Diagnose, Treat and Destroy

Viruses, Malware, Spyware and other Infectious Computer Problems

By Cody Helscel

1

Copyright and disclaimer © Copyright 2012 Cody R. Helscel. All Rights Reserved.

Please note that much of this publication is based on personal experience and anecdotal evidence.

Although the author has made every reasonable attempt to achieve complete accuracy of the content in

this Guide, he assumes no responsibility for errors or omissions. Additionally, you should use the

information contained in this Guide as you see fit and at your own risk. Your particular situation may not

be exactly suited to the examples illustrated here. If this is the case, you should adjust your use of the

information accordingly.

Any trademarks, service marks, product names or named features are assumed to be the property of their

respective owners and are used only for reference. There is no implied endorsement if we use one of these

terms.

Feel free to visit Cody’s Web sites at GeeksareHere.com and CodyHelscel.com.

2

Table of Contents

Introduction........................................................................................................................................... 3

Harmful software .................................................................................................................................. 3

What is a computer virus? ................................................................................................................... 3

What is malware? ................................................................................................................................ 3

What is spyware? ................................................................................................................................ 4

Differences between viruses, spyware and malware ........................................................................... 4

What is a computer worm? ................................................................................................................. 4

The Trojan horse ................................................................................................................................. 4

Brief history of computer viruses ........................................................................................................ 5

Different types of viruses ...................................................................................................................... 5

Stealth viruses ..................................................................................................................................... 5

Boot viruses ........................................................................................................................................ 5

Viruses that reside in RAM (memory) ................................................................................................ 5

Computer hijacks .................................................................................................................................. 5

What are hijacks? ................................................................................................................................ 5

Desktop and Web browser hijacks ...................................................................................................... 6

Scams, spam and phishing.................................................................................................................... 6

Scams .................................................................................................................................................. 6

Spam ................................................................................................................................................... 6

Phishing .............................................................................................................................................. 6

Three levels of security ......................................................................................................................... 7

What can viruses do to a computer? ................................................................................................... 7

Software you should have ..................................................................................................................... 7

Anti-virus software ............................................................................................................................. 7

Anti-spyware software ........................................................................................................................ 8

Anti-malware software ........................................................................................................................ 8

How anti-virus software is updated ..................................................................................................... 8

Preventing viruses ................................................................................................................................. 8

Detecting viruses and signs to look for ................................................................................................ 9

Recovering from viruses ....................................................................................................................... 9

System restore ..................................................................................................................................... 9

Externally removing viruses............................................................................................................... 10

Software reference .............................................................................................................................. 11

Contacting the author ......................................................................................................................... 12

3

Introduction

My objective, in this short book, is to teach you the fundamentals of viruses, other harmful

software and how to remove them. I will only briefly cover the process of removing viruses,

because the fundamentals are far more important than the process of removing viruses. Once you

learn the fundamentals, you should be able to tackle most viruses.

Each situation is different, and you need to know the fundamentals of viruses so that you can

analyze each situation accordingly. To get the most out of this book, I ask that you forget any

one specific process for removing viruses. Although running a virus scan can be effective, it is

not the only action you should take.

Throughout the course of this book, I will use the term “virus” and any variation of the term

“virus”, such as “viruses”, to describe harmful software on your computer. Sometimes, however,

I will refer to other terms such as “spyware” and “malware” when talking about specific types of

software.

It is important to understand what you’re dealing with when working to remove viruses. We will

begin by defining various types of harmful software.

Harmful software

Three main types of harmful software exist, and they are described below in detail. Harmful

software includes viruses, spyware and malware. Subtypes of these include computer hijacks,

worms and Trojan horse viruses. They are also described in sections that follow.

What is a computer virus? A computer virus is software designed to spread itself throughout your computer and across

networks of computers. Sometimes, viruses contain other viruses. These types of viruses release

the viruses they contain as the primary virus moves through your computer. Furthermore, viruses

are specific to the operating system it was created for. For example, a virus that was created to

attack a computer running Microsoft Windows cannot attack computers running Macintosh and

vice versa.

Many forms of computer viruses exist. Viruses are not to be confused with malicious software,

which is described below. Viruses can be spread through your email attachments, Web sites,

internet downloads and other sources. Fortunately, good, free software can be downloaded to

protect your computer from these threats.

What is malware? Malware is software that is installed on your computer and gives either partial or full control of

your computer to the software, which allows the software's creator to manipulate your data in a

harmful manner. We refer to malware as malicious software.

Usually, malicious software blocks you from using the internet and running anti-virus scans. The

software prompts you to purchase fake software so that you may "unlock" your computer. This

form of malicious software is commonly known as hijacking your computer, or holding your

4

computer for ransom. The term “hijack” is described in a later section. Occasionally, even after

you remove malware from your computer, it will reinstall itself when your computer is restarted.

