Computer Viruses

HOW TO RECOGNISE THEM

 

1. Slowing Down of the computer 

This is only one symptom because there are many other reasons why a computer slows down; for example, files on the hard-drive have been fragmented, and the Registry, (an important part of the operating system), has also become "cluttered". Both of these can be rectified. A program exists in Widows to De-fragment the hard drive, but rectifying the Registry is not really for the un-experienced, and so I would not recommend it without guidance. 

2. Strange Icons on screen 

This is probably one of the more positive indicators. Strange icons relate to programs that you may not have downloaded yourself, which suggests someone else did. A hacker? 

3. Command Instruction (CMD) will not function. 

Command is a throwback to an old operating system called MSDos. Most Windows operating systems, (except Win7), can use it to modify programs. Hackers know this and so "suspend" its operation if they intend to infiltrate your system, to prevent you removing the malicious program. 

4. Windows Update will not operate 

For the same reasons above, and I don't know why, but Win Update invariably is also suspended. 

REMOVE the VIRUS....... Stage1 

Run your Anti Virus software. AVG: AVAST; Norton: McAfee.etc 

Most Anti-Virus programs automatically intercept malware (which includes viruses). Make sure it has been updated and run the program again. 

In some cases, the virus suspends the operation of the Anti-Virus program; (so see the next section re running in Safe Mode) 

Run your anti-malware software.... Ad-Aware: Malwarebytes 

Similarly, run all the Malware programs you have. Most programs will pick up anything from 95%, whereas the others will pick up the ones missed, which means you get 100% cover. 

If this fails then: 

REMOVE the VIRUS Stage 2 

1. Disconnect from the Internet 

Remove the Internet cable from the back of the computer, or from the Router box. (Simply to break the connection) 

2. Run the Computer in "Safe Mode 

Re-start the computer and continually press the F8 button on the top line of the keyboard. The computer will appear with a black screen and some options to continue in various modes. Select "Safe Mode". It will continue to load Windows and eventually end up with a modified "Desktop", with the words "Safe Mode" in each corner. 

3. Run Anti-Virus within Safe Mode 

Run your Anti-Virus program again, and then :-- 

Re-Start Your Computer Again (in Normal Mode) 

1. Run Anti-Virus again 

As before, run the Anti-Virus program again 

2. Run also Ad-Aware and Malwarebytes 

Again, run the Malware programs 

How To PREVENT The Hackers "Getting in" 

1. Don't download anything you don't recognise...eg in e-mails 

This is obvious. If you don't know the sender..don't open it..ZAP it. 

Hackers are becoming more "savvy" and may already have "hacked" one of your friend's address book which gives you the impression that the e-mail is legitimate. What you need to watch out for is any attachment or "link" within that e-mail. It may contain the Virus or Malware. Use your Anti-Virus program to scan the attachment; you can usually select a single folder or a file. If there is a "Link", then see below. 

2. Don't click on "Links"...go to the original Website. 

Exactly that. Don't click on the link. If it claims to be from Barclays Bank...then go directly to Barclays website by typing Barclays into the search box. 

To check this out, type the link into the Search box and see if it takes you to Barclays Bank, or John Lewis, directly. If it doesn't, then it's a fake. 

WHAT to do NEXT 

If you have been compromised, or even suspect that you may have been, then you must change your passwords, both in e-mail, and especially in anything concerning on-line banking or other financial contacts. 

I know that most financial institutions use various degrees of sophistication to protect members' accounts, eg "one-time, on screen passwords with squiggly letters", or a "small handset computer password generator", but the fact that Hackers' may have obtained your user-name and password may be quite disconcerting. 

Other things to watch-out for 

1. Spurious "cold call" telephone calls, allegedly from Microsoft, (but with Indian accents), claiming that from your recent "traffic", ie e-mails, they have detected a virus on your system...That's impossible. 

