Dialers, Trojans, Viruses, and Worms Oh My! If
you use a computer, read the newspaper, or watch the news, you will
know about computer viruses or other malware. These are those malicious
programs that once they infect your machine will start causing havoc on
your computer. What many people do not know is that there are many
different types of infections that are categorized in the general
category of Malware.
Malware -
Malware is programming or files that are developed for the purpose of
doing harm. Thus, malware includes computer viruses, worms, Trojan
horses, spyware, hijackers, and certain type of adware.
This
article will focus on those malware that are considered viruses,
trojans, worms, and viruses, though this information can be used to
remove the other types of malware as well. We will not go into specific
details about any one particular infection, but rather provide a broad
overview of how these infections can be removed. For the most part
these instructions should allow you to remove a good deal of
infections, but there are some that need special steps to be removed
and these won't be covered under this tutorial.
Before we continue it is important to understand the generic malware terms that you will be reading about.
Adware -
A program that generates popups on your computer or displays
advertisements. It is important to note that not all adware programs
are necessarily considered malware. There are many legitimate programs
that are given for free that display ads in their programs in order to
generate revenue. As long as this information is provided up front then
they are generally not considered malware.
Backdoor -
A program that allows a remote user to execute commands and tasks on
your computer without your permission. These types of programs are
typically used to launch attacks on other computers, distribute
copyrighted software or media, or hack other computers.
Dialler -
A program that typically dials a premium rate number that has per
minute charges over and above the typical call charge. These calls are
with the intent of gaining access to pornographic material.
Hijackers -
A program that attempts to hijack certain Internet functions like
redirecting your start page to the hijacker's own start page,
redirecting search queries to a undesired search engine, or replace
search results from popular search engines with their own information.
Spyware -
A program that monitors your activity or information on your computer
and sends that information to a remote computer without your knowledge.
Trojan -
A program that has been designed to appear innocent but has been
intentionally designed to cause some malicious activity or to provide a
backdoor to your system.
Virus -
A program that when run, has the ability to self-replicate by infecting
other programs and files on your computer. These programs can have many
effects ranging from wiping your hard drive, displaying a joke in a
small box, or doing nothing at all except to replicate itself. These
types of infections tend to be localized to your computer and not have
the ability to spread to another computer on their own. The word virus
has incorrectly become a general term that encompasses trojans, worms,
and viruses.
Worm -
A program that when run, has the ability to spread to other computers
on its own using either mass-mailing techniques to email addresses
found on your computer or by using the Internet to infect a remote
computer using known security holes.
No operating system or application is vulnerable to malicious programs
unless external programs, no matter how simple, can be launched. If an
external program, even the simplest, can be launched within an
operating system or application, then it will be vulnerable to
malicious programs. Most contemporary operating systems and
applications need to work with other programs, so they do end up being
vulnerable. Potentially vulnerable OS and applications include: All popular desktop operating systems Most office applications Most graphical editors Project applications Any applications with in-built script language Computer
viruses, worms, Trojans have been written for countless operating
systems and applications. On the other hand, there are still numerous
OSs and applications that are free from malware so far. Why is this so?
What makes one OS more attractive to virus writers than others? Malware appears in any given environment when the following criteria are met: The operating system is widely used Reasonably high-quality documentation is available The targeted system is insecure or has a number of documented vulnerabilities All three criteria are key factors and all three need to be met before the given system will be targeted by virus writers. In
the first place, in order for hackers and cyber vandals to even
consider any system, the target needs to be popular enough for them to
access it. Once an OS or application is widely available and marketed
successfully, it turns into a viable target for virus writers. A
quick look at the number of malicious programs written for Windows and
Linux shows that the volume of malware is roughly proportional to the
respective market share of these two operating systems. Detailed
documentation is necessary for both legal developers and hackers, since
documentation includes descriptions of available services and rules for
writing compatible programs. For instance, most mobile phone vendors
do not share this information, leaving both legal vendors and hackers
helpless. On the other hand, some vendors of smart phones do publish
their documentation. The first viruses for Symbian (Worm.SymbOS.Cabir.a) and Windows CE (WinCE.Duts.a) appeared shortly after the documentation was published in mid-2004. The
architecture of a well-built (constructed designed) OS or applications
needs to take security into account. A secure solution does not allow
new or unsanctioned programs extensive access to files or potentially
dangerous services. This leads to difficulties, as a fully secure
system, will block not only malware, but 'friendly' programs as well.
As a result, none of the widely available systems can be called truly
secure. Java machines that launch Java applications in 'sandbox'
mode come close to achieving secure conditions. As a matter of fact,
there have been no viruses or Trojans which pose a serious threat
written in Java for a long time, though non-viable proof of concept
malware does occasionally appear. Malware written in Java appeared only
when vulnerabilities in Java Virtual Machine security were discovered
and publicized.
Sometimes even an experienced user will not realise that a computer
is infected with a virus. This is because viruses can hide among
regular files, or camoflage themselves as standard files. This section
contains a detailed discussion of the symptoms of virus infection, how
to recover data after a virus attack and how to prevent data from being
corrupted by malware.
