Go Premium for a chance to win a PS4. Enter to Win

x

Anti-Spyware

Spyware is software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge; it has also come to include programs that engage in various kinds of electronic fraud. Anti-spyware is software that removes or blocks that software; some common vendors include Malwarebytes, McAfee, Spybot-Search and Destroy, Ad-Aware and BitDefender.

Share tech news, updates, or what's on your mind.

Sign up to Post

Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. The term ‘spyware,’ covers a wide variety of such sinister software programs that installs on a computer without the user’s knowledge to essentially hijack web browsers, monitor all user activity on a machine, open backdoors for remote attackers, steal personal information, display unsolicited advertising, and slow PC performance.


The threats and risks posed by spyware for businesses include loss of productivity, profitability and credibility, liability from privacy violations, increased helpdesk cost, and damage to brand reputation. Spyware remediation and countermeasures to keep your company computer systems as safe as possible are in fact as critical as antivirus and antispam measures.


How Does Spyware Work?


Spyware generally falls into two broad categories.


  1. Surveillance software that includes applications such as key loggers, screen capture devices and trojans used to collect sensitive information about the user for monetary exploitation

 

  1. Advertising spyware that can be used by legitimate companies to log information about the user’s browsing history, personal details and online shopping habits to download and display advertisements on your computer utilizing your system resources, such as RAM and CPU.


Once installed on a computer, the program begins logging keystrokes, monitors online purchasing, websites visited, personal data or scans your hard drive to gather valuable information, all of which is then silently transmitted to a third party via file transfers to be aggregated and used for either legal or illegal purposes.


How Does Spyware Infect A Computer?


Spywares are designed to do its work without attracting suspicion and uses a number of convincing disguises to get installed on a user’s computer.


Spyware can be downloaded from web sites, direct file sharing programs, free downloadable software, or even be hidden in email attachments and instant messaging applications. Users can unknowingly install the spyware by clicking on the attachment or weblink, or by downloading the software.


Spyware often relies on “Drive-by installs,” wherein innocuous-looking pop-up windows with “OK” or “Click Here To Read” buttons which, when clicked, leads to the spyware being downloaded. This method of infection is usually accompanied by some form of adware, unwanted toolbars, links, new bookmarks in web browsers, or users get a host of pop-up ads.


Spyware also uses flaws and security holes in certain web browsers.


Often users receive spyware by unwitting accepting an End User License Agreement from a software program.

The new breed of spyware is both clever and tenacious enough to remain undetected for long periods of time. This is when spyware detectors come in handy.


What Are Spyware Detectors?


Spyware detectors are antispyware programs that perform routine checks on the computer to block and prevent spyware infections so that your system is clear of any unwanted and threatening software. Antispyware applications protect organizations from spyware intrusions by automatically scanning and sending potential spyware to quarantine potential malware so that you can delete threats before they can do any damage to your computer software.


They also monitor incoming data from email, websites, and downloads of files to stop spyware programs from being installed. You won’t have to worry about which email attachments are safe to open or whether certain software is suitable for download.


Spyware detectors also send out alerts when a spyware tries to install itself on your computer and warns users against suspicious links within emails, websites and live chats.


Antispyware programs can speed up the computer and browsing performances by removing spyware, adware.


Install Antispyware To Protect Your Business Computers

 

Today, spyware detectors play a critical a role in securing an organization’s system, just like the antivirus and personal firewall software. Always purchase your antispyware program from a retail store or reputable online retailer so that you get a legitimate program. There are many free antispyware programs available on the net but some of these are really spyware programs in disguise and can end up infecting your computer.

Choose the best spyware detector for your business. One that can help scan, detect, remove and block spyware using a friendly and intuitive interface. There are some antispyware programs such as Malwarebytes, SuperAntispyware and Spybot – Search & Destroy  that have been designed specifically to protect your machine from spyware, while others block both viruses and spyware serving as a great endpoint security system, such as Avast Endpoint Protection,  Sophos Endpoint Protection or McAfee. Bitdefender’s GravityZone Business Security package is a more comprehensive security system that can easily detect and fight a variety of malware, ransomware and zero-day threats that may go undetected by traditional security products. For organizations that use a range of different devices and platforms, it may be good to give Trend Micro Worry-Free Business Security a try, as it provides protection for Windows, Mac, mobile devices and servers. Moreover it also stops emails carrying sensitive information from being sent out accidentally or even deliberately.

In today’s world of data threats, your business just cannot do without antivirus and antispyware software. Also implement proactive measures, such as being selective about what you download, reading licensing agreements, being aware of clickable ads and antispyware scams, to deal effectively with both known and unknown threats.

