Thursday, 11 June 2015

Dealing With Viruses

if your PC is infected with a virus

Aaron looks as the options available if your PC is infected with a virus

Fixing a PC when something goes wrong is sometimes easy, but often it can be a troublesome task, stressing users to the breaking point when they find themselves stuck and with no idea where to turn – other than paying someone else to fix it. However, error messages and hardware problems are often far easier to fix than one of the most difficult problems a PC user can face: a virus.


Unlike normal day-to-day errors or hardware problems, which usually provide some form of error message or symptom that can easily be identified, viruses often go out of their way to hide themselves. Often users don’t even know they have a virus, and even if they notice a possible infection, identifying exactly what the unwanted visitor is can be very challenging (getting rid of if even more so). Many viruses are designed to not only hide their presence, but take steps to actively resist any efforts of removal. This can include, but is not limited to: disabling security software, preventing access to Safe Mode and messing around with Windows’ GUI. Some can be particularly nasty in this regard; while others can be easy enough to remove, they’re just so hidden you may never know they’re there in the first place.

So, what can be done should your system become infected with a virus? There are plenty of options for those needing to clean their PC, both automatic and manual, which we’ll take a look at here. As well as acting on threats and detected infections, we’ll also take a look at some proactive options, techniques you should employ to stay clear of viruses and nip any problems in the bud before they blossom into full-fledged attacks. So, let’s begin.

Detect And Identify


The first step to removing a virus is detection. If you don’t know a virus is there, you won’t even know you need to take action. It’s for this reason that you should always run regular virus scans of your machine. These scans will reveal many infections if you have them and will prompt you to take action.

You can run scans manually, but as it’s best to run regular checks, so setting your anti-virus software to scan using an automated schedule is a better idea. This also lets you schedule scans to run at times when you’re not using the PC. This is good as it’s best to leave a PC alone when files are being scanned for the most part and many scans can also slow down PCs quite drastically, especially if you’re running and full, deep scan. Scans can also take a long time.

With luck, scans will turn up clear, which means that you have no problems to worry about – theoretically, that is. Not all virus scanners are created equal, though, and some may miss what others do not, so just because your installed anti-virus program gives you an all clear, don’t instantly dismiss any concerns you had in the first place. It may be a good idea to get a second opinion. This can be a problem, though, as it’s generally not a good idea to have more than one anti-virus suite on your PC at any one time, as they usually don’t get along too well. You can, however, use various online scans, such as bitdefender (www.bitdefender.com). These can scan your PC without being installed and will give you a good alternate opinion on your PC’s virus-related status.

Also, as well as the kinds of infections anti-virus programs can detect, there are other malware infections they cannot, which is why you need to ensure you run some form of malware scanner for your system too. These check for various threats, such as adware-related problems and can remove them from your PC. Malware can be just as troublesome as a virus, but acts in a different way. It also functions differently and gets on to your system in a variety of different ways, so can slip through the net if you don’t use the right tools.

Unlike anti-virus apps, most malware scanners won’t be affected by the presence of more than one similar tool, so it’s easier to run multiple scans for a more thorough sweep of your PC. Malwarebytes (www.malwarebytes.org) is one of the most popular, free malware scanners, but there are many others, free and paid for, including Spybot (www.safer-networking.org) and SuperAntiSpyware. As well as simple scanners, you can also use more specialised tools, such as the powerful Combofix (www.combofix.org) and HijackThis (free.anti-virus.com/us). These tools perform deep scans of your PC and can produce complex log files afterwards. These log files are then used to diagnose infections, allowing users to remove infections manually. In many cases, these log files may contain information that inexperienced users won’t find all that useful or understandable, but this can be shared with experts online, who can help diagnose and fix any problems. HijackThis, for example, is now owned by McAfee, so online support is readily available and both programs are catered for in various independent, speciality forums.

Removal


So, you’ve run various scans or used tools like ComboFix to produce information about a virus. What now? Removal is your next task and this can be the most difficult, depending on the virus or other malware infection you have. If you’re lucky and you’ve got one of the many viruses that are simple and easy to remove, your virus or malware scanner will probably be able to quarantine and remove it for you. However, if you have a nasty virus that won’t go down without a fight, things can get a lot more difficult, which is where tools like ComboFix and HijackThis really come into their own.

These provide the information to identify troublesome viruses and this helps those with more knowledge of viruses provide help to remove it. This help will vary from virus to virus, so we can’t provide exact steps here, but there are some common techniques and tips you should know about that can help if you have a nasty guest to remove from your system.