Symptoms of infection There
are a number of symptoms which indicate that your computer has been
infected. If you notice "strange things" happening to your computer,
namely:
unexpected messages or images are suddenly displayed
unusual sounds or music played at random
your CD-ROM drive mysteriously opens and closes
programs suddenly start on your compu
you
receive notification from your firewall that some applications have
attempted to connect to the Internet, although you did not initiate
this, then it is very likely that your computer has been infected by a
virus
Additionally, there are some typical symptoms which indicate that your computer has been infected via email:
your friends mention that they have received messages from your address which you know you did not send
your mailbox contains a lot of messages without a sender's e-mail address or message header
These
problems, however, may not be caused by viruses. For example, infected
messages that are supposedly coming from your address can actually be
sent from a different computer.
There is a range of secondary symptoms which indicate that your computer may be infected:
your computer freezes frequently or encounters errors
your computer slows down when programs are started
the operating system is unable to load
files and folders have been deleted or their content has changed
your hard drive is accessed too often (the light on your main unit flashes rapidly)
Microsoft Internet Explorer freezes or functions erratically e.g. you cannot close the application window
90%
of the time the symptoms listed above indicate a hardware or software
problem. Although such symptoms are unlikely to be caused by a virus,
you should use your antivirus software to scan your computer fully.
What you should do if you notice symptoms of infection
If you notice that your computer is functioning erratically
Don't
panic! This golden rule may prevent the loss of important data stored
in your computer and help you avoid unnecessary stress.
Disconnect your computer from the Internet.
If your computer is connected to a Local Area Network, disconnect it.
If
the computer cannot boot from the hard drive (error at startup), try to
start the system in Safe Mode or from the Windows boot disk
Before taking any action, back up all critical data to an external drive (a floppy disk, CD, flash memory, etc.).
Install antivirus software if you do not have it installed.
Download
the latest updates for your antivirus database. If possible, do not use
the infected computer to download updates, but use a friend's computer,
or a computer at your office, an Internet cafe, etc. This is important
because if you are connected to the Internet, a virus can send
important information to third parties or may try to send itself to all
email addresses in your address book. You may also be able to obtain
updates for your antivirus software on CD-ROM from the software vendors
or authorized dealers.
Perform a full system scan.
If no viruses are found during a scan
If
no viruses are found during the scan and the symptoms that alarmed you
are classifed, you probably have no reason to worry. Check all hardware
and software installed in your computer. Download Windows patches using
Windows Update. Deinstall all unlicensed software from your computer
and clean your hard drives of any junk files.
If viruses are found during a scan
A
good antivirus solution will notify you if viruses are found during a
scan, and offer several options for dealing with infected objects. In
the vast majority of cases, personal computers are infected by worms,
Trojan programs, or viruses. In most cases, lost data can be
successfully recovered.
A good antivirus solution will
provide the option to disinfect for infected objects, quarantine
possibly infected objects and delete worms and Trojans. A report will
provide the names of the malicious software discovered on your
computer.
In some cases, you may need a special utility to
recover data that have been corrupted. Visit your antivirus software
vendor's site, and search for information about the virus, Trojan or
worm which has infected your computer. Download any special utilities
if these are available.
If your computer has been infected by
viruses that exploit Microsoft Outlook Express vulnerabilities, you can
fully clean your computer by disinfecting all infected objects, and
then scanning and disinfecting the mail client's databases. This
ensures that the malicious programs cannot be reactivated when messages
which were infected prior to scanning are re-opened. You should also
download and install security patches for Microsoft Outlook Express.
Unfortunately,
some viruses cannot be removed from infected objects. Some of these
viruses may corrupt information on your computer when infecting, and it
may not be possible to restore this information. If a virus cannot be
removed from a file, the file should be deleted.
If your computer has suffered a severe virus attack Some viruses and Trojans can cause severe damage to your computer:
If
you cannot boot from your hard drive (error at startup), try to boot
from the Windows rescue disk. If the system can not recognize your hard
drive, the virus has damaged the disk partition table. In this case,
try to recover the partition table using scandisk, a standard Windows
program. If this does not help, contact a computer data recovery
service. Your computer vendor should be able to provide contact details
for such services. (If you have a disk management utility installed,
some of your logical drives may be unavailable when you boot from the
rescue disk. In this case, you should disinfect all accessible drives,
reboot from the system hard drive and disinfect the remaining logical
drives.)
Recover corrupted files and applications using backup copies after you have scanned the drive containing this data.
Diagnosing the problem using standard Windows tools
Although this is not recommended unless you are an experience user, you may wish to:
check
the integrity of the file system on your hard drive (using CHKDSK
program) and repair file system errors. If there are a large number of
errors, you must backup the most important files to removable storage
media before fixing the errors .
scan your computer after booting from the Windows rescue disk
use other standard Windows tools, for example, the scandisk utility
For more details on using these utilities, refer to the Windows Help topics.
If nothing helps
If
the symptoms described above persist even after you have scanned your
computer, and checked all installed hardware and software and your hard
drive using Windows utilities, you should send a message with a full
description of the problem to your antivirus vendor's technical support
department. Some antivirus software developers will analyse infected files submitted by users.
After you have eradicated the infection
Once you have eradicated the infection, scan all disks and removable storage media that may be infected by the virus. Make sure that you have appropriately configured antivirus software installed on your computer. Practice safe computing. All of these measures will help prevent your computer getting infected in the future.
