What is Malware?

MALWARE FAQ

OK What is it?

  • Adware is software that generates advertisements such as pop-up windows or hotlinks on Web pages that are not part of a page’s code. Adware may add links to your favorites and your desktop. It will often change your home page and your search engine to sites that earn income from various advertisers. This income is dependent on, for example, how many people visit the adware site, or how many people click on the links or advertisements at the site. Ads are not bad by themselves but they become a problem when they are unauthorized. Unfortunately, many adware programs do not give users enough notice or control.
  • Spyware is software that collects and transmits user specific behavior and information, with or without permission. Sometimes, permission to collect and transmit is assumed to have been given simply by the act of installing software or loading a Web page. In reality, few people read EULAs (End User License Agreement) or Terms of Use/Service/Installation that are displayed during installation.
    Like ads, data collection can be okay if done with consent or for a reasonable purpose. For example, software that transmits user specific information for the legitimate purpose of confirming eligibility for updates or upgrades should not be classed as spyware. Programmers are entitled to ensure that their software is not being pirated, and that the users of pirated software are not receiving the same benefits as legitimate users.
  • Malware is software that damages your system, causes instability, or exhibits antisocial behavior such as changing settings or interfering with a computer’s registry and security settings. Typical examples include computer viruses or worms.
  • Rouge Antivirus is piece of software that runs on your computer which tries to trick you into buying their software. They do this by falsely reporting malicious software is running on your computer and that you need to buy their protection in order to remove these infections. The program will also block your antivirus and other malware removal programs from running. Also has been noted these types of programs will sever your internet connection, disable task manager and other administrative tasks of the operating system. Again a ploy to prevent you from removing it and forcing you to pay them. DO NOT PURCHASE!
  • Rootkit is a program or set of programs used by an intruder to both hide their presence on a computer system and allow future access to that same system. A rootkit will usually either manipulate the data set the operating system relies on, or alter the execution flow of the operating system. It is important you realize that rootkits are designed to be very stealthy, meaning they are difficult to find or detect by normal means. Many rootkits have been so well written that their presence can go undetected for years.
  • Bootkit is a Rootkit infection that infects the master boot record of the hard drive. This type of infection makes it hard to remove other infection on the system by denying antivirus and anti-malware programs from running or re-infecting the computer after reboot. It also will not let the user run system restore to reverse changes to the system. This is probably one the hardest viral infection to remove as improper removal could result in lose of data and/or unbootable system.
  • Ransomware is a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Some forms of ransomware (CryptoLocker and CryptoWall) encrypt files on the system’s hard drive (cryptoviral extortion), while some may simply lock the system and display messages intended to coax the user into paying.

INFO LINKS:

Reveton Ransomware- http://www.pcworld.com/article/2466980/reveton-ransomware-upgraded-with-powerful-password-stealer.html

CryptoWallhttp://arstechnica.com/information-technology/2015/01/inside-cryptowall-2-0-ransomware-professional-edition

CryptoWall 3.0http://searchsecurity.techtarget.com/news/2240238734/CryptoWall-30-Ransomware-returns-adopts-I2P

CryptoLockerhttps://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know

Now how do I defend myself?

