Computer Virus: What you need to know
Basically there are two types of computer virus and they are commonly known as application virus (virus that is activated when a user clicks on the file) and network virus (virus that attempts to replicates itself, most of the times automatically searching for computers that it can invade).
Both types of virus can be equally destructive and the purpose of this post is to help you prepare before disaster strikes.
Prevention is always better than cure, yes, this statement is very true but people still get cancer even though they try to ‘prevent’ it from occurring. The same goes to computer virus.
Have you ever wondered why, even though we put in the best anti-virus software (which won numerous awards), scan every god damn incoming files but we are still vulnerable to virus?!
Having seen numerous types of infections occurring on our user’s computer gives us a fair deal of knowledge on how to deal with outbreaks. Well, worst case scenario – re-formatting is always a viable option.
Things that you should do, immediately after a clean installation of Windows Operating System
Warning: Attempting to edit the windows registry is not recommended for the weak hearted. Just take a snapshot and do not do any amendments if you’re new to the registry business.
Before the aftermath …
1. Take a snapshot of your RUN registry and attempt to know what is being run.
Start / Run / Regedit and hit the enter key
Navigate and take a snapshot of the following keys.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
To take a snap shot of the registry value for each key value, hit the print screen button and paste the snap shot to Microsoft Word or Excel. Make sure you store the screen capture file to a save location.
2. Know what programs or services are being run on your computer.
2.1 Download and run the free version of Process Explorer and take snapshot of what kind of services are being run before the problem occurs. The process explorer can be downloaded from www.sysinternals.com/Utilities/ProcessExplorer.html
3. Keep the Microsoft patches updated as patches from Microsoft are meant to mend what was left out during software testing.
4. Install antivirus software and keep the anti-virus updated. Many viruses are released daily and it is important to stay up to date with these updates. Perform a regular scan of which corporate administrators are able to perform an automatic patch downloading and scanning at stipulated interval without user’s intervention.
5. Make sure you have at least a firewall running on your PC and internet gateway and by default block everything and only allow programs that you are 100% sure to run.
DURING THE CRISIS …
I GOT VIRUS!? PANIC?! Let’s reformat!
This is normally the typical Joe’s reaction towards virus (or at least that is what my friend’s reaction is)
1. First and foremost, attempt to know what you’re up against. Take every step to record down what you saw or heard by means of screen capturing (if possible).
Using the information you had gathered, attempt to search for the type of virus off www.google.com or your favorite search engine. If the virus is a common infection like the common cold, chances are millions of users worldwide had encountered the same infection as you did and there is a high chance that a solution is just around the corner.
2. What if I can’t log on to google.com? Whenever I type www.google.com it says page not found or it sends me to where no man has ever gone before!
Most of the infected computer if it is still working changes your DNS (Domain Name System) setting to prevent the average Joe from going to the internet to search for solution or run free online virus scan engine (like Trend Micro’s Housecall ™)
The “hosts” file can be edited by using Windows Explorer and navigating to “c:\windows\system32\drivers\etc\host.”. The location of the “host” file varies between the Windows Operating systems.
Before editing this file, it is strongly suggested that you make a backup copy of this file. Make sure there is only a single line that reads.
127.0.0.1 localhost
.. and delete anything below this line. Save the “host” file and using Internet Explorer, try to navigate to www.trendmicro.com website to run the online virus detection and cleaner. (Oh, by the way did I mention the magic word that it is a completely free service by Trend Micro?)
If it is a computer virus that is known to Trend micro, chances are you are able to clean and remove or at least quarantine the virus.
3. Attempt to stop the virus from running.
Most of the virus attempts to load once Windows is started without the user’s knowledge. Once loaded it do all sorts of funny stuff to prevent the users from gaining control of the computer. Some makes the computer extremely slow, chalking up windows resources to nearly 100%.
Using the “process explorer” try to see what kind of ‘additional’ processes that was added and try to stop it. Kill the processes that are constantly eating up on windows resources to see if it helps to make your computer faster. Some viruses will ‘auto-resume’ once you had killed it using process explorer.
If this happens to your PC, then you’ll have to get your hands dirty and check your system registry to stop the virus from even starting. You’ll need to stop the “system restore” on your windows computer. Search www.google.com with the keyword “stop system restore” on how to do this. Well if you forgot to take snapshots of what services are supposed to be run in the first place, you can always go to www.google.com and search for more information on the services that was run eg,
“C:\WINDOWS\system32\NeroCheck.exe” reveals that the computer will start the NERO cd burning services once Windows is started.
4. Help! What if I can’t even boot Windows?! How do I run online scan!?
If you have more than one computer, you can try to unplug the hard disk and install it on your secondary computer. Then using the main computer run an online scan on the second computer.
Warning: Do not attempt to open any files from the secondary hard disk that you had install, fearing that by executing any files on the secondary hard disk, it will spread the infection to the first computer!
5. Once you know what you’re up against, most of the antivirus sites will provide a step by step guidance on how to remove the infection if the virus is not a destructive virus that is.
