Security

Five tips for spotting the signs of malware

Malware has become one of our most challenging security issues -- and it isn't going away any time soon. Learning to recognize the symptoms of an infection will help you preempt malware havoc.

If you've ever experienced a malware infection, you know what a hassle they can be. Cleaning your PC of these infections as quickly as possible will help ensure that the malware doesn't do any more damage or infect another machine. These tips should go a long way to help you recognize the symptoms of a malware infection.

1: Software

This is the most obvious method. Tons of anti-malware applications are available, and the choice is as subjective as your choice of antivirus software. You can choose tools like Malwarebytes or Spybot Search and Destroy. There are also some antivirus tools that can scan for both virus and malware (such as Ashampoo Magical Security 2). One of the issues you might face with certain anti-malware tools is a lack of real-time scanning. Because of this, you have to make sure your end-users do frequent manual scans to catch any infections. When a client neglects a scan, not only can that malware cause more issues, more malware may be picked up.

2: PC slowdowns

Malware is notorious for slowing down machines, be it network connections or speed of application use (or opening/closing said application). Of course, a slowdown alone does not a malware infection make. Since many other issues can cause a slowdown, I would advise taking steps to cure that slowdown first (defragmenting, adding RAM... the usual). If the PC is still running poorly after you've taken the necessary steps to address a slowdown, it's likely to be malware.

3: Pop-ups

One potentially embarrassing sign of malware is the popup. Lately, we've seen a spike in porn-related popup malware issues that either put a blush on the user's face or elicit pure anger. Unwanted pop-ups (especially those that happen when a browser is not open) are a sure sign of malware infection. The problem here is that they can't always be removed in standard mode. In those cases, the machine must be booted into safe mode. As with nearly all malware, you'll need a strong anti-malware application to remove them.

4: Change of home and/or Google links

If a browser's home page changes without your intervention, more than likely there is a malware problem. The same is true if you Google a topic, click a Google-provided link, and are sent to a random link. If you're seeing this behavior, you have a malware or virus infection.

5: Browser offline

If you can't browser the Internet but you know your network connection is up and running (a ping check is an easy way to test this), you probably have a malware infection. To double-check this, go to your browser's network connections settings and make sure a proxy hasn't been set (without your or your IT department's knowledge). If this is the case, and you know you don't use a proxy, you have a malware infection.

Additional resources


About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

9 comments
jhilger
jhilger

in a posting by carlsf he mentions changing the firewall on the router, how? He is also talking about checking if the activity light is flashing- mine flases all the time whether I am on line or not. How do you check that? My router is a D-Link and the wireless is secured. Any help would be appreciated.

webmaster
webmaster

I recently dealt with a piece of malware (on my sister's computer or rather network) that hijacked the DNS settings in the router. That was a new one to me. Of course she had the default password on the router still. We had a little talk about security...

NickNielsen
NickNielsen

In my experience (admittedly limited - only 3 systems), those annoying security popups ("Unable to open [i]filename[/i], file is corrupt, click here for virus scan" or similar message) can often be cleared manually. In all three cases, I was able to boot into safe mode, identify the unwanted startup entry in the registry, and remove both that entry and the associated directory. All three systems were normal after a reboot. Have some patience. Each of those three systems took at least 5-10 minutes to present a safe mode login, almost as if the malware was attempting to block it.

Gis Bun
Gis Bun

For the typical computer novice, they won't know about pinging. If the browser ain't going anywhere, try having a novice user open an email client or instant messaging client. It could also be that the computer has lost Internet access for any other reason. As well, a computer slowing down isn't a reason for having plenty of malware on a system. I've seen slow systems and after further investigation, almost all of them are because the person is still using [for example] Windows XP with the original installation almost 10 years ago. Any IT pro knows that software uninstallers leave behind enough crap, drivers, services [Lexmark inkjet printers are notoriuos for this], and other stuff. I've re-installed XP and their apps for people and they are amazed of the speed they got. Another example. Motorola phone Tools. Had a Motorola phone. when i got rid of it and the software, Microsoft/Sysinternals' Autorun reported there were files still being loaded [and left behind]. Systems can also slow down because there was malware [or a virus] that was removed way backwhen, but there is sometimes some after effects lingering around. Of course there are also users who think they are running a slow computer but in fact lack RAM [like Acer who are notorious for being cheap by selling systems with 1GB of RAM when Vista first came out].

carlsf
carlsf

If E-Mail comes in and I havent asked for it or dont know the sender (also watch for the old "I have sent.... "The file you requested...) one, I delete that e-mail unopened. I am careful which sites I visit, if you surf unsavory sites then expect to get bitten. At all times make sure of the following... 1) Firewall on the router set, dont leave the one it came with, keep an eye on the Router activity if your lights are flashing and you are not on the internet, be careful and start checking. 2) Firewall on your computer/notebook is running 3) Antivirus is running and up to date with downloads, I use AVG Internet Security. 4) I run a malware application once a week. Yes I have been bitten, even with all the above security, and it was an e-mail from a friend I know, it did not have a subject line, and I should have known, so another one to look out for, NO SUBJECT line and one of the spammers old line and we all know what they are. I hope this helps and happy surfing/computing

The 'G-Man.'
The 'G-Man.'

you should not be using the device (in my opinion)

Mr_Tech
Mr_Tech

1. Your firewall warns you of a certain process trying to connect to a particular server 2. You try to delete an entry in HKEY_CURRENT_USER\Software\Microsoft Windows\CurrentVersion\Run and HKEY_LOCAL_MACHINE\Software\Microsoft Windows\CurrentVersion\Run but the process re-adds itself. Another way is to look in HKEY_LOCAL_MACHINE\Software\Microsoft Windows NT\CurrentVersion\WinLogon's Userinit value. 3. You try to look for the specific process but you can't find it (hidden) 4. You double click a removable drive letter and window pops up instead 5. You try to launch your AV software but nothing happens... You can easily solve the above issues with pre-installed Windows environments such as the ones created by the boot-land tools. Simply run the disk when the computer starts. Not only will it let you delete malware exe files, you can delete the entire partition table of your disk (with the right tools) .... As far as slow downs, here is a few steps to make your PC super slow without malware. On startup, Enable Java Updater, Apple Software Update, Adobe Updater and some other badware that comes pre-installed with laptops and PCs as well as Nokia PC Suite or similar, iTunes....

Zwort
Zwort

Boot up from a 'live' disc/distro/PE. Make images. Back up crucial data, and always use separate drives for system and data. Be ruthless. Got problem? Format and restore image, after first checking that trivia on the boot drive (favourites, e.g.) are backed up. Tolerate nothing from a windows system.

sura.jan
sura.jan

if somebody is stupid he shouldn't use PC. But see that everything now (including PC's) is made for the most stupid people! People are educated (by advertising) to be more and more stupid to buy everything what works automatically, what lives it's own life!

Editor's Picks