By far the most useful tip we can offer you is to make full use of Safe Mode (as long as your virus doesn’t prevent this). Many viruses can mask their presence in system-style files and will hook into files that cannot be removed during a normal PC’s operation. This creates problems for virus removal tools, as they can’t properly remove the infection. Some will advise a reboot, at which point this removal will be attempted, but it’s not always successful. If you’re manually removing a virus, this kind of problem can be even more troublesome. Booting up into Safe Mode prevents a lot of system-level files, drivers and other software from running as normal, so it greatly limits the power of a virus to stop you.

On pre-Windows 8 systems you can get into Safe Mode by tapping F8 during boot up and selecting the option from the boot menu. For Windows 8, you need to employ other methods, including setting Safe Mode using the System Configuration Tool (Press Windows+R and type ‘msconfig’, then go into the Boot tab) or you can press and hold Shift as you click Restart. You’ll then be able to chose Safe Mode from the Troubleshoot menu by going to Advanced Options > Startup Settings. When the system Reboots, you’ll be able to select Safe Mode by pressing F4 to enable it.

Once you’re in Safe Mode, you’ll be able to perform specific steps required to remove certain viruses, such as deleting infected files, removing Registry entries, turning off specific services, running virus cleaning tools and so on. Most of the time, a virus will be powerless to stop you.

We’d also advise that you regularly run your anti-virus and other scanners in this mode too, as they can be much more useful and thorough when run in Safe Mode, as there are no restrictions on many of the files they need to scan when running in this mode.

Another tip to keep in mind is System Restore and its impact. While system Restore can be a very useful tool, when it comes to virus removal it can actually be more of a hindrance. Sometimes virus infections can be hidden away in an old system restore checkpoint, threatening to return if you ever use that particular image. Other viruses, aware that they can be removed by using System Restore, disable it. Either way, it’s a tool that can represent a problem. If this problem relates to the former example here, it’s a good idea to deactivate System Restore, as it can also take a restore point automatically while you’re trying to remove a virus, which will have obvious ramifications. It’s also worth deleting any restore points you have that may overlap with the virus infection.

You can access System Restore in Windows 8 by typing ‘recovery’ into the search tool. You can then select to open System Restore to use it or configure System Restore to change it’s settings and disable/enable it.

Manual removal of a virus can often mean sifting through your computer’s hard disk looking for infected files. The best way to find these files is to use the Internet and search for the name of your virus or any infected files picked up by your virus scanner that couldn’t be removed automatically. Searching for these file names will often provide guidance on how to remove such items from techie websites or specialised forums.

With the sheer number of viruses out there, this is one of your best tools and the online community is a great way to seek help for the removal of a troublesome virus. It’s also a good idea to visit various anti-virus software vendor sties, such as Symantec, McAfee, Bitdefender, Avast and so on. These companies create anti-virus tools, so are a good source of information regarding possible infections and their removal. A great example of this is Bitdefender’s Virus Encyclopedia, which you can find at bit.ly/1cGYBCh. This is a searchable database of viruses, so it should be easy to track down any known infections and get help.

Often, you’ll need to use a collection of programs to remove specific types of viruses, again, these programs should be run in Safe Mode. You’ll find all sorts of sites recommending various steps and software to use, but the truth is there’s no one real trick to it. It’s all down to preference, the virus you’re infected by and what works at the time.

For example, we’ve seen specific guides that recommend you use Safe Mode, Kaspersky’s Tdsskiller, Malwarebytes, Hitman Pro, AdwCleaner and Emsisoft Anti-Malware in a specific manner to remove browser redirects. This is all good advice and will work very well, but it’s not a process that will work any better than someone else’s suggestion that involves a different approach. Whatever works, works, so if you’ve already got some security software installed, give that a go first before you start downloading and installing a whole host of additional software. If your current configuration doesn’t get the job done, then it may be time to look for another solution.

Finger On The Button


Of course, even with the best will in the world and all the tools at your disposal, there may come a time when there’s no other option but to take the last ditch solution – a format. Some viruses can be so nasty to remove, that many choose to take the most drastic measures to ensure they’re gone. That means starting again by formatting your machine.

These may seem harsh, but in some instances, it can actually be a far easier and quicker way to remove a virus than the usual steps taken to remove it. It also gives a user much more peace of mind that their system is truly clean, safe and secure once again. In fact, thanks to PC imaging and cloning, it’s become a common practise in corporate IT to format a machine instead of attempting a removal, as support departments can rarely afford the time and effort it takes to manually remove viruses from a machine. As many businesses have PC images stored and ready to go, it’s far more cost effective to simply start again.