0
Vote for the Most Valuable Expert
LVL 7
Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
0
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
3
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
4
 
LVL 51

Expert Comment

by:Jackie Man
Comment Utility
If you are a hacker, will you design a rootkit for Android OS?
0
 
LVL 30

Author Comment

by:Thomas Zucker-Scharff
Comment Utility
Jackie,

The short answer is yes, but there is really no need.  Hackers are more likely to use lockers than rootkits on androids. Due to the need to elevate privileges to properly execute a rootkit,  the target for such an attack would be more limited than standard lockers.
0
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
5
 
LVL 30

Author Comment

by:Thomas Zucker-Scharff
Comment Utility
@McKnife - Thanks I'll include it.  Is it okay if I give attribution to you?
0
Doxware
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
2
Crypto Ransomware
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
5
The Ransomware Menace
There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million dollar business.
5
 
LVL 65

Expert Comment

by:btan
Comment Utility
Recently there is also a ID ranswore toolkit which may be handy for identification though it may not be 100% since it is still signature based.
https://id-ransomware.malwarehunterteam.com/index.php
0
 
LVL 30

Author Comment

by:Thomas Zucker-Scharff
Comment Utility
Thanks for the link btan.  The one I am looking at, Ransomware Detection Service, is similar to the one you point to, but console based instead of web based.  Also it is more for looking at network shares and identifying where an infection originated than anything else.  It should be noted that the website you linked is indeed an ID website and specifically says:

Can you decrypt my data?

No. This service is strictly for identifying what ransomware may have encrypted your files

Which is pretty much the same as RDS.
0
Operating system developers such as Microsoft and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a firewall. Is this built in protection enough to keep threats at bay?
 
Many people do not realize modern day virus threats come in many forms. The viruses themselves haven't changed much, but the methods by which they infect computers are constantly evolving. Virus developers spend most of their time discovering new ways to infect computers with viruses rather than developing new types of viruses.
 

So what is a computer virus?

computerVirus-TrueIT.jpgA virus is essentially a self replicating file stored on a computer system that was not authorized by the user to be there. The behavior of the file may have varying characteristics. It may be used to collect, destroy or manipulate user data without their consent.
 
Fairly often the news discusses some new hacking attempt on a major computer system. Hackers can often break into these systems by planting viruses on machines that are connected to them. These viruses can collect data or give them access to files necessary to get deeper into the systems.
 

Are these threats real?


Companies such as Kaspersky, Norton and McAfee regularly publish virus infections as they are discovered. Norton actually has a threat security…
3
 
LVL 1

Author Comment

by:Tom Price
Comment Utility
Hello there Jim,

I've tried uploading the article before with links and 1 of the editors did not approved it...should i put back the links?

I will add some headers and ad an image.

Please let me know when the article was approved and "went live" ok?

Many thanks!
Tom.
0
 

Expert Comment

by:Jame Griffin
Comment Utility
Some computer viruses are programmed to harm your computer by damaging programs, deleting files, or reformatting the hard drive. Others simply replicate themselves or flood a network with traffic, making it impossible to perform any internet activity. Even less harmful computer viruses can significantly disrupt your system’s performance, sapping computer memory and causing frequent computer crashes.
0
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them against attacks.

For starters, let’s define what they are: virus and adware are two different types of malware, each exploiting different aspects of computing architecture to carry out their payload. Malware is simply a category used to refer to software designed to disrupt normal system operations, example of malware are: virus, adware, spyware, Trojan, rootkit, bot, etc.

Let’s go back to our original topic and go over what makes a computer virus a virus,  a Computer Virus is a malicious program that can replicate itself without user interaction by exploits Operating System, Applications, and software vulnerabilities. What the virus does after it’s been executed is another story, though the common denominator is that it’ll disrupt normal system operations and it will attempt to replicate itself.

Something interesting about computer virus is that as much as they can be sophisticated programs most of them pray on users’ vulnerabilities for the initial installation, also known social engineering. “Good” virus writers also study human behavior and emotions hence the I Love you Virus ,they plan their initial attack to align themselves with special occasions, dates, …
16
 
LVL 30

Expert Comment

by:Thomas Zucker-Scharff
Comment Utility
Jorge,

This is an excellent article, but I am surprised that you did not correct more of the mistakes - they make it harder to read (I'm also surprised that a page editor didn't point that out).
0
 
LVL 7

Expert Comment

by:Yashwant Vishwakarma
Comment Utility
Another good article, voted YES.

