How to Remove Malware

A Malicious Software^[1] developed to  gather private information or conceal unwanted activities in the computer system is called for short Malware^[2][3]. The definition term includes Computer Viruses^[4], Rogue Security Software^[5] (Scareware^[6]), Ransomware^[7], Computer Worms^[8], Trojan Horses^[9],  Rootkits^[10], Keyloggers^[11], Dialers^[12], Spyware^[13], Adware^[14], Malicious Browser Helper Objects^[15] and Govware^[16]. These programs can cause your device to crash and can be used to monitor and control your online activity. Criminals use malware to steal personal information, send spam, and commit fraud.

Malware removal guide (Windows OS)

Step 1: Disable System Restore^[17] 

Step 2: Enter into Safe Mode^[18]

Step 3: Delete Temporary Files^[19]

Step 4: Download Anti Malware or Virus Scanner^[20] (disinfect the computer manually^[21])

Infected machines experience slowdowns^[22], unusual behavior, sudden hangs. There are many websites^[23] that offer free online virus scanning. In addition there are some websites^[24] where you can upload a file (or scan a Website by pointing to its URL) and scan it with a number of antivirus engines. Moreover, some free antivirus software programs are available for download from the internet^[25]. Microsoft also developed a free utility named Microsoft Security Essentials^[26] which is a Removal Tool available as a part of the regular Windows update.

Computer Virus

The computer virus^[27] is program written specifically to affect the way a computer operates, without the awareness or permission of the user. Some viruses are capable of reproducing itself or patching system files by upending the malicious code to the end of the file.They are capable of execution of additional programs or deletion of files. Not all viruses are designed to do damage, but they can be quite annoying by displaying text, video or play audio messages.

Here are some examples of the most destructive Computer Viruses up to now:

Melissa^[28] – Gather the best exotic dancer with an ingenious hacker and you will have one of the worst computer viruses of all time. Melissa was written by David L. Smith, named on his favorite Friday Night Female. It was unleashed on 26 March, 1999 – as an email attachment, the self replication happens when the email attachment is opened, then it automatically sent  itself to the top 50 people addresses in infected person email. The damage was so enormous so that some companies needed to shut down email servers to handle the problem. Smith was convicted to spent 20 months in jail and fined $5,000.

ILOVEYOU^[29] – This virus spread via an e-mail note with “I LOVE YOU” in the subject line and an attachment. If you open the attachment, the automatic event that heppened was that the message is sent to everyone in the recipient’s address book and delition of all JPEG, MP3, and other files on the infected HDD. On May 4, 2000, the virus flooded so quickly that e-mail servers had to be shut down in a number of major companies such as the Ford Motor Company. The virus infected about 45 million users in a single day.  The damage estimates of this computer virus caused, amount over $10 billion.

Nimda^[30] – this is a complex virus with an integrated SMTP component which can spread itself as an e-mail attachment with a random name. It first was noticed on September 18th, 2001, and quickly spread around the world. 

Ransomware

The Ransomware^[31] is a type of malware that attempts to make a computer pay in order to gain his own computer control back from the malicious software. Usually, the Ransomware will either “lock” the computer^[32][33] or encrypt^[34] all personal files. The ransom demand is displayed, either with text message or as webpage in the web browser. This type of malware uses fear to push the victims into paying the ransom. It might be dropped as addition from another malware payload, or it might be delivered by an exploit kit such as Blackhole, which utilize vulnerabilities on the Guest OS to install and execute the malware silently.

Computer worm

Worms are very similar to viruses. They usually try to spread and infect as many computers as quickly as possible. Worms can occupy both memory and network bandwidth and often include damaging features.

Some of the most destructive worms throughout the history are:

Blaster^[35] (aka as Lovsan, Lovesan or MSBlast) was uleashed on August 2003. It exploits a vulnerability in Microsoft’s DCOM RPC as described in VU#568148 and CA-2003-16.

Code Red^[36] damage estimates are billions of dollars during the summer of 2001. The text message string “Hacked by Chinese!” is displayed on affected web pages. This is also one of the few computer worms that are able to run in memory only, leaving no files on the hard drive (nevertheless, some modifications do leave files).

SQL Slammer/Sapphire^[37] caused a denial of service on some of the major Hastings and significantly slowed down the general Internet traffic. On January 25, 2003 it hit hard, infecting its 75 thousand victims within ten minutes. Although it was titled “SQL slammer worm”, the software was not written in SQL language, but it exploited two buffer overflow flaws in Microsoft’s SQL Server database product. Other known aliases are W32.SQLExp.Worm, W32/SQLSlammer, DDOS.SQLP1434.A, the Sapphire Worm and SQL_HEL.

Sasser/Netsky^[38] – The author of these two worms is Sven Jaschan. Sasser spread trough a Microsoft Windows vulnerability, by scanning the networks for vulnerable systems, once deployed it drops a malicious payload and begins to scan the local IP addresses to find new victims. The Netsky worm is spread trough emails and Windows networks, as an  22,016-byte attachment. It also caused a denial of service (DoS) attack.

MyDoom^[39] was first sighted on January, 2004. It was distributed via  junk e-mails. As usual the mail contained an attachment that, if executed, re-sends the infection to all e-mail addresses located in the user’s address book.