Other options, such as a clean install or repair are an option here too and could possibly work, but when you’re dealing with viruses, the locations of which could often be largely unknown, keeping any data or old system files from the existing installation could be a risk, leading many to prefer to go for the total format.

The main problem with this approach is the possible loss of data and if you’ve not backed up your files beforehand, you really should spend a good amount of time making sure you do. It’s best to do so on a regular basis, as you’ll be sure you have a safe copy of any data that’s untouched by a virus, but if needs must, try to back up data from the infected machine too. Just be sure you thoroughly scan it on any other machine, just to make sure it’s clean and clear of threats.

Once you’ve backed up your data, you can format and reinstall from your original disc or system recovery image. Once this is done, you’ll have a clean, virus-free system, ready to go. You’ll now want to take the first step of installing a good anti-virus and malware app, to ensure your PC is safe in future and to scan your backed up data again. It’s better to be safe than sorry, after all.

Avoid The Hassle


It’s easy to look back with hindsight and say you should have done things differently and it’s also very true. Although there’s no way to stay perfectly free and protected from viruses, you can improve your odds substantially by taking simple precautionary steps.

We’ve already talked about running regular scans with antivirus and malware apps and this is something everyone should do – and do so on a regular, preferably automated, schedule. This is one of the best ways to keep your system protected. Also be sure to keep your security software up to date, including any virus definitions. This is usually automatic, but make sure this option is enabled in your programs.

Other methods include simple common sense and precautions. The Internet is a big, big place, but like any realworld city or country, there are places that should be avoided if you want to stay safe. Some sites, usually those that – how shall we say – skirt the boundaries of the law, can often be a hotbed for viruses and other threats, so it’s important to be aware of this and try to avoid troublesome sites. Illegal downloadng, music downloads, pornography and so on are all areas of the web that have proven to be dangerous.

It’s also important to be careful when downloading software, especially trial or free programs. Many such programs can harbour viruses or more commonly, adware, so always check that you’re downloading from a reputable site and pay close attention to software installations to make sure you don’t accept any additional software you don’t want. If a program offers a custom install, select it and check the list of components doesn’t hide any unwanted extras.

Another way to protect yourself online is to make use of virtual machines. We’ve covered these at length before in Micro Mart (you can find evidence of it via our website), but basically they’re software-based virtual PCs that run an OS install within your main OS and function just like any other system. The difference is that, because they’re a self-contained PC image, which is basically a large file on your PC, they have no reach to areas outside that file (i.e. the Windows install hosting them) so anything that goes on in the virtual PC, stays in the virtual PC and the whole thing can be deleted and replaced with ease.  That means that if you’re using a virtual PC to browse the Internet or try out new software and you’re attacked by a virus, you can simply delete the whole virtual OS and replace it with a new one. Easy.

This approach makes a great test bed of sorts, so you can safely try out new software virtually to make sure it’s okay before you install and use in on your real, physical PC. The only real drawback to this approach is the need for another copy of Windows, as it requires a licensed OS. If you have a spare copy or an older copy of Windows lying around, though, you’re set.

A couple of example virtual free PC programs you can use include, VirtualBox (www.virtualbox.org) for Windows and QEMU (wiki.qemu.org/Main_Page) for Linux. VMWare (www.vmware.com) also has trial versions and is a good solution. Pay attention to the technical requirements too, as running a virtual PC can tax a PC and you need to reserve and assign your PC’s resources to the virtual system.

If the virtual route is a bit complicated for your taste, you don’t have a PC capable of running it or a spare OS, then you may want to try sandboxing. This technique is a little easier to use than visualisation and it’s popular among home users who want to stay safe and secure.

Simply put, sandboxing is a method of isolating specific programs so that they run in a protected space. They’re kept away from the rest of the PC, including system files and shield you from any problems. You can run any program like this, including Internet browsers and downloaded programs you’ve not used yet, so can’t be sure if they’re safe. One of the best sandbox tools to use is, quite fittingly, Sandboxie (www.sandboxie.com). This is a free sandboxing solution that can quickly and easily isolate your programs so you can run them safely. It’s a great way to browse the Internet without worrying and you don’t need powerful hardware or another OS license to make use of it.

Disinfected


As long as you’re careful, it’s possible to avoid most problems relating to viruses, but it’s by no means a threat removal. Viruses are always evolving and those who write them are constantly trying to circumvent security measures that are put into place. For this reason it’s important to keep up to date, ensuring your security software is kept current and your system is scanned on a regular basis. Follow some of the tips we’ve gone through here and you’ll have a much easier and virus free PC experience.