Computer Virus Guide
-
Upload
cody-helscel -
Category
Technology
-
view
335 -
download
0
Transcript of Computer Virus Guide
Diagnose, Treat and Destroy
Viruses, Malware, Spyware and other Infectious Computer Problems
By Cody Helscel
1
Copyright and disclaimer © Copyright 2012 Cody R. Helscel. All Rights Reserved.
Please note that much of this publication is based on personal experience and anecdotal evidence.
Although the author has made every reasonable attempt to achieve complete accuracy of the content in
this Guide, he assumes no responsibility for errors or omissions. Additionally, you should use the
information contained in this Guide as you see fit and at your own risk. Your particular situation may not
be exactly suited to the examples illustrated here. If this is the case, you should adjust your use of the
information accordingly.
Any trademarks, service marks, product names or named features are assumed to be the property of their
respective owners and are used only for reference. There is no implied endorsement if we use one of these
terms.
Feel free to visit Cody’s Web sites at GeeksareHere.com and CodyHelscel.com.
2
Table of Contents
Introduction........................................................................................................................................... 3
Harmful software .................................................................................................................................. 3
What is a computer virus? ................................................................................................................... 3
What is malware? ................................................................................................................................ 3
What is spyware? ................................................................................................................................ 4
Differences between viruses, spyware and malware ........................................................................... 4
What is a computer worm? ................................................................................................................. 4
The Trojan horse ................................................................................................................................. 4
Brief history of computer viruses ........................................................................................................ 5
Different types of viruses ...................................................................................................................... 5
Stealth viruses ..................................................................................................................................... 5
Boot viruses ........................................................................................................................................ 5
Viruses that reside in RAM (memory) ................................................................................................ 5
Computer hijacks .................................................................................................................................. 5
What are hijacks? ................................................................................................................................ 5
Desktop and Web browser hijacks ...................................................................................................... 6
Scams, spam and phishing.................................................................................................................... 6
Scams .................................................................................................................................................. 6
Spam ................................................................................................................................................... 6
Phishing .............................................................................................................................................. 6
Three levels of security ......................................................................................................................... 7
What can viruses do to a computer? ................................................................................................... 7
Software you should have ..................................................................................................................... 7
Anti-virus software ............................................................................................................................. 7
Anti-spyware software ........................................................................................................................ 8
Anti-malware software ........................................................................................................................ 8
How anti-virus software is updated ..................................................................................................... 8
Preventing viruses ................................................................................................................................. 8
Detecting viruses and signs to look for ................................................................................................ 9
Recovering from viruses ....................................................................................................................... 9
System restore ..................................................................................................................................... 9
Externally removing viruses............................................................................................................... 10
Software reference .............................................................................................................................. 11
Contacting the author ......................................................................................................................... 12
3
Introduction
My objective, in this short book, is to teach you the fundamentals of viruses, other harmful
software and how to remove them. I will only briefly cover the process of removing viruses,
because the fundamentals are far more important than the process of removing viruses. Once you
learn the fundamentals, you should be able to tackle most viruses.
Each situation is different, and you need to know the fundamentals of viruses so that you can
analyze each situation accordingly. To get the most out of this book, I ask that you forget any
one specific process for removing viruses. Although running a virus scan can be effective, it is
not the only action you should take.
Throughout the course of this book, I will use the term “virus” and any variation of the term
“virus”, such as “viruses”, to describe harmful software on your computer. Sometimes, however,
I will refer to other terms such as “spyware” and “malware” when talking about specific types of
software.
It is important to understand what you’re dealing with when working to remove viruses. We will
begin by defining various types of harmful software.
Harmful software
Three main types of harmful software exist, and they are described below in detail. Harmful
software includes viruses, spyware and malware. Subtypes of these include computer hijacks,
worms and Trojan horse viruses. They are also described in sections that follow.