Therefore, it is important to scan your computer for malware, after you restart your computer. In

other words, you want to be sure your computer is free from harm before considering your work

done.

What is spyware? Spyware is software that is often automatically installed on your computer from Web sites.

Spyware enables information to be gathered about your internet activities, such as banking

transactions and retrieving your account information from Web sites you visit.

Often times, viruses, spyware and malware correlate. In other words, they attract each other and

then work together to harm your computer. That is not to say they form a team, because they

don’t. However, they don’t usually care when other viruses are installed on your computer.

Differences between viruses, spyware and malware Viruses are categorically more severe than spyware and malware. Viruses cause more harm to

your computer than the other two types. In addition to the harm caused by viruses, they can also

damage your computer’s hardware. Spyware typically does not cause any real harm to your

computer. Spyware spies on you for the purpose of stealing information about your Web

browsing habits, such as when you visit Web sites. Malware often does harm to your computer

but usually nothing that can’t be fixed. Malware sometimes locks your computer, and the

malware’s creator requires money before you can unlock your computer. Unless you have the

malware professionally removed from your computer, your computer remains locked.

Unlike spyware and malware, viruses usually do not have a real purpose. They are made to

destroy. Virus creators want to have fun, create a name for themselves or brag to others.

Malware and spyware can be used to steal banking information or other personal information

from you. Consequently, creators of these types have actual motives.

What is a computer worm? A computer worm is a form is a virus that spreads itself through your computer and other

computers on your network. As a virus, worms can replicate themselves. They can spread

automatically, without user intervention. Worms typically do less damage than regular computer

viruses. However, worms can still be created to delete files or affect computers in other harmful

ways.

The Trojan horse A Trojan horse is a type of malware. Unlike viruses, a Trojan horse does not spread itself

throughout a computer. Trojan horses hide within your computer for the purpose of sending

information back to the culprit. Additionally, the term “Trojan horse” dates back to the Trojan

War when the Greeks created a large wooden horse. Greeks hid inside the wooden horse and

then the Trojans pulled the wooden horse inside their gates. Later that night, the Greeks emerged

from the horse and then defeated the Trojans to end the war. That is how the Trojan horse virus

gets its name, and the virus’ behavior is similar to the wooden horse used by the Greeks.

5

Brief history of computer viruses One of the first computer viruses was detected in 1986 and was called “The Brain”

(http://www.f-secure.com/v-descs/brain.shtml). It was found on an operating system that existed

before Bill Gates created Microsoft Windows. The authors of The Brain originally claimed they

didn’t intend to inflict harm. Even if this was the case, the fact is that many virus creators, since

then, learned from The Brain. As time progressed, computer viruses became more stealthy and

sophisticated. At the same time, anti-virus companies became more sophisticated as well. So we

have had a constant battle between the good guys and the bad guys. Good guys always win in

this case, because we have more money and support. For example, virus creators generally work

as individuals or small teams, whereas anti-virus companies have millions of dollars and a lot of

research. Furthermore, virus creators are generally very young and bad programmers. If they

were good programmers, they wouldn’t be creating viruses. Even so, they are not to be

underestimated and are usually very smart.

Different types of viruses

Stealth viruses Beware of stealth viruses! They are the viruses you don’t know are on your computer until it’s

too late. They can be tricky to detect. However, if you have real-time protection, you can

eliminate most or all of these threats.

Boot viruses Boot viruses are viruses that infect a main part of your hard drive. In other words, before you see

Microsoft Windows start, the virus is already doing its dirty work. If the virus is severe enough,

it will prevent Microsoft Windows from starting. If you’re interested in a little technical talk, the

area that this type of virus infects is called the Master Boot Record (MBR) of your hard drive.

Do not despair, though. You may still be able to remove the virus by removing your hard drive

and then using an anti-virus scanner to rid your hard drive of the virus.

Viruses that reside in RAM (memory) Sometimes, viruses can reside in your memory. With these viruses, anything that opens on your

computer can then become infected. For example, if you have Microsoft Word open and a virus

is in your memory, Microsoft Word will likely be infected.

Computer hijacks

What are hijacks? Your computer can be hijacked in many different ways. Nevertheless, the word “hijack” means

that your computer has been taken hostage by software. For example, your desktop can display

certain images. When you try and change your desktop’s background, often you cannot even

open the options for that to happen. A more common example is when your Web browsers, such

as Internet Explorer or Mozilla Firefox, redirect to certain Web pages instead of allowing you to

input your own. These types of hijacks are caused by malware. Speaking of malware, other

forms of malware can be less severe in order for you to keep using your computer as normal.

6

Desktop and Web browser hijacks Two main types of hijacks exist: desktop and Web browser. Often times, both hijacks are used,

along with others.

