a reinstall is the best way forward. If a rootkit is found (and verified, particularly if using Rootkit Revealer as mentioned it only shows signs that may indicate a rootkit, and it takes some knowledge to determine if a rootkit is the cause) then an expert look at the system is likely needed, to determine if the rootkit is just hiding some files or is indicative of a fully compromised system. With all the above said, It may be safer to regard the system as being compromised and call in the experts on 0800 015 3313.