  • For starters always make a complete backup of any critical/crucial data such as resumes, pictures, class work and etc. I personally use Flash Drives (Sandisk or Lexar) as I found they’re less prone to damage and can be placed in a small fire proof safe for safe keeping. Some can be encrypted to protect data from prying eyes and alteration.
  • Run an updated antivirus program such as NOD32 Antivirus , Microsoft Security Essentials and always make sure your definitions are up to date as well.
  • Install and run Anti-Adware software such as Spybot S&D, Malwarebytes and SuperAntiSpyware which are all free. Now you must manually keep these updated and run them at least twice a month.
  • Make sure your OS is up to date by using Windows Update at least once a month. If you are using Windows XP [both versions] make sure you are running Service Pack 3 (SP3), for Vista [all versions] Service Pack 2 (SP2), Windows 7 [all versions] Service Pack 1 (SP1) and lastly all version of Windows 8 should be Windows 8.1 update 1.
    NOTE: Support for Windows XP has ended as of April 8, 2014. No new updates will be released from Microsoft. With that being said, use Windows XP at your own risk!
  • Use an alternative web browser such as Mozilla FireFox, Google Chrome or Opera as they are less susceptible to malicious scripts and browser hijacking. Also download and install an addon called Adblock as this blocks known malware infected ads.
  • Do not use Internet Explorer unless you are having problems viewing a site through Firefox, Chrome or Opera. After you are done viewing the site you where having problems with shut down IE and launch one of the above browsers. Do not continue navigating with IE as your system can be open to infection via exploits in Microsoft’s browser.
  • Make sure Adobe Reader and Flash Player are up to date. Also make sure your Java and Shockwave are current as well. As exploits in these application have been used to allow malicious code to be download and installed on your computer. Adobe and Java updates can be found in our download section.
  • Do not install downloaded software that you are unsure about specially ones that say they are free, check with your local computer shop first. As these are one of the leading cause of adware/spyware/malware infections on systems today.
  • Do not click on pop-ups saying your system is at risk or registry needs cleaning or that you are infected by adware/virus as they will install a small piece of code on your system thus infecting the computer.
  • Do not use applications like Ares, Limewire, Shareaza, BitTorrent, or any other peer to peer software. As the files you download with them will most likely will be infected with some type of trojan, worm or malware.
  • Run your Anti-Virus or Anti-Adware program in safe mode for your best chance to detecting and removal of infections. See here for instructions on how to enter Safemode.
  • Delete all files in the following directors: C:\Temp and/or C:\Windows\Temp and/or C:\Documents and Settings\Your Account Name Here\Local Settings\Temp and/or C:\Users\Your Account Name Here\AppData\Local. This also can be done with a program called CCleaner.

What should I do if I am infected and I can not clean it myself?

  • First if you are connected to the internet disconnect so as to disable the program from communicating and updating itself. Then attempt to run a system scan with one of the above mentioned antivirus and anti-malware programs.
  • If you suspect a dialer program pull/remove the phone cord from your modem and contact your phone company to disable 900 and/or other related toll numbers.
  • If you do find yourself in this situation and you cannot remove it or feel uncomfortable doing it yourself, then the best choice is to take it to a trained professional so that you do not suffer an inoperable system and|or data lose.

**ATTENTION CUSTOMERS THAT HAVE PICKED UP YOUR COMPUTER AFTER REPAIR**

For those using Time Warner Cable or Verizon DSL make sure you power cycle your modem before hooking up you computer.

DSL Modem: Most have an on/off switch on the rear of the unit if not just pull the plug from behind.
Cable Modem: Pull plug from behind the unit or from the wall outlet itself.

Router (wifi): Should have a toggle switch in the rear of the router if not just unplug from either the back of the unit or wall outlet.

For both types let the modem sit unplugged/off for at least a minute or so. Now with the modem, router if applicable and computer off hook up all your cables including those used to connect the modem and/or router (usually a Cat5 cable but sometimes it could be hooked via a USB connection) to your system. At this point turn on you modem and/or router wait about 30 sec and then turn on your computer. When the system has fully booted and OS is loaded you should now be able to connect to the internet with no problems.

Note: These steps are also useful if you are having problems with internet connectivity which is due to your modem periodically needing to be power cycled. Good rule to remember is to power on these unites in this order; 1) Cable/DSL Modem 2) Router (wifi) – 3) Computer/Laptop

How to renew you IP address in Windows XP, Vista* ,7* or 8*:

Click on Start button then click on Run and then type in “cmd” without quotes now hit ok/enter. At the blinking cursor of the command prompt type in “ipconfig /release” and hit enter. Make sure you leave a space between ipconfig and the slash (/). Now type “ipconfig /renew and hit enter.

-Example

C:>ipconfig /release
C:>ipconfig /renew

Or

C:Documents and SettingsInsert Name>ipconfig /release
C:Documents and SettingsInsert Name>ipconfig /renew

Or

C:WindowsSystem32ipconfig /release
C:WindowsSystem32ipconfig /renew

* Windows Vista, Windows 7 and Windows 8 will require you to run cmd with administrator privileges or elevated Command Prompt. In the run / search box type “cmd” cmd and hit Ctrl+Shift + Enter simultaneously. You will be prompted with the User Account Control dialogue, just click yes.

Updated January 30, 2015

Share Button