What is a computer virus? A computer virus is software designed to spread itself throughout your computer and across
networks of computers. Sometimes, viruses contain other viruses. These types of viruses release
the viruses they contain as the primary virus moves through your computer. Furthermore, viruses
are specific to the operating system it was created for. For example, a virus that was created to
attack a computer running Microsoft Windows cannot attack computers running Macintosh and
vice versa.
Many forms of computer viruses exist. Viruses are not to be confused with malicious software,
which is described below. Viruses can be spread through your email attachments, Web sites,
internet downloads and other sources. Fortunately, good, free software can be downloaded to
protect your computer from these threats.
What is malware? Malware is software that is installed on your computer and gives either partial or full control of
your computer to the software, which allows the software's creator to manipulate your data in a
harmful manner. We refer to malware as malicious software.
Usually, malicious software blocks you from using the internet and running anti-virus scans. The
software prompts you to purchase fake software so that you may "unlock" your computer. This
form of malicious software is commonly known as hijacking your computer, or holding your
4
computer for ransom. The term “hijack” is described in a later section. Occasionally, even after
you remove malware from your computer, it will reinstall itself when your computer is restarted.
Therefore, it is important to scan your computer for malware, after you restart your computer. In
other words, you want to be sure your computer is free from harm before considering your work
done.
What is spyware? Spyware is software that is often automatically installed on your computer from Web sites.
Spyware enables information to be gathered about your internet activities, such as banking
transactions and retrieving your account information from Web sites you visit.
Often times, viruses, spyware and malware correlate. In other words, they attract each other and
then work together to harm your computer. That is not to say they form a team, because they
don’t. However, they don’t usually care when other viruses are installed on your computer.
Differences between viruses, spyware and malware Viruses are categorically more severe than spyware and malware. Viruses cause more harm to
your computer than the other two types. In addition to the harm caused by viruses, they can also
damage your computer’s hardware. Spyware typically does not cause any real harm to your
computer. Spyware spies on you for the purpose of stealing information about your Web
browsing habits, such as when you visit Web sites. Malware often does harm to your computer
but usually nothing that can’t be fixed. Malware sometimes locks your computer, and the
malware’s creator requires money before you can unlock your computer. Unless you have the
malware professionally removed from your computer, your computer remains locked.
Unlike spyware and malware, viruses usually do not have a real purpose. They are made to
destroy. Virus creators want to have fun, create a name for themselves or brag to others.
Malware and spyware can be used to steal banking information or other personal information
from you. Consequently, creators of these types have actual motives.
What is a computer worm? A computer worm is a form is a virus that spreads itself through your computer and other
computers on your network. As a virus, worms can replicate themselves. They can spread
automatically, without user intervention. Worms typically do less damage than regular computer
viruses. However, worms can still be created to delete files or affect computers in other harmful
ways.
The Trojan horse A Trojan horse is a type of malware. Unlike viruses, a Trojan horse does not spread itself
throughout a computer. Trojan horses hide within your computer for the purpose of sending
information back to the culprit. Additionally, the term “Trojan horse” dates back to the Trojan
War when the Greeks created a large wooden horse. Greeks hid inside the wooden horse and
then the Trojans pulled the wooden horse inside their gates. Later that night, the Greeks emerged
from the horse and then defeated the Trojans to end the war. That is how the Trojan horse virus
gets its name, and the virus’ behavior is similar to the wooden horse used by the Greeks.
5
Brief history of computer viruses One of the first computer viruses was detected in 1986 and was called “The Brain”
(http://www.f-secure.com/v-descs/brain.shtml). It was found on an operating system that existed
before Bill Gates created Microsoft Windows. The authors of The Brain originally claimed they
didn’t intend to inflict harm. Even if this was the case, the fact is that many virus creators, since
then, learned from The Brain. As time progressed, computer viruses became more stealthy and
sophisticated. At the same time, anti-virus companies became more sophisticated as well. So we
have had a constant battle between the good guys and the bad guys. Good guys always win in
this case, because we have more money and support. For example, virus creators generally work
as individuals or small teams, whereas anti-virus companies have millions of dollars and a lot of
research. Furthermore, virus creators are generally very young and bad programmers. If they
were good programmers, they wouldn’t be creating viruses. Even so, they are not to be
underestimated and are usually very smart.
