Tuesday, May 31, 2011

How Do You Know if Your Computer is Infected?

How do you know if your computer is infected by a virus?  Before getting started there is one important item to note!  Viruses in the last few years have changed from a more destructive nature to a money making/data mining operation.  This is important to note because most viruses are no longer causing visible damage (data loggers) or are masking there actions (fake anti-virus).  One more thing to note as well, computers have gotten significantly faster; so, a virus may no longer cause a noticeable reduction in performance.

The easiest way to determine if you system is clean, is to perform a virus scan using your anti-virus software.  Alternately you can also do a scan using an online virus scanner such as Symantec's Security Check: http://security.symantec.com/sscv6/WelcomePage.asp.   This of course is not a guarantee that your system is clean but would most likely enable you to eliminate a viruses as a possible cause of popups or a slow down.

Listed below in no particular order are some problems that are commonly associated with a virus.

  • Popups (internet popups) – this is not a good indicator of a virus, since a popups can be easily generated within a website.  However, numerous popups of questionable “content” may indicate an infection.
  • Slow Performance – with modern computers this is not as noticeable; but if you have an older computer, a virus (or viruses) can cause a major slow down.
  • Sudden change in Internet Settings – this is actually a fairly good indicator of a virus, especially if the home page changes to something questionable and some sites suddenly stop functioning.
  • You cannot access anti-virus related sites or install AV software – definitely a good indication of a virus.
  • An anti-virus program that claims you are infected with a zillion viruses and other such antics – a good indication that you have a virus!  In fact it is such a good chance you have virus, that the program that says you have a virus is probably the virus!
  • Your ISP calls you up and says you are sending way to much spam email – yes, this does happen!  And yes, this most likely means you are infected with a virus!
  • Numerous unrelated error message – definitely a possibility that you have a virus.
  • Unable to access system utilities such as task manager, msconfig, control panel utilities, ect. – a high possibility that you have a virus.
  • Windows no longer boots or suddenly shuts down – use to be a good indicator, but with the changes in viruses, it is no longer a good indication of a virus.

This list definitely does not list all of the possible problems a virus can cause!

Saturday, May 28, 2011

How to Remove Malware Protection?

Now you are probably wondering why would I want to remove malware protection?  Malware protection is good right?  Well in this case it “ain’t” so good, especially when the malware protection program is called Malware Protection!  This is yet another fake anti-virus (anti-malware) program.  Now the owner of this computer thinks that computer is infected by a virus because the anti-virus program says the computer is infected by a bunch of viruses (see screen shot below).  Naturally I was immediately suspicious from the description of some of the popups and after asking the name of the “supposed” anti-virus program and a quick web search my suspicions where confirmed.

Now like any respectable anti-virus program (cough – cough), Malware Protection was busy protecting against:

  1. Any .exe’s that you tried to run (for example Microsoft Word – winword.exe).  Of course all exe’s where infected by the W32 Blaster worm – won’t want that would we?
  2. Remote Network “hacking,” lots of remote networking hacking  (screenshot below)!
  3. No internet access – of course internet access is dangerous so we obviously do not need that!
  4. Shuts down current “real” anti-virus protection!
  5. Protects itself from being uninstalled – hate for that to happen?
  6. Prevents access to any system configuration utilities (MSConfig, Control Panel utilities, ect.)

Malware-Protection

Malware-Protection-blocking-network

How to Remove Malware Protection?

First off, I decided to try removing Malware Protection without restarting the computer and using Safe Mode, hopefully making the process easier.