Regards,
Yashwant Vishwakarma
0
Cyber Threats to Small Businesses (Part 1)
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

It started not too long ago. It was at first annoying. My keystrokes seemed to be randomly generated, not the ones I typed on the keyboard. For some reason this only happened in certain applications (especially browsers such as IE11, Firefox and Chrome), but not in others and in some applications only when I typed too quickly. What was, I thought, the oddest part of the whole thing was that the characters were random, in that if I held down a key it would generate a succession of characters, all different, one of which would eventually be itself. Odd....

I was immediately suspicious. Could this be malware of some type? Maybe a keylogger? I am fairly strict when it comes to my production machine and what I allow on it. I have multilayered security installed and several protection apps that work together to protect me from all kinds of malware. So what was happening? I scanned with everything under the sun.
 
  1. Malwarebytes Pro (with rootkit detection on)
  2. Chameleon
  3. Superantispyware
  4. SpyDLLRemover/SpyBHORemover
  5. Antirootkit software 
    1. F-secure
    2. Sophos
    3. Panda (pavark)
    4. RootkitRevealer
7
 
LVL 30

Author Comment

by:Thomas Zucker-Scharff
Comment Utility
Thanks. Hope it is solved.
0
 
LVL 30

Author Comment

by:Thomas Zucker-Scharff
Comment Utility
SOLUTION!! (when I first typed that it was totally unreadable)

It turns out that one of my security applications, HitmanPro.Alert, has a setting that is called Keystroke Encryption.  It is to protect you from keyloggers. When it is turned off my typing looks like this, but when I turn it on my typing looks like this: ywsrc2utfsbqi8d4mj62a2hsm5 (I typed "my typing looks like this ").  So if you run into this - check to make sure it isn't this app (now owned by Sophos, not Surfright, and called HitmanPro.Alert/cryptoguard/InteruptX)
0
Malware seems to be getting smarter and smarter. If you are having trouble being able to launch your malware removal tools such as (and recommended): MalwareBytes, HiJackThis, ComboFix, etc. you can try some of the workarounds listed below.

1. Malware is blocking your specific application's name.


Since many of the common tools have fixed names - they may be blocked by the malware. Try renaming the applications executable name from (MalwareBytes example) 'mbam.exe' to 'virus.com'
Occasionally this will work and you can launch your executable as a malicious .com file type. Be sure to set it back when you are done

2. Malware is blocking all applications.


It is more common for malware to block all applications (and tell you that you are infected - while it itself is the infection). Try this: log off the current user. Now, log back in and press 'Ctrl'+'Alt'+'Del' repeatedly until you get the task manager. If you get it in time the malware will load after you have brought the task manager up. If you are familiar with the names that are non-malicious you should be able to easily identify the malware. Usually named with random numbers and letters from 8 – 14 characters long (fjh2efhn9.exe) You can end the process and search for the file – then delete it. While the primary infection may be gone I strongly recommend you download and run a tool like MalwareBytes to clean up the remnant files and registry entries.
You may be successful in bringing up the …
4
 
LVL 10

Author Comment

by:MPCP-Brian
Comment Utility
Younghv and rpggamergirl,
   I appreciate your comments do believe they have vailidity. There are situations in which a manual approach can still be beneficial. One example is working remotely - assuming the tools you mentioned are not loaded previously. It can occasionally be easier to manually work through it than it is to find a way to get the tools mentioned loaded.

If you are reading this article and you are not confident in your knowledge it is best to stick to the executables and pre-build scanners mentioned. If you feel comfortable or you are like me(a low level IT tech) and you can repair any damage you may inadvertently cause feel free to get your hands dirty.
0
 
LVL 10

Expert Comment

by:Arman Khodabande
Comment Utility
Yeah using automated apps are useful ...
But reading such kinds of articles adds to the knowledge of basic users and provides better understanding of what these utilities do...
I myself like to do the thing manually  although it may be a longer and harder way...  :D
Manual Malware fighting is my favorite...
(And I have a great respect for younghv and rpggamergirl, the leaders of this topic areas)

Anyway this is a good article
Thanks
0
Most PC repair technicians (if not all) always start their cleanup process by emptying the temp folders before running any removal tools. It makes sense because temp folders are common places for malware installers to lurk and removing all the junk also cuts down the removal tools scanning time. With this known info, malware writers created rogues that move files to that directory.

So now we have rogue software that will move user's files to the %temp%\smtmp folder.
Infected with this malware, you must NOT empty your temp folders nor run CCleaner or any temp file cleaners until you have fully removed the rogue and everything is back to normal.

