Computer Viruses: Prevention and Removal

What Every Computer Owner Should Know About Viruses and Virus Removal

by Bill Natkin
Computing Consultant
iNetplanet, LLC

What is Malware?

Malware is a catchall term that refers to malicious software, which can infect a computer. Not all of these are viruses, although the word "virus" is often loosely used to refer to any unwanted software. Technically, to be a virus, the malicious program must replicate itself in order to get passed on from one computer to another through various methods.

Spyware is a software component that attempts to gather some type of personal information such as web browsing history, or intercepting passwords. Spyware can come in the form of programs, scripts, and other means. The privacy invading malware is usually secretly installed without the knowledge of the user, often while installing some other software.

The programs that get installed which cause a computer to run slowly, redirect web traffic, or bombard the user with pop-up advertising are most often Trojan Horses. A Trojan Horse is a program that hijacks some functionality from your computer for the purpose of attacking another computer, spreading spam, intercepting web browsing, or tricking the user into buying some useless product. Trojans may also self-replicate, in which case they are also viruses.

iNetPlanet, llc Comptuer Repair     One of the most common types of infection found today is rogue security software. It is essentially an extortion scheme whereby a malicious, fake anti-virus program is installed. The program displays messages indicating that the computer is infected and attempts to trick the user into buying a product that supposedly will cure the problem (which the Trojan Horse created itself in the first place).

There are hundreds of variations of this Trojan with names like Internet Security 2010, System Tool 2011, Internet Antivirus Pro, XP Security Tool, SecurePCCleaner, Win7 Antispyware 2011, Security Scan 2011, etc. Most mimic legitimate anti-virus software and can be rather difficult to recognize as fraudulent at first site. They are also notoriously difficult to remove. These are often deeply embedded in multiple directories including hidden folders, registry keys, system restore points, and corrupt operating system files.

Trojan Horses are installed deceptively, often by tricking the user into loading or executing the installation program. They sometimes are presented as legitimate software that claims to have a useful purpose. They may be browser add-ons, toolbars, a "registry cleaner", or an anti-spyware/anti-virus program. The user installs it thinking that it will protect their computer or enhance performance. Of course, exactly the opposite is true.

Other common infection methods include multimedia codecs required to play a video file, on line so-called virus scanning tools. Generally some action is required by the user to start the ball rolling, but this can be as simple as a single click on a web pop-up message that appears to be coming from the user's computer, not from the outside.

What Kind of Damage is Done?
Once a computer has been infected, the malicious program may begin to cause damage to other software residing on the victim's computer. Some viruses, like worms, will actually destroy or damage data files the user has created, but most do not.

A much more common situation which occurs involves the immediate disabling of certain security features on the infected computer. One of the first tasks of the common fake anti-virus Trojans is to cripple legitimate anti-virus programs installed on the victim's PC.

Usually certain Internet configuration settings and security features will be attacked as well. These problems can persist even after the infection is removed and often lead to additional infections. Viruses and Trojans will often disable automatic updates of the operating system and legitimate anti-virus software. They may redirect all web browser traffic through a proxy server.

How To Protect Against Infection
The best way to prevent having a computer infected by malicious code is by installing and keeping up to date a good anti-virus program. Many Internet service providers (ISP) off free anti-virus/anti-spyware software to their customers. The security software can usually be downloaded from the ISPs web site after the account holder logs in. There are many legitimate protection programs available for purchase in retail stores and on line There are also several good free programs available. Most of the free anti-virus program providers also have a paid version, which generally provides better protection.

Even with anti-virus software installed, a PC can become infected. The developers of malware are constantly revising and releasing new versions of programs designed to attack personal computers. It is critically important to update anti-virus programs and their definition files frequently. For most users this should be done automatically at least once per day.

No security software can prevent all infections all of the time. With new iterations of malicious software surfacing 24/7, it is very important for computer users to take a few simple precautions to reduce the risk of infection.

Any computer become be infected. Certain operation systems and browser software packages are more prone than vulnerable than others. Generally Windows XP is more susceptible to infection than Windows 7. Most experts agree that all Windows versions and Microsoft's Internet Explorer web browser are more vulnerable than their Linux and Apple counterparts for a variety of technical reasons. In fact, in late 2014, The United States Computer Emergency Readiness Team (US-CERT) recommended that users stop using Internet Explorer (IE).

US-CERT is part of the Department of Homeland Security’s (DHS) National Protection and Programs Directorate (NPPD). US-CERT, a branch of the Office of Cybersecurity, cited security exploits in IE versions as high as version 11. This means that if one is still using the Microsoft XP operating system (OS) it is imperative that another browser be used since Microsoft no longer supports the OS and refuses to fix the problems with Internet Explorer running on those machines.

The majority of infections can be prevented by the users simply by taking a few basic precautions. People tend to get into trouble by quickly clicking what ever pops up without carefully considering their next move. Remember, most infections require some action on the part of the user to get installed or executed. One must be on the defensive and question unusual and unexpected events. If in doubt when confronted with an unfamiliar prompt or pop-up, it is usually better to back out and start again. Sometimes this may require closing the browser software or even re-starting the computer. Think before clicking. For more information and tips on preventing computer infections visit the iNetPlanet Security Help Center.


updated 09/11/2015
© 2010 iNetPlanet, llc