Desktop hijacking is when the culprit takes over your desktop to display an image, text, Web site

address or nearly anything else. The messages, and hijacks and themselves, can be extremely

annoying. When your desktop is hijacked, you cannot change your desktop background, until

you remove the malware.

When your Web browser is hijacked, you cannot browse the Web. You can see why this type of

hijack is very annoying. Unknowledgeable computer users are especially annoyed by this type of

hijack. Similar to the desktop hijack, you won’t be able to browse the Web until the malware is

removed. Additionally, the Web browser will probably display payment information so that you

may pay to unlock your Web browser. Don’t be fooled by these scams. Remove the malware,

and your internet will work again!

Keep in mind that when your computer is hijacked, many other aspects are locked too, such as

modifying computer settings or accessing system areas such as the Control Panel.

Scams, spam and phishing

Scams, spam and phishing are all worth mentioning so that you are aware of them. Although

these items are not viruses, they are common threats. Some are more common than others.

Written below is more information about the aforementioned threats.

Scams Many scams exist, whether through email, social networks, instant messengers, Web forums or

other sources. The person who is trying to scam you will make an arbitrary story to convince you

to pay or receive money. Sometimes, scammers will make their story convincing. They always

try. Nevertheless, you should not send money unless you trust the source. This topic has been the

subject of many security themes set in place by business such as PayPal, eBay, Amazon and

others.

Spam Spam is usually intrusive and random. The spam creators decide to slam you with hundreds or

thousands of messages pertaining to their services or business. Furthermore, spammers have poor

programming skill. After all, if they had good programming skill, they wouldn’t be creating

spam. Would they?

Phishing Phishing is when someone creates a Web page that looks like a real Web page you visit. Creators

of this type of intrusion do this to gain information from you. An example of phishing is if

someone sent you a link through your email, and the link sends you to mspace.com. Subtly, it’s

not MySpace.com, but that is what it looks like. Additionally, when you visit the link, it looks

similar to the home page of MySpace.com. So you enter your username and password for

MySpace.com, because that’s what you think it is. Now, the intruder has your MySpace.com

7

username and password, and you might not even realize it. This issue has been addressed in all

major Web Browsers, especially and starting with Internet Explorer.

Three levels of security

In my experience, I determined three levels of security for any computer. These three levels are

green, orange and red. You may already know the meaning of the green level. It is when your

computer is free from harm, and you are protected from external threats. The orange level is

when you have harmful software on your computer, but you are able to work with it. At the

orange level, you should disconnect from the internet to prevent the culprit from stealing

information such as your banking information. You probably already guessed that the red level is

the most severe. This level of security is rare, though. Less than 10% of people with computer

problems are at the red level.

What can viruses do to a computer?

Viruses can have many effects on your computer. The possibilities are virtually endless. It all

depends on the instructions given to the virus by the programmer. Here is a short list to get you

aware:

1. Open a CD drive. This is usually more of a joke than an intention to cause harm.

2. Print from your printer.

3. Literally ruin or damage your hard drive.

4. Ruin your CD drive. This is usually caused by malicious or bootlegged software.

5. Erase files on your computer. Sometimes, these viruses remove system files, so you need

to back up your personal files and then reinstall Microsoft Windows. More experienced

virus removers can restore certain system files which will restore the files that the virus

deleted.

6. Shut down your computer at seemingly random times. Sometimes, the virus might shut

down your computer when you try to run an anti-virus scan, for example.

Software you should have

Before moving to the software you should have, let me inform you that you don’t need to

memorize or write down the names right now, because I’ll organize software references in the

back of this book. Additionally, you will be pleased that you only need a minimum of three

software programs which are written below. Well technically, the only required software is an

anti-virus. You’ll see why the others are important as well.

Anti-virus software First and most important software we need is anti-virus software. You should definitely have this

software! In fact, some studies show that within 24 hours of purchasing a new computer, if you

do not have active anti-virus software and have an internet connection, you will receive a virus.

With that being said, two good, free anti-viruses are available to us. They are avast! Free Anti-

virus and AVG Free. Don’t be concerned with which anti-virus to choose. They are both truly a

matter of personal preference. I personally prefer avast! Free Anti-virus for homes and AVG

Free for small businesses.

8

Anti-spyware software Next, we need anti-spyware software. You want what is known as real-time protection. This is

your protection from online threats. Real-time protection prevents you from receiving harmful

software when you are innocently browsing Web sites. Two free software programs are available

to us, and we should use them both. The first program is SpywareBlaster. The second program is

Spybot - Search & Destroy. SpywareBlaster does not have any scans. Instead, it only provides

real-time protection. Spybot - Search & Destroy has a scan and what is called immunization.

After you install Spybot - Search & Destroy, you will need to update it and all the definitions for

new spyware detection rules. Then, you can immunize your computer from online threats.

Additionally, Spybot - Search & Destroy does have an excellent spyware scanner.

