What is Malware and where does it come from?
Malware is any software you may end up with that disrupts your computer or gains access to private information. There are lots of technical classifications – virus, worm, trojan horse, ransomware, spyware, adware, scareware, etc. I see them as two main types: malicious – hidden and/or resistant to removal; and annoying – easily removed.
Anyone can get these things. You might be installing some new software, or updating some, when something unexpected comes along with it. You might be tricked into clicking on a fake antivirus message or computer update message. You might be searching for something – a recipe, say – and when you download the recipe it comes with thirteen other things you didn’t expect. Teens are very susceptible to these when they download music, games – things they “share” with others on the Internet.
How do you know you’ve got one? Usually, you notice something seems different. You get more pop-ups than before, the pop-ups are of a different nature than you’re used to seeing. Sometimes, you get fake notices like “you’ve got 500 viruses – click HERE to fix this.” They try to fake you into spending money. Sometimes it’ll be downright obvious. Regardless, the sooner you get it removed, the better.
What should you do as soon as you are confronted with a Malware?
First and foremost – DON’T DO ANYTHING. Don’t respond to any prompts, don’t answer YES or NO. Don’t log off or reboot. Don’t panic. Just stop and evaluate the situation.
If you’re one of my clients, this is where I say just stop and CALL ME – we’ll decide what to do. It’s much easier, and less costly, to call me before you get yourself in any deeper. Otherwise:
Look to see if you can close the program that’s running – check the Task Bar at the bottom, right-click on the program and click Close. Close all your programs that way if you have to. See if the prompt disappears. If so, then great – it’s probably just a pop-up that’s now gone.
If the behavior returns or continues, and no other programs appear to be open, my best advice for amateur computer users is to either pull the plug or hold down the ON/OFF switch until the computer shuts down. This way, the computer won’t “remember” any of the changes it might have made to your user profile. Restart the computer. If the behavior is gone, then great – you dodged the malware.
If the behavior returns or continues, then you’ve probably got something installed. Check your installed programs – Control Panel, Programs and Features; or appwiz.cpl. Sort by Date – click on the Installed On column header to sort by date. Look at the most recently installed programs and remove any new ones that you didn’t intend to install. If that does it, then great – you were able to remove the malware.
Check that your anti-virus software is up-to-date. Run a complete scan with your anti-virus. Maybe that will find and remove it, or at least identify it. If you can identify it, you can research and possibly remove it.
If the behavior continues, you should probably seek professional help. But here’s what you could do next:
Review registry entries in the following registry keys, regedit.exe: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Review the contents of the Startup Groups:
Do a System Restore – rstrui.exe. If it won’t work in normal mode, try it in Safe Mode. This might eliminate the threat without having to find it and deal with it directly.
Check for any unauthorized user accounts in the Control Panel.
Clear Browser Cache, check for browser toolbars and plugins.
Run malware scans. If the infestation is really bad, you might have to pull the hard drive, connect it to another computer, and scan it from there. My favorite, free tools for this are:
- HiJack This, download from SourceForge, mainly used to check and remove BHOs.
- TDSSKiller, from Kaspersky, an anti-rootkit utility.
- Malwarebytes, an anti-malware software.
- Adaware, download from CNet, another anti-malware software.
- Spybot Search & Destroy from CNet, another anti-malware software.