  1. Since I am unable to run any .exe’s, I am first going to try killing Malware Protection’s process using a tool known as RKill from Bleeping Computer: http://www.bleepingcomputer.com/download/anti-virus/rkill.  RKill has a number of different .exe’s. and formats in case the virus blocks one.  I started by trying RKill.com, then RKill.exe, then RKill.scr, and finally uSeRiNiT.exe, which finally killed Malware Protection.  The first three RKill programs where killed by Malware Protection, and it took a few minutes for uSeRiNiT.exe to finally work.  You can download uSeRiNiT.exe directly at: http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe.  Now since I was not able to access the internet on this machine I downloaded RKill to my USB Flash drive and ran it from there.  From here you can skip to step 6 if you want.
  2. Now that Malware Protection’s process has been terminated, I reinstalled Microsoft Security Essentials, which apparently had been damaged by Malware Protection.  Upon installation Microsoft Security Essentials performed an virus definitions update followed by a quick scan which detected 5 viruses including Malware Protection.  Now at this point I was thinking: “man this was too easy” and rebooted the computer to finish Microsoft Security Essential’s installation.  To my unfortunate surprise Malware Protection was back and Microsoft Security Essential’s was no longer working (yep that .exe was infected by the W32 Blaster worm as well!).  Now it is very well possible that if I had done a full system scan instead of letting MSE perform the quick scan upon installation that I might have been done at this point!
  3. Ok, in that case I used RKill to kill malware protection again and used UnHackMe to perform a deep scan of the computer, unfortunately UnHackMe did not find Malware Protection, just some false positives.
  4. Next since SpyBot Search & Destroy was already installed on the computer I decided to try using that; and again with no results.
  5. With none of the other options working, I figured it was time to pull out the big guns and try Norton Antivirus.  Unfortunately no luck there either!
  6. I decided to give one more try with a final program known as MBAM.  MABM is a popular anti-malware removal tool and can be downloaded at: http://www.malwarebytes.org/.  With the Malware Protection process killed you should be able to access the internet on the infected machine without the need for using a second computer and a flash drive.  MBAM found Malware Protection in 2 places and removed both of them.  This is probably why it came back after MSE removed it from only the one location, most likely performing a full system scan with MSE would have found the second location.

Sunday, May 22, 2011

How to Fix a Locked Up Program?

I am sure at some point all of us have had a program lock up on us.  Now there are a number of ways of “fixing” a locked up program, and by the way rebooting the computer is the last fix and generally should only be required if Windows is locked up.
Now first off, lets get some technical info out of the way, when people say their computer is locked up or has crashed, this could mean a program has locked up or it could mean that Windows has locked up, which in most cases will lock up any programs you are using as well.  It could also mean that the computer is going eternally slow, in which case “patience is a virtue.”  It is important to differentiate between a locked up program and a locked up computer (Windows).  Locked up programs are generally easy to fix and should under most circumstances not require rebooting the computer, though if you read my last post, I would recommend you shut the computer off at some point (that night for sure!).  If Windows is locked up, it is basically going to be a given that you will have to reboot the computer.
Now on to how to fix the locked up program.
  1. The first step in fixing a locked up program is simply to have patience and wait.  Sometimes a program or Windows will appear to be locked up because it is has exceeded the the computer’s processing capabilities, causing the computer slow down or “hang.”  Also, if you have any unsaved work open, a little patience may save that work.  A good way to know if  program is still running or not is to open Task Manager, which will show the status of any running programs.  If the program status is “running” it most likely means your computer is working and you simply need to wait.  If the program status is “Not Responding” then the program is locked up, in which case I would still suggest waiting to see if the program will start responding again.  To open Task Manager, right click on the Task Bar and click Task Manager.  You can also press Ctrl + Alt + Delete simultaneously to open the Task Manager.  If it is not already, switch to the Applications Tab.
    right-click-task-bar-to-open-task-manager
    Windows-Task-Manager
  2. Now if patience does not work (more than a minute or two), we will need to try killing the program using Task Manager. The first step in closing the program is to try to end it nicely.  Simply select the program from the list and click End Task (bottom right hand side).  The End Task feature will attempt to close the program normally and hopefully save any unsaved work.  For me this only works about 50% of the time; so, do not get to hopeful!
  3. If closing the program normally does not work, then we will have to terminate the program.  To do this right click on the program that is not responding and click Go To Process.  The program I am going to terminate is Microsoft Word and by terminating Microsoft Word I will lose any unsaved work.  I should also note to observant people; that, yes, Microsoft Word is working just fine and not actually locked up.
    task-manager-terminating-a-program
    When you click the Go To Process, Task Manager will switch to the Processes Tab and highlight the Microsoft Word process.
    task-manager-terminating-a-process
    The highlighted process for Microsoft Word is WINWORD.EXE.  To end the program/process click the End Process (bottom right side).  Task Manager then will ask if you are sure you want to end the process.
    task-manager-confirming-process-termination
  4. Now if you are not able to terminate the program, the last thing to try is to reboot the computer.  Of course try to reboot normally without “killing” the computer first off!  If you cannot access the normal shutdown options, the power button on most computers should be set to shut the computer down, simply press the button (don’t hold the button down!) and the computer should shut down normally.  If the computer does not shut down then you will have to kill it by pressing and holding the power button tell the computer shuts down.

