Malware removal and precautions

 

Welcome to Dr.Flay’s™ Cybernetics Apothecary™
Please take a seat.

I am going to assume you can still log in. If you cannot, then use one of the “Live Discs” on my “Online Anti Malware” page
First and very importantly.
All passwords should be considered to be compromised whenever you have malware, unless you know exactly what each and every piece of malware does.

4 steps
1) Cleanup
2) Standalone AV scanner
3) Install/update permanent AV, and scan again.
4) add more layers of protection

Before scanning for malware it will help if you empty all the temporary files from your system.
This will speed up the scan and will often delete the malware installer.
— Free Cleanup tools:
https://www.piriform.com/ccleaner/builds 
https://singularlabs.com/software/system-ninja/ 
http://www.glarysoft.com/disk-cleaner/ 
http://www.auslogics.com/en/software/disk-defrag/ 

The system and individual browser proxy settings and home-pages may also have been hijacked.
Any addresses found in the proxy settings should be removed.
http://www.wikihow.com/Change-Proxy-Settings 

Whatever AV you have put their faith in, it may be time to ditch and replace (or fix if it has a problem).
Before it comes up, as for some reason it always does, No. Microsoft Security Essentials / Defender is not considered good, and even MS claim it only gives you “baseline protection“.
I have even seen installations of MSE waiting to be updated for over a year, as only the definitions are automatic.
The user must manually tick the major engine updates in the Windows update dialogue (stupid idea).
Norton and Mcafee are regularly so poor they are often not rated and compared by the main AV sites.

Currently the system is compromised, so actually updating or replacing the AV may be blocked or unreliable.
Everyone’s fave standalone “Malware Bytes Anti-Malware” should be used before replacing the installed AV.
https://www.malwarebytes.org
You should even be able to use it in Windows Safe Mode, if needed.
HitmanPro” is also useful for a second opinion
http://www.surfright.nl/en/hitmanpro

Alternatively “BitDefender QuickScan” is browser based, and also does not require installing (makes a handy backup scanner).
http://quickscan.bitdefender.com

“Herdprotect” is a standalone cloud-based multi-engine AV (60+).
Download the small package and it will use the remote service to scan your PC.
http://www.herdprotect.com 

IMPORTANT: While using any secondary AV, the installed one must be temporarily disabled, or system areas and files will be unavailable for scanning.
They can also mistake each-other for a virus !

As for choice of AV, it depends on if you want to pay or not.
For free, the most consistently good AV is the German “Avira” and the best commercial AV you may never have heard of.
I always insist at this point you do not take my word for it (this is my security rule No.1).
You must go and look at the charts and comparisons, and make your own choice as to “what fits the need best” once you look at the actual product info (eg. The best commercial AV will be aimed at geeks that know what they are doing).
https://www.virusbulletin.com/testing/vb100/latest-rap-quadrant/(best is top-right)
http://www.av-comparatives.org/dynamic-tests/
http://chart.av-comparatives.org/chart1.php
http://www.av-test.org/en/antivirus/home-windows/

Once the PC has it’s new AV, it must be run after updating.
An installed AV can see deeper into the system than a standalone.

Proactive defence
Never use IE unless you have to. It is a malware-toolbar magnet (worth checking to see what is installed)

Most users can remove Java, and only install it at the first time you actually need it (I have used it once since last Nov.). You always get directed to the java site if it is needed.
If Java is needed, the java prefs can be set to not store any local files (this is where many java malware live).
Java only updates 1 per month, and often fails. You can change it to check every week.
The “check every day” option, gets changed to “every week” after it does the next check (naughty).

Adobe Flash updates also seem to be a random problem, and it is regularly not secure.
Again users have to manually push for a check at least each week, but it will take you to the site to use the installer.
If you need an update, at this point it also tries to install Chrome, or Java, Mcafee or Norton (those are just scanner tools to make you buy the real AV).

Beef up all the browsers you have.
This is far more important than most people give it credit. as it is the way you stop things getting in, before your AV has to deal with it.
Firefox, Opera and Chrome support delayed or “run-on-demand” for plugins.
If you don’t want certain Java or flash plugins to activate, you simply don’t click on them.
Plugins such as “No-Script” will also do this (and more).
http://www.techsupportalert.com/content/how-harden-your-browser-against-malware-and-privacy-concerns.htm

The 2 most useful browser plugins for all browsers are “Web of Trust” and “Ghostery
https://www.mywot.com https://www.ghostery.com
These plugins will also educate the user to the dangers found in innocent looking search results and sponsored ads.
These will function in most search engines and webmail.
(Other plugins are browser specific, so check my blog links at the bottom.)

If your family are “like-happy” social-media fiends, and love to share cute or “surprising” posts on FB and twitter etc. they are also at risk.
These high turnover posts are how the malware distributors favour hiding their traps. Same as most of the posts that claim to have a special app that shows you more of FBs secrets.
There are various security and privacy plugins available for FB and twitter, so they do not need browser compatibility.
I have my feeds scanned regularly and automatically for any problem posts. I get notified and you can have it also notify the user that made it visible to you.

Anti-malware and privacy protection can be added to FB and Twitter with site apps;
https://www.facebook.com/games/secure-me/ – http://support.secure.me 
https://socialmediascanner.eset.com 
https://www.facebook.com/games/sgprivacy/ 
https://apps.facebook.com/nortonsafeweb/ 

To remove the adverts and potential threat in FB, there are a couple of browser plugins available.
FB Purity” and “Social Fixer” both do similar things, but one of the main things is the option to switch off the advert area.
http://www.fbpurity.com http://socialfixer.com
(Geek-note: Both of these can also hold custom CSS, so you can have a skinned FB without extra plugins).

The same thing can also be done with Youtube browser plugins, which considering that Youtube has been a conduit for malware, is a good idea.
You can also block sites with malware, trackers or adverts on your PCs and devices with a regularly updated “HOSTS file”

(See the blog links underneath)

Note: If both of you have an MSN or Microsoft ID or email etc. they can “request help from a friend” in the Windows help (find it on your PC first, so you know what they will see), and you can safely remote control their PC, without installing extra software.

https://vivaldi.net/userblogs/entry/best-free-anti-virus
https://vivaldi.net/userblogs/entry/online-anti-malware (I need to update and fix some of the icons, but the links are there)
https://vivaldi.net/userblogs/entry/security
https://vivaldi.net/userblogs/entry/how-to-block-sites (HOSTS blocking Windows/Linux/Mac)
https://vivaldi.net/forum/private-browsing/624-ssl-helpers
https://vivaldi.net/forum/private-browsing/412-browser-plugins

*EDIT*
Useful extras
http://www.shouldiremoveit.com
http://pcdecrapifier.com
https://singularlabs.com/software/ccenhancer/
http://www.macecraft.com
http://www.outertech.com/en/how-to-speed-up-your-computer

Posted by

about.me/dr.flay

Ageing techno-hippy armed with a radio show and not afraid to use it.

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.