Different types of viruses
Stealth viruses Beware of stealth viruses! They are the viruses you don’t know are on your computer until it’s
too late. They can be tricky to detect. However, if you have real-time protection, you can
eliminate most or all of these threats.
Boot viruses Boot viruses are viruses that infect a main part of your hard drive. In other words, before you see
Microsoft Windows start, the virus is already doing its dirty work. If the virus is severe enough,
it will prevent Microsoft Windows from starting. If you’re interested in a little technical talk, the
area that this type of virus infects is called the Master Boot Record (MBR) of your hard drive.
Do not despair, though. You may still be able to remove the virus by removing your hard drive
and then using an anti-virus scanner to rid your hard drive of the virus.
Viruses that reside in RAM (memory) Sometimes, viruses can reside in your memory. With these viruses, anything that opens on your
computer can then become infected. For example, if you have Microsoft Word open and a virus
is in your memory, Microsoft Word will likely be infected.
Computer hijacks
What are hijacks? Your computer can be hijacked in many different ways. Nevertheless, the word “hijack” means
that your computer has been taken hostage by software. For example, your desktop can display
certain images. When you try and change your desktop’s background, often you cannot even
open the options for that to happen. A more common example is when your Web browsers, such
as Internet Explorer or Mozilla Firefox, redirect to certain Web pages instead of allowing you to
input your own. These types of hijacks are caused by malware. Speaking of malware, other
forms of malware can be less severe in order for you to keep using your computer as normal.
6
Desktop and Web browser hijacks Two main types of hijacks exist: desktop and Web browser. Often times, both hijacks are used,
along with others.
Desktop hijacking is when the culprit takes over your desktop to display an image, text, Web site
address or nearly anything else. The messages, and hijacks and themselves, can be extremely
annoying. When your desktop is hijacked, you cannot change your desktop background, until
you remove the malware.
When your Web browser is hijacked, you cannot browse the Web. You can see why this type of
hijack is very annoying. Unknowledgeable computer users are especially annoyed by this type of
hijack. Similar to the desktop hijack, you won’t be able to browse the Web until the malware is
removed. Additionally, the Web browser will probably display payment information so that you
may pay to unlock your Web browser. Don’t be fooled by these scams. Remove the malware,
and your internet will work again!
Keep in mind that when your computer is hijacked, many other aspects are locked too, such as
modifying computer settings or accessing system areas such as the Control Panel.
Scams, spam and phishing
Scams, spam and phishing are all worth mentioning so that you are aware of them. Although
these items are not viruses, they are common threats. Some are more common than others.
Written below is more information about the aforementioned threats.
Scams Many scams exist, whether through email, social networks, instant messengers, Web forums or
other sources. The person who is trying to scam you will make an arbitrary story to convince you
to pay or receive money. Sometimes, scammers will make their story convincing. They always
try. Nevertheless, you should not send money unless you trust the source. This topic has been the
subject of many security themes set in place by business such as PayPal, eBay, Amazon and
others.
Spam Spam is usually intrusive and random. The spam creators decide to slam you with hundreds or
thousands of messages pertaining to their services or business. Furthermore, spammers have poor
programming skill. After all, if they had good programming skill, they wouldn’t be creating
spam. Would they?
Phishing Phishing is when someone creates a Web page that looks like a real Web page you visit. Creators
of this type of intrusion do this to gain information from you. An example of phishing is if
someone sent you a link through your email, and the link sends you to mspace.com. Subtly, it’s
not MySpace.com, but that is what it looks like. Additionally, when you visit the link, it looks
similar to the home page of MySpace.com. So you enter your username and password for
MySpace.com, because that’s what you think it is. Now, the intruder has your MySpace.com
7
username and password, and you might not even realize it. This issue has been addressed in all
major Web Browsers, especially and starting with Internet Explorer.