Saturday, May 14, 2011

The Simplest Fix for the Hardest Problems! Shut the computer OFF!

It seems like shutting a computer off is such a difficult thing to do!  However it could save you a lot of problems (headaches)!
Like the old saying, sometimes “the hardest problems have the simplest solutions!”  Well, that can be true with computers as well, and there is one simple fix that can solve a large number of problems.  Don’t worry everyone should know how to do this, and no complicated instructions are required!  The simplest fix is often to simply shut the computer off or reboot it!  Now of course shutting the computer off will not fix all problems, such as viruses; but it often fixes performance related problems and locked up programs.
There is actually some debate over whether or not you should regularly turn your computer off.  Some claim turning your computer off adds wear and tear to the hardware, plus the power saved would be like leaving a light bulb on all the time.  Well, just like leaving the light bulb on the time is nonsense so is the argument about leaving the computer on all the time.  Also, most modern computers will use more power than a light bulb, especially if you compare it to a CFL.
It is a good idea to shut the computer off when you are not using it.  If you are only gone for a short period, such as a break, you should put the computer to sleep (or standby).  Depending on how you use your computer, I recommend shutting the computer off nightly.  By regularly shutting your computer off, you can start with a “fresh slate.”  At the very least shutting the computer off (or rebooting it) will clear the memory. 
Windows Updates
Shutting a computer off will also allow Windows to install any updates that might be pending.  Failure to reboot the computer at some point will prevent Windows from installing updates!  This will also fix most of those annoying automatic restarts, which are usually cause by Windows Update.  You would not believe the number of people that complain to me about this problem and yet leave their computers on and continue to suffer with the problem of the computer restarting automatically (yes there is a way to prevent Windows from restarting for an update, but then the update will not get installed, and as such I never recommend it!).  At this point, I should also mention; if possible do not leave a computer unattended.  I realize of course that is not always possible, in which case never have unsaved work open!
Windows Shutdown Process
During the shutdown process, Windows will first close any running programs; it is possible for a running program to stop the shutdown process, in which event Windows should provide you an option to wait for the program to respond or end the running program.  Next Windows will save any system settings to the hard drive, clear paging file (virtual memory), and eventually clear the memory (RAM).  For laptops it is extremely important that you make sure the laptop is completely shutdown before storing the laptop, otherwise the laptop may overheat.
Why shut the computer off?
With all that being said there is no argument half as convincing for shutting a computer as the security risk!  Any computer that is on is a security risk, viruses, hacking, ect.!  So, if you do not want to shut your computer off for the the performance benefits, at least shut if off for the security risk!  Also, if possible NEVER leave a computer running while you are not present!
In Short – Shut the computer off, nightly or at least sleep when not in use!

Tuesday, May 10, 2011

Keeping Your Computer Safe–Overview

I have written a few posts about cleaning up malicious software (viruses), but of course not getting the malicious software in the first place would be even better!
There are two main layers of “software” protection, a firewall and antivirus software.  The first layer of protection for a users computer should be the firewall.  A firewall simply blocks malicious or unauthorized access to and from the computer.  Preferably you want a two way firewall that blocks both incoming and outgoing.  Windows XP, Vista, and 7 all have built in firewalls that are sufficient for most users and capable of blocking of both income and outgoing.  Of course making sure the firewall is actually  on is really important!
The second important piece of protection software should be the anti-virus program.  Windows does not come with any pre-installed anti-virus protection, other than Windows Defender, which technically is not an anti-virus program!  It is important that you have an anti-virus program that actively monitors the computers with real-time protection and has up-to-date virus definitions.
In addition to “protection” software it is important that the software you are using is up-to-date.  For the Windows Operating system, make sure you have Windows Update on and it is a good idea to manually check every now and then.  Other programs such as Adobe PDF, Adobe Flash, Sun Java, QuickTime, ect. should all be updated as well.
A few more things to note as well; spam email is dangerous, delete it, especially be wary of any attachments!  Be careful browsing the web!  Keep browser settings to default, this goes for any browser. It is also a good idea to remove any unneeded software programs, as they can be an entry point for malicious software.  Also remember malicious software usually requires some form of interaction on your part to be installed!