Concepts, Security Assessments, Security Education, Security Management

What to do about Malware?

Viruses on our computers are about as prevalent as the common cold.  It’s not a matter of if you’ll get infected (or a cold), but when.  Cold remedies are a multi-billion dollar industry.  Anti-Virus (A/V) and malicious software (aka malware) defense and clean-up is quickly catching up.  There are a few good sources on A/V products that may help you decide the one that’s best for you (note: these are all for PC):

The things with colds is that they usually go away on their own given 3-10 days (taking zinc early on helps, btw).  That’s often not true with computer viruses.  Anti-virus solutions aren’t 100% effective against all types of malware.

What can you do if your PC gets infected and your A/V product isn’t taking care of it?  Below is an email from a student who’s grandparent’s computer got infected along with my response.  It’s not intended to single-out this student or his grandparents, but to use it as a case on how to respond when the inevitable infection hits.

From the student:

We shouldn’t get tunnel vision when protecting our homes and with all the emerging methods to breach security (e.g. bash bug), we have to stay diligent. Indeed the low hanging fruit is the one to get plucked. I talked with my fiance’s grandparents this week and they have unfortunately fallen victim to a classic social engineering scam. Someone called the grandmother claiming to be a technician from her anti-virus software company. He then asked for various sensitive information from her (i.e. passwords, credit card numbers, etc.) and she naively gave up the information trusting this gentleman, when he told her that something was wrong with her computer.

Now every time she connects to the internet, this d%&$ has remote control over her PC. He contacts her saying that he will not give up control of the PC unless she pays him more money. I’m planning on doing some serious overhaul on their laptop the next time I visit.

My response:

This is a classic case of ransomeware.   Re-imaging the PC and starting with a clean slate is the only sure-fire way to get rid of the problem(s).  Most companies now don’t even spend time trying to remove malware.  They’ll just save any important files first and then re-image.  This person should be able to boot to safe mode to grab any local files on the PC before they re-image it.

If the you have time and wants to experiment, she/he can use SysInternals Suite tools to try to manually remove it.  Have her/him watch the video, “Malware Hunting with Mark Russinovich and the Sysinternals Tools.”   It’s a great tool to learn how to effectively use the SysInternals Process Monitor, Process Explorer, and Autoruns, focusing on the features useful for malware analysis and removal. He makes it look easy.

Of course, there’s always Malwarebytes, Junkware Removal Tool, and Malicious Software Removal Tool. These may also remove the offending files.

(I’m assuming this is a Windows PC.)

What tools / techniques do you like to use for malware defense and removal?  Please comment and share your ideas.