Three levels of security
In my experience, I determined three levels of security for any computer. These three levels are
green, orange and red. You may already know the meaning of the green level. It is when your
computer is free from harm, and you are protected from external threats. The orange level is
when you have harmful software on your computer, but you are able to work with it. At the
orange level, you should disconnect from the internet to prevent the culprit from stealing
information such as your banking information. You probably already guessed that the red level is
the most severe. This level of security is rare, though. Less than 10% of people with computer
problems are at the red level.
What can viruses do to a computer?
Viruses can have many effects on your computer. The possibilities are virtually endless. It all
depends on the instructions given to the virus by the programmer. Here is a short list to get you
aware:
1. Open a CD drive. This is usually more of a joke than an intention to cause harm.
2. Print from your printer.
3. Literally ruin or damage your hard drive.
4. Ruin your CD drive. This is usually caused by malicious or bootlegged software.
5. Erase files on your computer. Sometimes, these viruses remove system files, so you need
to back up your personal files and then reinstall Microsoft Windows. More experienced
virus removers can restore certain system files which will restore the files that the virus
deleted.
6. Shut down your computer at seemingly random times. Sometimes, the virus might shut
down your computer when you try to run an anti-virus scan, for example.
Software you should have
Before moving to the software you should have, let me inform you that you don’t need to
memorize or write down the names right now, because I’ll organize software references in the
back of this book. Additionally, you will be pleased that you only need a minimum of three
software programs which are written below. Well technically, the only required software is an
anti-virus. You’ll see why the others are important as well.
Anti-virus software First and most important software we need is anti-virus software. You should definitely have this
software! In fact, some studies show that within 24 hours of purchasing a new computer, if you
do not have active anti-virus software and have an internet connection, you will receive a virus.
With that being said, two good, free anti-viruses are available to us. They are avast! Free Anti-
virus and AVG Free. Don’t be concerned with which anti-virus to choose. They are both truly a
matter of personal preference. I personally prefer avast! Free Anti-virus for homes and AVG
Free for small businesses.
8
Anti-spyware software Next, we need anti-spyware software. You want what is known as real-time protection. This is
your protection from online threats. Real-time protection prevents you from receiving harmful
software when you are innocently browsing Web sites. Two free software programs are available
to us, and we should use them both. The first program is SpywareBlaster. The second program is
Spybot - Search & Destroy. SpywareBlaster does not have any scans. Instead, it only provides
real-time protection. Spybot - Search & Destroy has a scan and what is called immunization.
After you install Spybot - Search & Destroy, you will need to update it and all the definitions for
new spyware detection rules. Then, you can immunize your computer from online threats.
Additionally, Spybot - Search & Destroy does have an excellent spyware scanner.
Anti-malware software Finally, we need malware protection. Although both SpywareBlaster and Spybot - Search &
Destroy provide real-time protection against virtually all malware, we have an excellent, free
malware scanner at our fingertips. The software is called Malwarebytes’ Anti-Malware. With this
program, you can run a quick scan or full scan. You will rarely need the full scan feature.
We considered the software you will need in order to remove viruses, spyware and malware. But
we’re not finished. There’s more you need to know!
How anti-virus software is updated Let’s pretend a new virus is created right now, or five seconds ago. The virus is distributed
across the internet and then begins to infect computers. With the algorithms of sophisticated anti-
virus software, it learns of this new virus. Then, the new virus somehow gets a name, as well as a
definition. Then, the virus is submitted to the large worldwide database of viruses that is shared
among various anti-virus programs. That is how anti-virus software is updated. This process
happens in a matter of seconds. Mostly, it is easy for anti-virus software to determine what a
virus is, because viruses have certain behaviors; they are generally of certain types.
