Malware can infect a computer by any number of ways, but there are 3 main ones to be aware of; phishing, targeted attack, and bundled installs. Phishing is by far the most common form of injection, having risen over 250% since this period last year alone. All phishing attacks occur through the same method; a fake page or email linking to an automatic download. Most businesses have a special contact number or email where you can forward any of these attacks, as emails are the most common; HMRC, Amazon, PayPal and many more are common targets for phishing.
Bundled installs are the next main candidate for malware injections, where the malware is included in a legitimate install of software. This mostly happens in the form of toolbars, media players, and torrents, but anything is susceptible. It's crucial that the user check all pages of an install before clicking through, as most of these attacks have 'default on' for the bundled malware. Easily avoided, but also easily missed.
The least likely way of receiving malware is through a targeted attack; where a malicious user directly targets the host to remotely install malware such as a keylogger or bloatware. These are much rarer than any other attack, and are usually flagged up by the hosts firewall.
If the system does contain malware, it's important to not use it for anything important, such as banking. Malware often contains keyloggers, recording and remotely uploading a users passwords and typing history to a remote server. The best first step is always to disconnect the machine from the network, and to use another machine for troubleshooting.
Malware in 2017 often blocks access to antivirus, firewall, and security programs in order to remain on the system as long as possible. Not to worry; a format is very rarely needed.
The first step for everyone is to reboot the computer into 'Safe Mode' through the BIOS config. This can usually be accomplished by mashing the DEL key during boot and navigating to BOOT SETTINGS. Do not use 'Safe Mode With Networking' as it still allows transfer over the local and internet networks.
After this, the Windows PC will appear like Windows 95, but don't worry, it's supposed to be like that. Then, navigate to your recent downloads, and see which package installed the malware. If there is no download, check in C:/ to see which folders have been recently modified; the malware will often hide within a known safe folder. It should be easy to identify which file contains the malware, but if not then use Google to search for the specific popups the system received, there is always a post with someone explaining the location.
Delete this file in safe mode, and run a program such as CCleaner to remove all trace. It's also worth checking 'Add or Remove Programs' to see if toolbars or unknown bloatware has been installed. After this, type run into the search function in the windows menu, then navigate to devmgmt.msc and regedit.msc. Restore your registry to a previous version using regedit, and save this as a seperate version. Then use Device Manager to scan for hardware changes, once again saving as you go. you will be prompted to restart, but before you do this, run the registry cleanup tool from CCleaner, and then restart.
That's all there is to it, and if these steps don't fix the problem, then check Stack Overflow for more advice; their error and malware reporting is monumental.
The author does not allow comments to this entry