Anti-malware software Finally, we need malware protection. Although both SpywareBlaster and Spybot - Search &

Destroy provide real-time protection against virtually all malware, we have an excellent, free

malware scanner at our fingertips. The software is called Malwarebytes’ Anti-Malware. With this

program, you can run a quick scan or full scan. You will rarely need the full scan feature.

We considered the software you will need in order to remove viruses, spyware and malware. But

we’re not finished. There’s more you need to know!

How anti-virus software is updated Let’s pretend a new virus is created right now, or five seconds ago. The virus is distributed

across the internet and then begins to infect computers. With the algorithms of sophisticated anti-

virus software, it learns of this new virus. Then, the new virus somehow gets a name, as well as a

definition. Then, the virus is submitted to the large worldwide database of viruses that is shared

among various anti-virus programs. That is how anti-virus software is updated. This process

happens in a matter of seconds. Mostly, it is easy for anti-virus software to determine what a

virus is, because viruses have certain behaviors; they are generally of certain types.

Preventing viruses

Virus prevention is more important than removing the virus. After all, if we prevent viruses from

infecting our computer, we won’t need to remove any viruses. And, we won’t need to clean-up

after the virus has caused damage.

Although no system is ever completely protected from all viruses, below are a few guidelines:

Minimize downloads from unknown software sources.

Have anti-virus software installed on your computer, and make sure it offers real-time protection.

Be aware of opening email attachments from people you don’t know.

Look for signs of a virus after you install software from unknown sources.

Minimize your network connections. Only use network connections you need; close any you don’t need.

9

Detecting viruses and signs to look for

The easiest way to detect viruses is to allow your real-time protection to alert you when a virus

tries entering into your computer. If, for some reason, you do not have real-time protection, look

for the signs stated in the previous section.

Viruses may come in many forms, and new viruses are created and infecting computers every

day. Therefore, below is a list of possible signs that a virus might be doing its dirty work in your

computer:

Applications aren’t working properly

Internet can’t be used, because it is being blocked

Computer settings can’t be changed (e.g. Desktop background)

You receive weird messages before logging into Windows

Files and folders mysteriously disappear

Other system files, such as files in the Control Panel, suddenly are missing

You receive random and annoying alert messages in Windows

Don’t panic if you notice any of the signs above. Sometimes, you may notice errors caused by

software, hardware or users. However, if you feel like you might have a virus, check with a

professional, or run a virus scan using your anti-virus software. Of course, if you notice files

have unexpectedly disappeared, you probably have a type of virus.

Recovering from viruses

If you receive a virus, it is important to catch the virus early before it does too much damage to

your computer. Additionally, be sure to remove all copies of the virus, because some viruses will

reinstall themselves, even after you restart your computer.

If the virus is severe enough, you may need to back-up your important files, such as documents

and pictures, reformat your hard drive and then reinstall Microsoft Windows. If you need to

reinstall Microsoft Windows, check with your computer’s manufacturer for recovery disks or a

way to reset your computer to factory settings. You don’t want to purchase a copy of Microsoft

Windows if your manufacturer has a recovery disk.

If the virus is not as severe as previously noted, you can simply remove the virus and then restore

any files that the virus affected. After you remove the virus, it is a good idea to use CCleaner to

help clean and reorganize important computer files. CCleaner is referenced in the back of this

book.

System restore Sometimes, it is necessary to utilize a Window’s feature called System Restore. You may use

System Restore to restore files that were deleted by the virus. System Restore does not remove

your personal pictures or documents. Additionally, you can only restore your computer to an

earlier back-up. Usually, Microsoft Windows automatically creates back-ups for you.

10

Externally removing viruses

To remove viruses externally, without being on your computer, you must first remove the hard

drive from your computer. You will need a hard driver reader to plug your hard drive into. With

your hard drive safely in your hard drive reader, plug the hard drive reader into a separate

computer such as a laptop or another computer. Then, you can run anti-virus, spyware and

malware scans to remove any harmful software from your hard drive.

11

Software reference

As promised, below are references to recommended free software.

Anti-virus

avast! Free Anti-virus (http://avast.com/free-antivirus-download) AVG Free (http://free.avg.com/us-en/free-antivirus-download)

The Anti-virus software you choose depends entirely on your personal preference. I personally

prefer avast! Free Anti-virus for home computers and AVG Free for small businesses.

Anti-spyware

Spybot - Search & Destroy (http://safer-networking.org/en/download/index.html)

SpywareBlaster (http://javacoolsoftware.com/spywareblaster.html)

Anti-malware

Malwarebytes’ Anti-Malware (http://malwarebytes.org/products/malwarebytes_free)

General purpose

CCleaner (http://piriform.com/ccleaner/download)

12

Contacting the author You can learn more about the author at CodyHelscel.com.

You can visit his company Web site at GeeksareHere.com and then go to the Customer Service area.