Even careful PC users can fall prey to the sticky fingers of evil malware. Loading an innocent looking file from a USB stick, clicking the wrong link in search results, cancelling a suspect alert box – all these actions could mark the beginning of a malware infection.
And let’s not be coy – if your internet activities include downloading torrents or using pirated software, you’re even more likely to fall prey to worms, spyware and trojans.
In some ways, discovering that your computer is virally infected is worse than realising that it’s been compromised mechanically. You could have lost valuable data, your backups could be infected, and the machine may need a wipe and full reinstall of Windows.
But there are things you can try first, and there’s a workflow you can use to clean your PC and recover your files. We’ll take you through it.
Signs of malware
Some malware infections are easy to spot – others less so. There are many infections we might call ‘scareware’ in the wild. These are trojans that malicious websites trick you into downloading by popping up an alert claiming that your PC is already infected with malware. Once on your machine, these annoying infections will replicate themselves in several places, popping up further messages, browser windows and alerts.
Infections like this are easy to identify. Unusual new toolbars, shortcuts on your desktop to software you don’t remember installing and your browser switching its homepage are all classic symptoms. Other, less obvious signs might include increased use of your broadband download allowance, router lights showing activity when there shouldn’t be any, your browser popping up unexpected windows and even unexplained rebooting.
Some malware behaviours are just plain odd, like a mouse pointer that flips orientation. Whatever the signs, the cure is the same: removal of the malicious code.
Stabilise your system
The first thing to do is to attempt to stabilise your system as much as possible. This might prove difficult if your machine is popping up windows and alerts every second, so the first trick to try is to reboot in safe mode.
Restart your computer and press [F8] during startup (press it twice if you’re given a choice of operating system first). Choose ‘Safe mode’ from the Advanced Boot Options screen. This will launch Windows with all startup programs disabled, and limited hardware drivers loaded. You’ll also be without any networking functionality, which is essential for stopping spyware programs phoning home or pulling data from pop-up windows.
Type msconfig in the Start Menu search box and launch the program. Click the ‘Startup’ tab and untick all but the essentials – or simply choose ‘Disable all’. Click ‘Apply’ to confirm, then go to the ‘Boot’ tab. Check ‘Make all boot settings permanent’.
go to the Control Panel and choose ‘Add/Remove Programs’. Remove any non-essential programs, especially toolbars and browser add-ons. In some cases, these actions may be enough to stop malicious code from loading at startup.
Now you need to remove temporary files. Empty all browser caches, and all files in the following folders if present:
C:\Windows\Temp\
C:\Temp\
C:\Documents and Settings\yourusername\Local Settings\Temp\
C:\Documents and Settings\yourusername\My Documents\Downloads\
You can get your browser to wipe temporary internet files too. Go to ‘Tools | Options | Clear browsing data’ in Chrome, or go to ‘Tools | Internet options’ in Internet Explorer, then choose ‘Delete’ under ‘Browsing History’. Tick every box and click ‘OK’.
And let’s not be coy – if your internet activities include downloading torrents or using pirated software, you’re even more likely to fall prey to worms, spyware and trojans.
In some ways, discovering that your computer is virally infected is worse than realising that it’s been compromised mechanically. You could have lost valuable data, your backups could be infected, and the machine may need a wipe and full reinstall of Windows.
But there are things you can try first, and there’s a workflow you can use to clean your PC and recover your files. We’ll take you through it.
Signs of malware
Some malware infections are easy to spot – others less so. There are many infections we might call ‘scareware’ in the wild. These are trojans that malicious websites trick you into downloading by popping up an alert claiming that your PC is already infected with malware. Once on your machine, these annoying infections will replicate themselves in several places, popping up further messages, browser windows and alerts.
Infections like this are easy to identify. Unusual new toolbars, shortcuts on your desktop to software you don’t remember installing and your browser switching its homepage are all classic symptoms. Other, less obvious signs might include increased use of your broadband download allowance, router lights showing activity when there shouldn’t be any, your browser popping up unexpected windows and even unexplained rebooting.
Some malware behaviours are just plain odd, like a mouse pointer that flips orientation. Whatever the signs, the cure is the same: removal of the malicious code.
Stabilise your system
The first thing to do is to attempt to stabilise your system as much as possible. This might prove difficult if your machine is popping up windows and alerts every second, so the first trick to try is to reboot in safe mode.
Restart your computer and press [F8] during startup (press it twice if you’re given a choice of operating system first). Choose ‘Safe mode’ from the Advanced Boot Options screen. This will launch Windows with all startup programs disabled, and limited hardware drivers loaded. You’ll also be without any networking functionality, which is essential for stopping spyware programs phoning home or pulling data from pop-up windows.
Type msconfig in the Start Menu search box and launch the program. Click the ‘Startup’ tab and untick all but the essentials – or simply choose ‘Disable all’. Click ‘Apply’ to confirm, then go to the ‘Boot’ tab. Check ‘Make all boot settings permanent’.
go to the Control Panel and choose ‘Add/Remove Programs’. Remove any non-essential programs, especially toolbars and browser add-ons. In some cases, these actions may be enough to stop malicious code from loading at startup.
Now you need to remove temporary files. Empty all browser caches, and all files in the following folders if present:
C:\Windows\Temp\
C:\Temp\
C:\Documents and Settings\yourusername\Local Settings\Temp\
C:\Documents and Settings\yourusername\My Documents\Downloads\
You can get your browser to wipe temporary internet files too. Go to ‘Tools | Options | Clear browsing data’ in Chrome, or go to ‘Tools | Internet options’ in Internet Explorer, then choose ‘Delete’ under ‘Browsing History’. Tick every box and click ‘OK’.
No comments:
Post a Comment