Preventing viruses
Virus prevention is more important than removing the virus. After all, if we prevent viruses from
infecting our computer, we won’t need to remove any viruses. And, we won’t need to clean-up
after the virus has caused damage.
Although no system is ever completely protected from all viruses, below are a few guidelines:
Minimize downloads from unknown software sources.
Have anti-virus software installed on your computer, and make sure it offers real-time protection.
Be aware of opening email attachments from people you don’t know.
Look for signs of a virus after you install software from unknown sources.
Minimize your network connections. Only use network connections you need; close any you don’t need.
9
Detecting viruses and signs to look for
The easiest way to detect viruses is to allow your real-time protection to alert you when a virus
tries entering into your computer. If, for some reason, you do not have real-time protection, look
for the signs stated in the previous section.
Viruses may come in many forms, and new viruses are created and infecting computers every
day. Therefore, below is a list of possible signs that a virus might be doing its dirty work in your
computer:
Applications aren’t working properly
Internet can’t be used, because it is being blocked
Computer settings can’t be changed (e.g. Desktop background)
You receive weird messages before logging into Windows
Files and folders mysteriously disappear
Other system files, such as files in the Control Panel, suddenly are missing
You receive random and annoying alert messages in Windows
Don’t panic if you notice any of the signs above. Sometimes, you may notice errors caused by
software, hardware or users. However, if you feel like you might have a virus, check with a
professional, or run a virus scan using your anti-virus software. Of course, if you notice files
have unexpectedly disappeared, you probably have a type of virus.
Recovering from viruses
If you receive a virus, it is important to catch the virus early before it does too much damage to
your computer. Additionally, be sure to remove all copies of the virus, because some viruses will
reinstall themselves, even after you restart your computer.
If the virus is severe enough, you may need to back-up your important files, such as documents
and pictures, reformat your hard drive and then reinstall Microsoft Windows. If you need to
reinstall Microsoft Windows, check with your computer’s manufacturer for recovery disks or a
way to reset your computer to factory settings. You don’t want to purchase a copy of Microsoft
Windows if your manufacturer has a recovery disk.
If the virus is not as severe as previously noted, you can simply remove the virus and then restore
any files that the virus affected. After you remove the virus, it is a good idea to use CCleaner to
help clean and reorganize important computer files. CCleaner is referenced in the back of this
book.
System restore Sometimes, it is necessary to utilize a Window’s feature called System Restore. You may use
System Restore to restore files that were deleted by the virus. System Restore does not remove
your personal pictures or documents. Additionally, you can only restore your computer to an
earlier back-up. Usually, Microsoft Windows automatically creates back-ups for you.
10
Externally removing viruses
To remove viruses externally, without being on your computer, you must first remove the hard
drive from your computer. You will need a hard driver reader to plug your hard drive into. With
your hard drive safely in your hard drive reader, plug the hard drive reader into a separate
computer such as a laptop or another computer. Then, you can run anti-virus, spyware and
malware scans to remove any harmful software from your hard drive.
11
Software reference
As promised, below are references to recommended free software.
Anti-virus
avast! Free Anti-virus (http://avast.com/free-antivirus-download) AVG Free (http://free.avg.com/us-en/free-antivirus-download)
The Anti-virus software you choose depends entirely on your personal preference. I personally
prefer avast! Free Anti-virus for home computers and AVG Free for small businesses.
Anti-spyware
Spybot - Search & Destroy (http://safer-networking.org/en/download/index.html)
SpywareBlaster (http://javacoolsoftware.com/spywareblaster.html)
Anti-malware
Malwarebytes’ Anti-Malware (http://malwarebytes.org/products/malwarebytes_free)
General purpose
CCleaner (http://piriform.com/ccleaner/download)
12
Contacting the author You can learn more about the author at CodyHelscel.com.
You can visit his company Web site at GeeksareHere.com and then go to the Customer Service area.