Symptoms of an infected computer
Tool options are hidden
Click Start > Run, then type REGEDIT. When you press OK, Registry Editor should open if you have administrator access. If it does not, something is trying to prevent you from modifying registry settings. You can also open Windows Explorer (right-click Start > Explore) and then Tools > Folder Options. If you can’t find Folder Options, malware might be hiding it.
Strange autostart entries
Only experienced users should mess with the registry, but if you do manage to open it, you can navigate to the Run key (HKLM\Software\Microsoft\Windows\CurrentVersion\Run). You can see how it looks like in the screen below. If you know what applications are supposed to start automatically on your computer (many of us don’t), then you should be able to tell whether you have suspicious programs trying to start with them.
Constant warnings about infection
Many recent malware are rogue security applications—programs that pretend to be anti-spyware or antivirus software. Note that most legitimate security applications provide very conservative notifications. Don’t just install something because it warned you. If you need to install a security solution, visit a legitimate vendor site and download it from there. Many vendors (AVG, McAfee, Trend Micro, Symantec) provide free basic security software or trial versions.
Too many applications running
Everyone should have a decent process viewer for telling what applications are running on their computer. Windows Task Manager can help, but I personally love Process Explorer. The company that used to provide this tool (Sysinternals) has been bought by Microsoft, so perhaps a version of this tool will be included in future versions of Windows.
Process Explorer provides a quick list of all kernel and user mode process trees and an easy way to locate process images (the file counterparts). Before a clean up effort, I recommend stopping all unnecessary process. To do this, you need to be able to identify which processes are critical. One good indicator is the company name, which tells you whether the running process from Microsoft, Adobe, Yahoo, or some webcam maker, for example.
Too many pop-ups and browser toolbars
If your Web browser (Internet Explorer, Firefox, etc.) has too many third-party toolbars, you should be wary. Some toolbars are useful, like site rating toolbars or search bars, but a lot of them are installed with spyware. Plus, they can really mess up the browser interface. I try to keep my toolbars to a minimum and use only the SiteAdvisor toolbar, since all browsers now have their own search bars.
How can you really tell?
The truth is most malware are pretty good at hiding their presence. Many malware use rootkits, which are very sophisticated ways of hiding from Windows APIs or the controls used to perform very basic actions in Windows. I often need to perform a scan to reassure myself that my computer is clean.
The scanner I currently use is the new HouseCall 7.0 (currently in Beta, but appears to be very stable). This scanner supports process scanning (similar to what can be done manually with Process Explorer) and can also detect rootkits. It uses a selective scanning method that first lists critical and suspicious sections before starting the scan. HouseCall 7.0 will typically finish scans in less than 15 minutes. Now that’s a quick way to tell if your computer is infected or not.
The initial startup of HouseCall 7.0 can take a while, depending on your connection, but succeeding runs are pretty fast. If you would want to use HouseCall again, it’s suggested that you keep a local copy of the launcher, so you won’t have to download it.
HouseCall 7.0 will let you clean all detected malware and will even allow you to restore files it has deleted or cleaned. But you probably will not need this feature, unless you want to keep copies of malware.
So helpful! I didn't expect that I'd see this type of info after so many years --- former fellow AV Techwriter.
ReplyDeleteThanks! CPR? =)
ReplyDelete