Thursday, August 8, 2013

12 Tips for Fighting a Computer Virus

Working desktop support for a small firm, that gives admin rights to all its users, means I spend a lot of time fighting viruses. We're also nice enough to help out family members, friends and just about anyone else who stops by the office. So I've seen quite a bit of crap over the last several years. Here are some helpful tips and tools that I use on a regular basis to fend off the nasties.

Prevention is key.
The best way to fight viruses and unwanted add-ins (like tool bars) is to avoid them in the first place. There are a lot of anti-virus programs available and they range from free to pretty expensive. Your computer or internet provider probably even has a free trial of one of the more popular ones built it. I've even run machines with no anti-virus software, you just need to know what to avoid, so here's some tips.

1. Back up your system! 
There are a lot of ways to back up your system. Pick one and use it. Often! A good recent back up can be the difference between losing a few recent things and losing everything.

2. Anti-virus software.
If you run anti-virus or anti-spyare programs, know what they are and how they work. There are a lot of bugs that masquerade as anti-virus programs. Knowing what you have will help you avoid the "You're infected! Click here!" Trap.

3. Don't click on pop-ups. 
Unless you're sure of what it is. If it pops up unexpectedly, you probably don't want it.

4. Watch out for webpage redirects. 
If a site you go to a lot, suddenly looks strange, check the address bar and make sure you are where you want to be. Even the most mainstream websites are vulnerable to redirects.

5. When downloading a program, be cautious of where you get it from. 
The first hit on a search engine is often a paid advertisement and their download may have extra crap shoved inside it. Try to get your software from a trusted source. I prefer the developer's site whenever possible.

6. Pay attention during installs.
Don't just start clicking "yes" and "I Agree" buttons. Even big firm software like Adobe Flash and Sun Java have toolbars and browser add-ons that will be checked by default.

Prevention didn't work. Now what?
So you tried to be good, but you picked up a bug anyway. It happens. Here's some tips to help rid yourself of the nasties.

My handy dandy virus tools stick.
1. Do not power off your computer. 
Some people like to hard shutdown right away, because they get scared that the virus is wreaking havoc. The problem is, many of these critters propagate when you restart and infect deeper into your system and you might not get a chance to flush them out later.

2. Check your running programs and processes for anything fishy.
Ctrl+Alt+Del and start the task manager. (Pro tip: some viruses will block the Ctrl+Alt+Del shortcut. If so try using Ctrl+Shift+Esc). Under applications, End Task on anything suspicious. I also like to end Internet Explorer here, as sometimes trying to "X" it closed will invoke additional pop-ups and redirects. Under the processes tab you might also be able to spot some funny business and End Process on them. But be careful here! There can be a long list of stuff here, and it's difficult to tell what's what sometimes. When in doubt, leave it be.

3. Delete your temp files. 
Go to C:\windows\temp and also to C:\Users\[your username]\AppData\Local\Temp and delete everything in both places. Some things probably won't delete, but don't worry about that right now. For XP machines the path will be slightly different for your users folder. It's C:\Documents and Settings\[your username]\Local Settings\Temp
If you can't see some of the folders, they may be hidden. When you are in the C: folder, click the Organize drop down, select Folder and search options. In the window that opens, click the View tab and tick the bubble Show hidden files, folders, and drives. (for XP it's in the Tools drop down menu under Folder options).

4. Run some scans.
Now is the time to try and find and kill your virus. Spybot and Malwarebytes are my go to programs. They are free (for home use) and you can have them both scan at the same time. Many times they will be enough. When they aren't, we typically move on to Rkill and Combofix. Watch for fake "downloads" when looking for virus tools. Often there will be big green DOWNLOAD buttons that are paid advertisements. Pay attention and look carefully, you don't want to make things worse.

5. Check your browser(s) for add-ons.
I recently had an infected machine come through that had, I kid you not, 17 different toolbars installed. These things come in all over the place and will really slow your browser down. Different browsers (and versions) put them in different places, so you may need to use a search engine to locate the path, but for Internet Explorer 9 and 10 (the most recent 2 as of this writing) click the gear icon on the right (or the tools drop down menu if it's visible) and select Manage Add-ons. Here you find all your toolbars and browser add-ons. Click the drop down on the left under "Show:" and select All add-ons for a complete list. Disable and remove with extreme prejudice. Also go through the other sections, like "Search providers" and "Accelerators".

6. Check your installed programs.
Go to the Control Panel and click Programs and Features (or Add or Remove Programs) and look for any installed programs you find suspect. Again, be careful here, you don't want to remove something useful! If you have a stubborn program that won't uninstall, check out the Microsoft Fixit for removing programs. In fact, I recommend keeping the whole Fixit Portable on a USB drive, along with you favorite virus fighting tools, just in case you get a bug that blocks you from using the internet.

Beyond this, you start to get into some really advanced stuff and I recommend seeking some professional help. If you get to playing around with registry settings or folder permissions without a clear understanding of what you're doing, you can really wreak havoc on your machine. You do have that back-up handy, just in case, right?