Trojan Horse. 

This is a program that appears to be legitimate, but when run it can perform additional hidden activity. Trojan Horses are usually used to steal password information and disable some security features and thus render the system more vulnerable.

Rootkit

This is a software that can hide its presence or the presence of another application in the harddrive, while actively can execute files, access logs, monitor user activity and change the computer’s configuration. It might be capable to use some of the lowest layers of the Operating System and thus redirect API functions. That makes the rootkits^[40] almost undetectable by conventional means.

Keylogger

This can be a hardware device or a software program that is capable of recording the real time activity of a computer user, including clipboard and pressed keyboard keys.

Dialer

This a program that push the computer’s modem to establish an unwanted dialup connection to the Internet. The connection is established by dialing a predefined phone numbers. Malicious dialers are designed to dial to international or premium rate local phone numbers. Their activity usually results in receiving a high phone bill.

Spyware

A software designed to gather personal information like browsing habits, passwords, credit card information etc. without your knowledge is called Spyware^[41].

Adware

Any software that automatically displays, or downloads advertisements to your computer is called Adware. Some toolbars for example cause unwanted pop-ups. While, the adware alone is harmless, it could be integrated with spyware or other privacy sensitive stealing information software.

Malicious Browser Helper Objects

This is a small piece of software that runs automatically every time you start your Internet Browser. Usually, it is installed on your system by another computer program.  They can do things like recording the visited websites, displaying pop-ups and redirecting to unwanted websites.

Govware

This is a new name for a special kind of software developed by an order of government entities. It originates from the words “government” and “software”. The most famous Govware know to the world is Stuxnet it has been created by United States and Israeli agencies^[42] to attack Iran’s nuclear plant.

References:

[1]http://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx
[2]http://www.microsoft.com/security/pc-security/malware-removal.aspx
[3]http://lifehacker.com/5227896/five-best-malware-removal-tools
[4]http://home.mcafee.com/virusinfo/virus-removal-tools
[5]http://dothelp.net/rogue-removal/
[6]http://iits.haverford.edu/help-center/protecting-your-computer/avoiding-scareware/
[7]http://www.selectrealsecurity.com/remove-ransomware
[8]http://www.ehow.com/how_2122682_remove-worm-virus.html
[9]http://www.techsupportalert.com/best-free-trojan-scanner-trojan-remover.htm
[10]http://wp.natsci.colostate.edu/cnsit/rootkit-virus-how-to-detect-and-remove/
[11]http://www.vita.virginia.gov/security/default.aspx?id=5344
[12]http://symantec6.software.informer.com/download-symantec-trojan-horse-dialer-removal-tool/
[13]http://www.ok.gov/homeland/Cyber_Security/Spyware/
[14]http://www.oit.umass.edu/security/malware-viruses-spyware-adware-other-malicious-software
[15]http://www.ehow.com/how_6018340_remove-activex-browser-helper-object.html
[16]http://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet
[17]http://www.mcafee.com/us/downloads/free-tools/disabling-system-restore.aspx
[18]http://www.computerhope.com/issues/chsafe.htm
[19]http://www.hotcomm.com/faq/faq_temp_files.asp
[20]http://www.kaspersky.com/virus-scanner
[21]http://www.ccu.ri.gov/computingsafely/virusesmalware.php
[22]http://www.businessinsider.com/why-your-computer-slows-down-2013-8
[23]http://www.howtogeek.com/115238/which-free-online-antivirus-scanner-is-the-best-comparison-test-and-results/
[24]http://www.virustotal.com
[25]http://www.pcmag.com/article2/0,2817,2388652,00.asp
[26]http://windows.microsoft.com/en-us/windows/security-essentials-download
[27]http://www.nyu.edu/its/security/virus/
[28]http://www.book-arts-l.ua.edu/1999/03/msg00299.html
[29]http://www.gao.gov/products/GAO/T-AIMD-00-181
[30]https://www.ee.washington.edu/computing/faq/security/nimda.html
[31]http://www.f-secure.com/en/web/labs_global/removal/removing-ransomware
[32]http://www.tn.gov/homelandsecurity/ransomware.shtml
[33]http://www.fbi.gov/knoxville/press-releases/2012/internet-scam-warning-reveton-ransomware
[34]https://www.us-cert.gov/ncas/alerts/TA13-309A
[35]http://www.cert.org/advisories/CA-2003-20.html
[36]http://www.symantec.com/security_response/writeup.jsp?docid=2001-080908-4231-99
[37]http://www.caida.org/publications/papers/2003/sapphire/sapphire.html
[38]http://webllinks.hubpages.com/hub/Remove-Sasser-Worm-Virus
[39]http://www.symantec.com/security_response/writeup.jsp?docid=2004-012710-0202-99
[40]http://wp.natsci.colostate.edu/cnsit/rootkit-virus-how-to-detect-and-remove/
[41]http://www.uab.edu/it/home/component/k2/item/230-what-is-spyware-how-can-i-remove-it
[42]http://www.theregister.co.uk/2013/07/08/snowden_us_israel_stuxnet/