So far, the Windows Recovery and Windows Restore rogues are the culprits but there could be other variants that do the same thing.
These rogues hide files and move desktop shortcuts and Programs startmenu shortcuts into this folder --> %temp%\smtmp, it then creates 4 subdirectories:

%Temp%\smtmp\1\ => Allusers Start Menu
%Temp%\smtmp\2\ => Allusers Quick Launch
%Temp%\smtmp\3\ => Quick Launch\User Pinned\TaskBar
%Temp%\smtmp\4\ => AllUsers Desktop

If you did not empty your temp folder you can just retrieve those files from there. Or using restoresm.zip which will restore all the missing shortcuts. restoresm.zip
Extract the file, open the restoresm folder and doubleclick on restoresm.bat to run it.


The Cleanup
45
 
LVL 32

Expert Comment

by:willcomp
Comment Utility
@rpg -- I've seen where you recommended TheKiller in other posts. Will download and give it a try. Thanks.
0
 
LVL 47

Author Comment

by:rpggamergirl
Comment Utility
Thekiller is also pre-cleanup tool like RogueKiller that stops malicious and non-esential running processes and perfect for rogues like this one that hide files and moves shortcuts to smtmp folder, among its other features.
0
Some of the most commonly posted questions in the "Virus & Malware" Zones are related to the family of rogue malware with the date "2012" somewhere in the title.

Examples:
XP Antispyware 2012
XP Antivirus 2012
XP Security 2012  
XP Home Security 2012
XP Internet Security 2012  

Vista Antispyware 2012
Vista Antivirus 2012
Vista Security 2012
Vista Home Security 2012
Vista Internet Security 2012

Win 7 Antispyware 2012
Win 7 Antivirus 2012
Win 7 Security 2012
Win 7 Home Security 2012
Win 7 Internet Security 2012  

Proper repair of this malware is a 3-step process, using automated tools that are readily downloadable from the Internet.
1.      Fix the registry.
2.      Kill the rogue processes spawned by the malware.
3.      Run the scanner to find/repair/delete the infection.

Links to the tools are:
1.      FixNCR.reg (http://download.bleepingcomputer.com/reg/FixNCR.reg)
2.      RogueKiller (http://www.geekstogo.com/forum/files/file/413-roguekiller/)
3.      Malwarebytes (http://www.malwarebytes.org/) and
                TDSSKILLER (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)

Your first step is to fix the Windows registry to make sure that the applications (.exe files) you select to run will work properly. If you don’t fix this first, the infection will launch itself instead to the tool/scanner you are trying to run.

Next you have to stop the rogue processes that have taken control of your system. A related EE Article is here: …
26
 
LVL 14

Expert Comment

by:Rob Miners
Comment Utility
Oops, sorry mate I didn't mean to embarass you, and I'm well aware of the efforts of Russel Venable and rpggamergirls excellent contributions.
I've been out of the industry for a couple of years and its refreshing to come back to well documented information that is relevent to these current issues. I was impressed as it has helped me to get back up to speed in a relatively short time.
0
 
LVL 38

Author Comment

by:younghv
Comment Utility
rrjmin0 - Your comments were very flattering - as were Russell's. I guess I just need to enjoy it. As an aside, I just found out that I (or my grandsons) will be getting a new EE T-Shirt...which is always a cool thing.

The whole EE Articles concept has been a great idea. I will sometimes wander through some of the non-malware Zones and it is amazing to see the variety of 'right here, right now' usable advice that is posted.

Thank you for the comments.
0

Sub-Titled: “My Way” (with apologies to Francis Albert Sinatra)


Let me start by stating emphatically that I am one of those Experts who prefer doing things “My Way”.

It’s kind of a no-brainer. “The following procedure works for me, so here is what I recommend that you do…”.

I believe that recommending methods that work for you (me) is exactly what Experts-Exchange is all about and it is the rule that I follow when posting advice.

When attempting to help one of our Members with a malware problem we need to be extremely cautious that any “My Way” advice is also consistent with the known best practices.

As Malware Experts, our first goal should be to identify which variant we are dealing with, and then provide the best known “safe” fixes to get the system cleaned and running properly.

The purpose of this Article is to discuss the procedures listed below. As in many areas of IT, there is often wide disagreement about “Best Practices” and I am hopeful that all reading this will join in a robust discussion of the topic.

This Article is the result of a lot of work by a lot of people. Unfortunately, the EE Articles process does not allow for "Multiple Authors", but this would have been impossible for me to put together without the extended technical advice of rpggamergirl and thermoduric.

Anyone even casually familiar with the Virus & …
35
 

Expert Comment

by:ptruswell
Comment Utility
Succinct and to the point @younghv; it is easy to forget that malware does have a mission, and in the time between infection and removal (which in some cases can be months if not years) that mission will be meeting its goals, be they to compromise data/identity/security/passwords etc etc.