PS. I do not have any affiliates or any connection with the names mentioned. If I am in direct violation of any laws (duh!), please notify me and I shall gladly remove the names.
Both types of virus can be equally destructive and the purpose of this post is to help you prepare before disaster strikes.
Prevention is always better than cure, yes, this statement is very true but people still get cancer even though they try to ‘prevent’ it from occurring. The same goes to computer virus.
Have you ever wondered why, even though we put in the best anti-virus software (which won numerous awards), scan every god damn incoming files but we are still vulnerable to virus?!
Having seen numerous types of infections occurring on our user’s computer gives us a fair deal of knowledge on how to deal with outbreaks. Well, worst case scenario – re-formatting is always a viable option.
Things that you should do, immediately after a clean installation of Windows Operating System
Warning: Attempting to edit the windows registry is not recommended for the weak hearted. Just take a snapshot and do not do any amendments if you’re new to the registry business.
Before the aftermath …
1. Take a snapshot of your RUN registry and attempt to know what is being run.
Start / Run / Regedit and hit the enter key
Navigate and take a snapshot of the following keys.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
To take a snap shot of the registry value for each key value, hit the print screen button and paste the snap shot to Microsoft Word or Excel. Make sure you store the screen capture file to a save location.
2. Know what programs or services are being run on your computer.
2.1 Download and run the free version of Process Explorer and take snapshot of what kind of services are being run before the problem occurs. The process explorer can be downloaded from www.sysinternals.com/Utilities/ProcessExplorer.html
3. Keep the Microsoft patches updated as patches from Microsoft are meant to mend what was left out during software testing.
4. Install antivirus software and keep the anti-virus updated. Many viruses are released daily and it is important to stay up to date with these updates. Perform a regular scan of which corporate administrators are able to perform an automatic patch downloading and scanning at stipulated interval without user’s intervention.
5. Make sure you have at least a firewall running on your PC and internet gateway and by default block everything and only allow programs that you are 100% sure to run.
DURING THE CRISIS …
I GOT VIRUS!? PANIC?! Let’s reformat!
This is normally the typical Joe’s reaction towards virus (or at least that is what my friend’s reaction is)
1. First and foremost, attempt to know what you’re up against. Take every step to record down what you saw or heard by means of screen capturing (if possible).
Using the information you had gathered, attempt to search for the type of virus off www.google.com or your favorite search engine. If the virus is a common infection like the common cold, chances are millions of users worldwide had encountered the same infection as you did and there is a high chance that a solution is just around the corner.
2. What if I can’t log on to google.com? Whenever I type www.google.com it says page not found or it sends me to where no man has ever gone before!
Most of the infected computer if it is still working changes your DNS (Domain Name System) setting to prevent the average Joe from going to the internet to search for solution or run free online virus scan engine (like Trend Micro’s Housecall ™)
The “hosts” file can be edited by using Windows Explorer and navigating to “c:\windows\system32\drivers\etc\host.”. The location of the “host” file varies between the Windows Operating systems.
Before editing this file, it is strongly suggested that you make a backup copy of this file. Make sure there is only a single line that reads.
127.0.0.1 localhost
.. and delete anything below this line. Save the “host” file and using Internet Explorer, try to navigate to www.trendmicro.com website to run the online virus detection and cleaner. (Oh, by the way did I mention the magic word that it is a completely free service by Trend Micro?)
If it is a computer virus that is known to Trend micro, chances are you are able to clean and remove or at least quarantine the virus.
3. Attempt to stop the virus from running.
Most of the virus attempts to load once Windows is started without the user’s knowledge. Once loaded it do all sorts of funny stuff to prevent the users from gaining control of the computer. Some makes the computer extremely slow, chalking up windows resources to nearly 100%.
Using the “process explorer” try to see what kind of ‘additional’ processes that was added and try to stop it. Kill the processes that are constantly eating up on windows resources to see if it helps to make your computer faster. Some viruses will ‘auto-resume’ once you had killed it using process explorer.
If this happens to your PC, then you’ll have to get your hands dirty and check your system registry to stop the virus from even starting. You’ll need to stop the “system restore” on your windows computer. Search www.google.com with the keyword “stop system restore” on how to do this. Well if you forgot to take snapshots of what services are supposed to be run in the first place, you can always go to www.google.com and search for more information on the services that was run eg,
“C:\WINDOWS\system32\NeroCheck.exe” reveals that the computer will start the NERO cd burning services once Windows is started.
4. Help! What if I can’t even boot Windows?! How do I run online scan!?
If you have more than one computer, you can try to unplug the hard disk and install it on your secondary computer. Then using the main computer run an online scan on the second computer.
Warning: Do not attempt to open any files from the secondary hard disk that you had install, fearing that by executing any files on the secondary hard disk, it will spread the infection to the first computer!
5. Once you know what you’re up against, most of the antivirus sites will provide a step by step guidance on how to remove the infection if the virus is not a destructive virus that is.
PS. I do not have any affiliates or any connection with the names mentioned. If I am in direct violation of any laws (duh!), please notify me and I shall gladly remove the names.
posted by Steven at
10:12 AM
|
3 comments
