Wednesday, May 28, 2008

30. Virus Information Guide

By: laptop4life from NotebookReview

Going through differnt types of common viruses on what they are and how to remove them.

Keylogger:
A keylogger is a harmful program that runs almost invisibly as a low level system process. Usually started up when your computer is booted - so there is no way of you detecting it - this program logs all the keys that you type and then sends that information out to the person who infected you with the keylogger.

Keyloggers are extremely dangerous and can be used to steal personal information such as your social security number, credit card number, and passwords to just about everything. This may lead to identity theft or theft in general. Keyloggers are especially dangerous to anyone who uses online cash sites such as PayPal.

How To Remove:
When you suspect that you are infected with a keylogger, do NOT type any personal information. Even if you are typing in a normal word document, the keylogger still keeps track of everything you type.

If you desperately need to login to your Email or somewhere secure and password protected, there is one way to get around the keylogger.

Click Start -> All Programs -> Accessories -> Accessibility -> On-Screen Keyboard

Doing this opens up a keyboard on your screen so that you can click whatever letter you would like to type. Since a keylogger does not track where and what you click, this helps you to get around it in times of urgency. Typing with the on-screen keylogger is a great hassle. The only alternative is the remove the keylogger completely.

Before you can destroy the keylogger and make your compute safe, you will need to detect it. Detecting a keylogger is not easy. It can be installed in over a 100 places on your computer, usually located in one of the system files. However, there is a much easier way to detect if a keylogger is running or not. Right click on your menu bar and click Task Manager. Alternatively you can press Ctrl + Alt + Del. You should be looking at all the applications you are running at the moment. Click the tab that says Processes. This gives you information about all the programs, hidden and visible that your computer is currently running. Now to get rid of once and for all, Make sure your anti-virus is fully upto date, Then run a full system scan and remove it.

Trojan:
Trojan horses are (as their name suggests) programs that do things that are not described in their specifications. The main difference between Trojan-type programs and the real viruses is that they do not replicate themselves. Therefore they do not have the ability to attach themselves to an existing legitimate program, in other words they do not have the ability to infect a file: they infect the system.

Trojans can be divided into the following subcategories:

Backdoors: once launched, they can allow someone to take control of another user's PC via the internet, without the user's knowledge.

Passwords stealers: these are programs embedded in files and they steal passwords. These are sent to the maker of the program, without the user's knowledge.

Logical bombs: these Trojans perform some destructive or security-compromising activity whenever specified conditions are met.

Denial of Service tools: these programs send special arrangements of data to a target (usually a web site) with the specific intent of interrupting that target's Internet service.

How To Remove:
Scan your files to detect the Trojan file. Follow the instructions in your antivirus program to delete any suspicious files. You may want to write down the path and file name of the Trojan, which is usually found in the "C:\" hard drive.

Worm:
Worms are similar to viruses but do not need a host file to replicate. Worms simply create exact copies of themselves and use communications between computers to spread. Worms share a common characteristic with trojans: they don't have the ability to infect a file, they will infect the system.

Worms may spread by email (using their own SMTP engine or a certain mail client, usually Microsoft Outlook or Outlook Express), by network shares, by instant messaging programs or by file sharing programs like KaZaA.

How To Remove:
The safest and most effective way to disinfect a computer that has been infected by an Internet worm is to use a dedicated removal tool. These tools are provided, free of charge, by several of the anti-virus software developers. Even if you have an anti-virus product on your computer that detects the worm, it may still be safer to remove it using one of these dedicated removal tools.

Rootkit:
A rootkit is a program (or combination of several programs) designed to take fundamental control of a computer system, without authorization by the system's owners and legitimate managers. Access to the hardware (i.e., the reset switch) is rarely required as a rootkit is intended to seize control of the operating system running on the hardware. Typically, rootkits act to obscure their presence on the system through subversion or evasion of standard operating system security mechanisms. Often, they are also Trojans as well, thus fooling users into believing they are safe to run on their systems.Rootkits are made usaully to hide other viruses such as malware.

How To Remove:
Once again, Run a full system scan and remove, However rootkits presents two quite separate problems. The first is the removal of the rootkit itself. The second is the removal of the malware that the rootkit was stealthing.

Because rootkits work by changing the Windows operating itself, it may not be possible to remove the rootkit without causing Windows to become unstable or non-functioning.

Removing the malware hidden by the rootkit presents the normal problems of removing any malware. However you won't be able to do this until the rootkit is removed at which point the whole system may become unstable to the point that the malware can not be completely removed.

Restoring your drive from a drive image is another possibility providing you are sure the image was created before the rootkit infection and that your imaging program restores the boot sector on your disk.

Spyware and Malware:
Spyware:Spyware is computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user's interaction with the computer, without the user's informed consent.

While the term spyware suggests software that secretly monitors the user's behavior, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habit, sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software, redirecting Web browser activity, accessing websites blindly that will cause more harmful viruses, or diverting advertising revenue to a third party. Spyware can even change computer settings, resulting in slow connection speeds, different home pages, and loss of Internet or other programs.

Adware: Not really a virus just annoying, Adware is software with advertising functions integrated into or bundled with a program. It is usually seen by the developer as a way to recover development costs, and in some cases it may allow the program to be provided to the user free of charge or at a reduced price. The advertising income may allow or motivate the developer to continue to develop, maintain and upgrade the software product.

How To Remove:
Scan the system with the anti-spyware scanner and allow it to remove any adware/spyware it finds. Then reboot the PC, regardless of whether you were prompted to do so by the scanner.