Since a lot of people
seem to fall victim to these things, here's a few tips on how to avoid and prepare yourself for them.
Know how they work
The first thing you need to know, is how viruses work (spyware is a little different).
Viruses and the like, 99.999% of the time, don't simply "just appear". Actually, almost always, they only exist because the
user authorized the virus to wreak havoc on the computer. Thus, the primary aim of the virus developer is to trick unsuspecting users into letting their code run on their computers.
The majority of viruses in the wild are very poorly coded. Viruses can potentially do lots of harmful things (including messing up your drivers etc), but rarely will you ever see such viruses (the primary exception would be when someone with more intelligence is trying to direct a DDoS attack perhaps).
Viruses typically need to
execute something - that means, you can pretty much dismiss a TXT file as being a virus. Common "executable" formats are EXE, SCR, BAT and VBS.
Get used to your running processes
The majority of viruses will run as a process - very few will hide their presence (with something like a rootkit). Thus, knowing exactly what each running process is, will allow you to identify if there's a virus executing on your machine.
You can ditch Task Manager. Get
Process Explorer NT (PENT).
When you run PENT, the list of running processes should be displayed in a nice tree. There should be two primary trees, generally - one under the SYSTEM process, and another under explorer.exe (usually). The former are generally system processes and services, and the latter are generally the programs you are running. Typically, badly coded viruses will execute under the explorer.exe process tree, so it's advisable that you know what every process does, which is under the explorer.exe tree.
I also think a firewall is useful, as it can help block any attempts the virus makes to contact the outside world. This can also assist in spyware, though applications which do connect to the net and contain spyware, will still usually go through.
Oh, and if anyone hasn't done this yet,
show all file extensions!!! I've seen a number of viruses which make their EXE icon the default folder icon, or similar. Don't be so stupid to fall to that trick.
I've identified something suspicious
Double click on the process in PENT and see the path of the EXE. If you're not too sure whether it's a virus or not, check the folder and see what the other files contained there do.
If it appears to be a virus, remember the path, and kill the process, then rename the EXE file (for example, to goodupdates.exe.virus), leave it for a while, and see if your computer operates fine. Also recheck to see if the virus appears again on the next restart - if it does, you may need to look and try to identify things through startup entries.
Startup Entries
Examining your startup entries can also aid in finding viruses. Most viruses will load themselves up when you start Windows. Stuff msconfig and get
Autoruns (note, be careful with this application - willy nilly disabling stuff can screw up your Windows installation). With autoruns, look through the Login tab (viruses rarely touch the other tabs), but do be careful before deleting or disabling anything. Disabling something like <windowsdir>\system32\userinit.exe can make your life a pain...
Now of course, viruses which use rootkits, for example, won't get detected this way (in fact, if you have a virus which installs a rootkit, the only sure way to get rid of it is to do an "offline scan" (boot into another OS and run a virus scan) - though even that may not necessarily work (there are methods to evade virus scanners))
Now, some common sense tips to avoid getting viruses/spyware:
- If you get some email with an attachment, although the majority of webmails (Hotmail etc) scan the files for you, they're not perfect, so don't rely on that. Use your common sense. Were you expecting an attachment?
- Get your applications from trusted sources. If someone attaches a copy of a program, either in an email or a forum, "for your convenience", how hard can it be to search Google for it? For example, if someone says something along the lines of "use Winamp" and attaches it, don't download it from there. Spend an extra 5 seconds and type "download Winamp" into Google, and you'll get a source you can trust more. Similar issue with torrents or other legally questionable packages that bundle applications into stuff like videos etc.
- To protect against spyware, only get applications which have been recommended by a number of people. Chances are, an application which you found by clicking on some random ad, is primarily a load of spyware. Some websites (make sure it's got a bit of credibility) such as Softpedia will have "100% spyware free" guarantees if the application doesn't have spyware (I don't know what they actually do, but in practice, it's been accurate to me). If you find some dodgey application, spend the little extra time to check it up on such a database.
- If there's a mysterious file posted on a forum, especially one which promises something unlikely, don't rush to get it. Wait and see what responses appear first.
Of course, use your common sense above all this. If there's a package posted on a forum by a responsible member, for example, chances are it's not some malware.
For the paranoid, you can install dodgey applications you find onto a virtual computer (get something like VirtualBox). If it appears dodgey after installing/running it, at least it doesn't harm your main Windows installation.
Alternatively, roberth has recommended
Sandboxie. I haven't tried it myself, but it looks promising, and should be more convenient to use.
Hope that helps someone. If you have any further tips/suggestions to make, feel free to do so :P
Link 1
Void
Downloads
Find teh crap
List of Pplz
Don't Click me
![[Image: ewualizer.gif]](http://i39.photobucket.com/albums/e159/normanski/players/ewualizer.gif)
