Viruses
Until recently, most of the known damaging programs were viral in nature. One property of Viruses is that they use other host applications in order to be able to run. A Virus always attaches itself to a benign program by inserting its own Virus program code into the executable file of another program (e.g. an .EXE file). Once the benign program is loaded the Virus can begin its damaging routines and use other programs to reproduce itself. These days, Viruses play a much smaller and less important role in the Malware sector.
Trojans, Backdoors, Bots, Worms
Most of the new damaging programs these days are Trojans and Bots. They do not require a host program to run because they are independent programs. Bots attempt to remain as inconspicuous as possible and usually hide well camouflaged in the depths of the operating system. Their activities include opening the PC for attackers who thereby gain full control of the PC, mass-mailing of illegal Spam mails, or the coordinated overloading of individual websites through too many manipulated queries at once (DoS). The PC can only be regarded as infected when this type of software is actually active. Files that are not running do not represent a danger. However, Trojans and Bots usually have numerous features to ensure that they are automatically started every time the system is booted. Autostart entries are created in a wide variety of system Registry locations, file suffix assignments are redirected, or other new tricks are used that most security tools are not yet aware of.
Spyware, Adware, Bogus Security Software
A new Malware trend is to manipulate important system components so that the Malware file can no longer simply be deleted. Some types of Spyware start multiplte processes (program instances) in parallel that monitor each other. When one process is terminated the other process starts it again, etc. Bogus security software, so-called rogue Anti-virus and Anti-spyware tools, inject themselves into essential system processes such as (e.g.) winlogon.exe. If you attempt to terminate the Malware by terminating the host process and deleting the damaging file, the action ends with the dreaded bluescreen and the system comes to a standstill.
Rootkits
Rootkits go one step further. They manipulate the operating system so that the Rootkit files are no longer visible and can no longer be detected by Anti-virus programs. Registry entries, open ports, and active processes can also be made invisible, thus leaving no traces of the presence of a Rootkit.
The virus and malware infection types described above represent the most common types. Of course, various combinations of these techniques also exist.
The Detection and Recovery
Usually, the easiest way to tell you have spyware is because your PC is running at a reduced speed. The other way to check is to hit CTRL+ALT+DELETE and hit task manager (if you have windows service pack 2. If you have before SP2, then this should automatically bring up the task manager).
Once the task manager is open, check your running processes under the “Processes” tab. If you see a lot of strange processes running you don’t recognize, you likely are infected with spyware, adware, or viruses.
An example of strange processes would be a fgkosk.exe or copies of the same process running twice. Some “smart” spyware can actually disguise itself as other windows processes – you can tell this if you have copies of processes running. Don’t end task anything you’re not sure of – besides, most of these files are actually able to resume themselves after you close them as they’re in your windows registry. You could also download a program that checks for these infected files, such as Avast, Ad-Aware, etc. Check my other article on “what to do once you have spyware” for a list of good programs to use. The best way to get rid of spyware, adware, or viruses once you have them is either to use a program made for doing exactly that. Failing that, you could format your PC.
Sometimes, an infestation becomes so bad you may have troubles downloading, installing, or running a program for spyware removal.
0 comments:
Post a Comment