Viruses on our computers are about as prevalent as the common cold.\u00a0 It’s not a matter of if you’ll get infected (or a cold), but when.\u00a0 Cold remedies are a multi-billion dollar industry.\u00a0 Anti-Virus (A\/V) and malicious software (aka malware) defense and clean-up is quickly catching up.\u00a0 There are a few good sources on A\/V products that may help you decide the one that’s best for you (note: these are all for PC):<\/p>\n
The things with colds is that they usually go away on their own given 3-10 days (taking zinc early on helps, btw).\u00a0 That’s often not true with computer viruses.\u00a0 Anti-virus solutions aren’t 100% effective against all types of malware.<\/p>\n
What can you do if your PC gets infected and your A\/V product isn’t taking care of it?\u00a0 Below is an email from a student who’s grandparent’s computer got infected along with my response.\u00a0 It’s not intended to single-out this student or his grandparents, but to use it as a case on how to respond when the inevitable infection hits.<\/p>\n
From the student:<\/p>\n
We shouldn’t get tunnel vision when\u00a0protecting our homes\u00a0and with all the emerging methods to breach security (e.g. bash bug), we have to stay diligent. Indeed the low hanging fruit is the one to get plucked. I talked with my fiance’s grandparents this week and they have unfortunately fallen victim to a classic social engineering scam. Someone called the grandmother claiming to be a technician from her anti-virus software company. He then asked for various sensitive information from her (i.e. passwords, credit card numbers, etc.) and she naively gave up the information trusting this gentleman, when he told her that something was wrong with her computer.<\/p>\n
Now every time she connects to the internet, this\u00a0d%&$ has remote control over her PC. He contacts her saying that he will not give up control of the PC unless she pays him more money. I’m planning on doing some serious overhaul on\u00a0their laptop the next time I visit.<\/p><\/blockquote>\n
My response:<\/p>\n
This is a classic case of ransomeware. \u00a0 Re-imaging the PC and starting with a clean slate is the only sure-fire way to get rid of the problem(s).\u00a0 Most companies now don\u2019t even spend time trying to remove malware.\u00a0 They\u2019ll just save any important files first and then re-image.\u00a0 This person should be able to boot to safe mode to grab any local files on the PC before they re-image it.<\/p>\n
If the you have time and wants to experiment, she\/he can use SysInternals Suite<\/a> tools to try to manually remove it.\u00a0 Have her\/him watch the video, \u201cMalware Hunting with Mark Russinovich and the Sysinternals\u00a0<\/a>Tools.\u201d\u00a0\u00a0 It’s a great tool to learn how to effectively use the SysInternals Process Monitor, Process Explorer, and Autoruns, focusing on the features useful for malware analysis and removal. He makes it look easy.<\/p>\n
Of course, there\u2019s always Malwarebytes<\/a>, Junkware Removal Tool<\/a>, and Malicious Software Removal Tool<\/a>. These may also remove the offending files.<\/p>\n
(I’m assuming this is a Windows PC.)<\/p><\/blockquote>\n
What tools \/ techniques do you like to use for malware defense and removal?\u00a0 Please comment and share your ideas.<\/p>\n","protected":false},"excerpt":{"rendered":"
Viruses on our computers are about as prevalent as the common cold.\u00a0 It’s not a matter of if you’ll get infected (or a cold), but when.\u00a0 Cold remedies are a multi-billion dollar industry.\u00a0 Anti-Virus (A\/V) and malicious software (aka malware) defense and clean-up is quickly catching up.\u00a0 There are a few good sources on A\/V […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[32,7,8,3],"tags":[],"class_list":["post-214","post","type-post","status-publish","format-standard","hentry","category-concepts","category-assessments","category-security-education","category-security-management"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/posts\/214","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/comments?post=214"}],"version-history":[{"count":2,"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/posts\/214\/revisions"}],"predecessor-version":[{"id":216,"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/posts\/214\/revisions\/216"}],"wp:attachment":[{"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/media?parent=214"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/categories?post=214"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurity.bellevue.edu\/index.php\/wp-json\/wp\/v2\/tags?post=214"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}