Tag Archives: virus

Let Me Count the Ways…

There are an increasing number of ways you can get malware (spyware, virus, etc) on your system. Here is a basic summary of the types:

  • Running a program from removable media: This was the original method. You start a program that has the infection code embedded in it. In the early days, this usually involved viruses on diskette and they would let you know very quickly that you had let them loose on your computer, usually deleting or corrupting files. These attacks can still occur with CD/DVD or USB drives, but are fairly uncommon.
  • Booting with infected media: You start your computer with a diskette or CD/DVD that has infected code on it. The automatically attempts to boot or run off the media, thus launching the virus.
  • Opening an email: Many early viruses took advantage of programming defects in common email programs like Outlook and would be able to activate themselves when you simply opened the infected email. They would usually then access your address book and automatically propagate themselves and sending copies to all your contacts. This is a fairly uncommon method of transmission now, as most email programs have been fairly well patch, and many people are relying more on online email systems like gmail.
  • Clicking on pop up windows: Many early forms of spyware gained entry into your computer via your web browser, usually using security holes in Internet Explorer. You would visit some web page that showed some kind of pop up that enticed you into clicking on it. Once clicked on, the script would gain access to your system and download its payload.
  • Opening an email attachment: More modern viruses rely less on programming defects and instead use social engineering to deceive you into activating some kind of email attachment, usually containing an executable program, possibly embedded in a .zip file (archive).
  • Viewing an infected file:  Some very sophisticated attacks have virus code embedded in files such as graphic images or even PDF files.  Most of these types of infection can be prevented by keeping your system software up-to-date with the latest patches.
  • Clicking on an link: Usually coming in an email, the user clicks on a click that launches a virus from a web site. It can also happen via a web site link.
  • Accessing an infected web site: The latest wave of malware involves very sophisticated attacks. It starts by infecting susceptible websites with a virus delivery sytem. Once you simply visit that infected web site, even without clicking on anything, the virus will be instantly launched, attacking your web browser to gain access to your system via programming defects or lax security. This type of infection is one of the most difficult to prevent, but is generally not that common (as it requires a website to remain infected).

Most good antivirus programs can prevent most of these attacks, as long as the software is kept up-to-date with the latest program updates. And most quality email providers automatically scan your email to check for most types of virus.

Think you might have been infected? Read our article on Spyware/Virus Detection, or simply Contact Us to arrange a full system scan.

Malware Attacks Becoming More Deceptive: XP Antivirus

One of the more insidious malware attacks in recent months as been an attack that disguises itself as an antivirus program. It appears on your system as ‘XP Antivirus’, which is not a real product. It then usually flashes up a fake virus detection notice such as this:

And then tries to get you to purchase the software or updates, thus providing your credit card details to some rogue organization. In addition, the virus usually embeds itself deeply into your system software, making it difficult to remove. It may also monitor keystrokes and steal other personal data.

If you start encountering antivirus warnings from a program you are not familar with, you should have your system checked immediately.

You can also do a cursory check of your system following the steps outlined in our Support article:  Spyware/Virus Detection.

Spyware/Virus Detection

Your computer is acting “strange”, seems to be running really slow, or you’re getting popups and/or messages about viruses?  Then it’s time to scan the system for possible malware (spyware/viruses, etc).

Professional software packages like Nortons or McAfee should usually do the trick in detecting infections, but you need to make sure the virus definitions are up-to-date.  Even so, it is possible for even the best software to miss some infections, especially if it is a new variant.

Online Scanners

The simplest way to quickly check for an infection is to use run a virus scan.  There are a couple of online scanners for checking your system.  These operate through your web browser:

Kaspersky Virus Scan – Kaspersky seems to do the best job at detecting most infections.   Requires Java, which most browsers already have installed.

Panda ActiveScan – Requires a special plug-in download the first time you use it.

Generally, you want the program to scan your entire disk.  Most infections will be located either in your Windows directory, reside in the cache for your web browser, or as an email attachment.  The full scan will take a while to complete — anywhere from 30 minutes to a couple of hours.

These online scanners will only detect infections, they will NOT fix the problems.   Make sure you save any report or write down the details from the report if any infections are found.

Collecting a Hijackthis Report

A faster method for checking for an active infection (something currently running on your system) is to use a tool called HijackThis.  While the tool can be used to fix some infectionss, you generally only want to use it to collect a report.

As of this writing, HijackThis was being offered by TrendMicro (TrendSecure).  Link to download page. In general, you can just download the executable and run that without having to actually install it.

Run the program and select the option to ‘Do a system scan and save a log file’.  It scans all your active programs and system configuration, then provides you with a text report (usually in Notepad).   Save that report.

You can take things one step further and analyze your log online.  Here is one site that will analyze the results. It usually flags obvious malware, but can also mark a lot of programs as unknown or even false positives.

No Tools Checkup

If you don’t have the time to run an online scan or the HijackThis software, you can still do an  examination.  This may require more effort on your part, but sometimes its the fastest way to make a quick check.

Bring up the Task Manager and look at the process list.  The easiest way to start up the Task Manager is to hold down the Ctrl-Alt-Delete keys.  Once the Windows Task Manager dialog appears, click on the ‘Processes’ tab and make sure the ‘Show processes from all users’ is checked.   This tool shows you all the currently running processes on your system.  Almost all of them have to do with the operating system and utilities running on your system.  You’ll need to examine each process by name.  Usually you can ignore these as part of the operating system:

  • dllhost.exe
  • explorer.exe
  • rundll32.exe
  • services.exe
  • lsass.exe
  • csrss.exe
  • svchost.exe
  • taskmgr.exe
  • iexplore.exe

Look up any unknown entries using Google or try this web site: ProcessLibrary.com

While this quick check may turn up some suspicious entries, do not use it as a way to claim your system is clean.  Some malware can actually hide under one of the legitmate process names (like lsass.exe).  A full system scan is still the best diagnostic.  And many types of malware actually generated randomly named files, making it impossible to search by name.

We provided comprehensive malware scanning and removal — Contact Us when you need help with diagnosis or removal.