They ask you to give them control of your computer, (which can be done over the Internet), so that they can eradicate the virus, and then ask for £180 for the privilege. If you start to question them, they can get quite aggressive, to bully you into doing what they want, and if you refuse and you have given them control, they can cause "mischief" in the system. 

Don't fall for it. Don't listen to them. They're a bunch of crooks. Just hang up. 

2. "Offers" from some download sites to make a "Free" check of your computer for possible "infections" ie Viruses. One of these is Driver Detective. If you log-onto their site and accept their "Free" offer, then 

they report that there is anything up to 200 various infections they can eradicate for $25. I'm not surprised,... they put them there. 

After paying for this, they then say there are further infections, which need more money. Every time you start the system, a pop-up comes on to say you are infected. Trying to get rid of it is almost impossible 

The Final Act 

If the Viruses, or infections, cannot be removed by the methods described above, then there is nothing else for it but to "Wipe the Slate Clean". 

This means wiping the Hard-drive clean of all the information it contains and, of course, means all the viruses and malware that it has, will be eradicated too. In effect you have a "clean hard-drive". 

Before this happens, all personal data, eg letters; documents; photos will have to be copied onto CDs; pen-drives, or better still, external hard-drives, so that they can be copied back later, after being scanned by the anti-virus software. 

Members of the Computer Group are well aversed in this procedure. 

Computers cleaned this way will need a Windows Operating Disk to re-start their computers, which most members do not possess. The alternatives are: -- 

1. You go to a Computer Shop which will charge you approx £75-100 for a re-installation and re-configuration...or 

2. You consult one of our Computer Group members ...who knows how to do it for "little cost". 

SECURITY MATTERS - UPDATE 

AVG is the most attractive of all the Free Anti Virus software (96%) But....There are new kids on the block:- 

Zone Alarm with anti-virus 

MS Essentials 

Ad-Aware All-in -one 

The latter doesn't like other AV programs and even if the others are suspended, they may not be compatible when running together. 

Current Security Issues - SCAMS 

1     DVLA Bogus e-mail asking you to up-date your driving licence. You are re-directed to a bogus site to update your personal info...this is Identity theft. 

2.   DVLA or Police accuse you of a motoring infringement eg parking or speeding and refer you to an attached photo of the offending vehicle. The photo which couldn't possibly be your vehicle and 

therefore makes you feel more re-assured, contains a TROJAN horse. 

Ask yourself, How did the police get my e-mail address, and why didn't they write to me at my home, asking the registered owner if he/she was the driver etc, as they normally do? DON'T OPEN THE ATTACHMENT. 

RECENT ATTACKS 

HF-G-JUL.exe 

Believed to be an AVG research tool. Which appears in MS Config The forums are full of queries 

Many users have posted AVG, but NO replies received from AVG. NO warnings from AVG re the program's automatic installation No information on the AVG Web-site and No-one knows what it does. The program has installed itself in the Registry and MS Config 

As one person stated in Forum, as a leader in Anti-V and Anti Spy, why are AVG resorting to the same dubious practices? 

Can be removed from Registry, manually. But first neutralise it in MS Config start-up. 

W3i-LQ5.fraud 

Downloaded as a Win Zip file, hidden inside another download. Believed to be Spyware, downloading display adverts. Loads itself into the Registry (if innocuous..why?). Can be removed by Spy-Bot. 

Mozilla Firefox 

Its origins are from the Netscape Browser of the 90's 

It's a useful alternative to both Chrome and Internet Explorer. 

The latest version is "Bug" free 

It has just been discovered that Firefox has installed a "Cookie" to monitor Web content. They claim it was "accidental**", (Oh Yeah!) and will remove it. In the meantime, it can be removed manually using "Settings" in Firefox itself, to "tweak" it out. 

** Both Chrome (Double-Click), and Yahoo install cookies when activated. IE 8 denies Yahoo cookie access and so Yahoo won't load. 

Using Spy-Bot or Ad-A ware detects the Spyware from both and removes it, BUT when you log onto Google or Yahoo next time, they simply re­load them.

 

Chris Topping