When asked about Internet security I always respond by saying that all software solutions of this type are your second line of defense, the first being the human user; but when it comes to recommending products its a  case of "...well how many walls did the Romans usually build around British cities to defend them?  Answer: one."  I guess therefore that MSE+Win Firewall is the wall and MBAM is the moat!  Too much security technology is in my experience as bad as too little.

I am trialing MBAM Pro alongside MSE now.
So what am I on the look out for?...
Infection?  No.
Downturn in performance?  Yes.
So far so good :)

Prevention vs. Repair ...a great title indeed! :)
0
 
LVL 27

Expert Comment

by:Blue Street Tech
Comment Utility
+1 :)
0
The intent of this Article is to provide the basic First Aid steps for working through most malware infections. The target audience includes experienced IT professionals and the casual user who just wants to make the infection go away.

****************
For those familiar with basic “First Aid” principles, one of the first steps in a medical emergency is to “stop the bleeding”.

If you come upon an injured person, you don’t splint a broken leg first, right? You make sure air is flowing into the lungs, stop the bleeding, and then treat for shock.

After getting the basics out of the way you can then move on to address any other problems that exist.
*******************

Fighting Malware (http://en.wikipedia.org/wiki/Malware) must start with:


“Stop the Rogue Processes”


Most variants of malware will make your computer do something that you don’t want it doing. It might be a simple ‘re-direct’ problem; where you type in www.abc.com and your browser goes to www.xyz.com – not a big deal, right?

Well, maybe it is a very big deal. You didn’t end up at the web site you intended, and who knows what is waiting for you when to get to that re-directed site. It's not uncommon for malware to direct users to sites where they can pick up other "drive-by downloads" or even to install additional malware directly.

You might click on one of your favorite applications, but instead of “MS Word” opening up, totally different functions start happening.

Worse than…
27
 
LVL 38

Expert Comment

by:lherrou
Comment Utility
BillDL: It's =^_^=

("=" are the red cheeks)

(but the praise is deserved)
0
 
LVL 39

Expert Comment

by:BillDL
Comment Utility
He, he.  Looks more like Para Wings. Thanks.  Where's this article? ;-)
0
To Remove Security Suite for Windows Malware from a Windows XP Machine:

 Restart computer in Safe Mode (to do this see http://tinyurl.com/me78p)

Login as Administrator

Go to My Computer /Tools/ Folder Options/ View/  check mark the selection that says Show Hidden Files and Folders and then make sure you uncheck Hide Protected System Files.   That is very important b/c that’s where this particular variation hides!!
Then go to C:\Documents and Settings\User Profile infected\Local Settings\Application Data     Then in the Application Data Folder there was a folder called goijmdwag and one called awmdlrnuqiw.   I deleted both of those b/c when I opened the folders I found the offending program “Security Suite for Windows” in them.

Empty Recycling Bin

Run Regedit (to do this see: http://preview.tinyurl.com/yhph8yt ) On a side note, ALWAYS backup your registry before making edits to it.  You can render your computer USELESS with incorrect editing.  Once that is done, you will have to reinstall Windows.
Go to the Edit menu and select search.  A pop up box will show up and in your search, type in the offending files, in my case  “goijmdwag” and “awmdlrnuqiw”
These files can be located in the following hives:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
 
0
 
LVL 3

Author Comment

by:aimee1002
Comment Utility
I had tried Malware Bytes, Spybot, Symantec and TrendMicro and none of them completely cleaned the system.   After I cleaned the system with all 4 of these tools we still had issues, the infection would come back even though Windows Restore feature was shut off.   I did lots of research on the internet and couldn't find anything.   What I did find is that there were hidden folders with weird names that I know didn't belong on the system.  I deleted the files and then did a search on the registry to find that the offending malware kept reinstalling itself because of what hives it resided in the registry.   Once I cleared those up we haven't had any issues with the system.  
0
 
LVL 38

Expert Comment

by:younghv
Comment Utility
I think most users would be better served to use the automated tools available here:
http://www.bleepingcomputer.com/virus-removal/remove-av-security-suite

In virtually every instance, the automated tools do the delicate work of modifying the Registry entries properly and we don't have to worry about having one of those 'Oops' moments that can have some very serious consequences.

They will make sure that ALL of the needed changes are made (including the Proxy setting).

It should also be noted that there is a great deal more involved in repairing this infection than is described here.

For MBAM to be effective with this variant, you need to boot to Safe Mode (with networking) before starting.
0
I am often asked to remove malware from computers that have none.  It is useful to know what is and is not malware.  Malware is malicious software of any kind, this includes:
Spyware - Is generally software downloaded to a user's computer and attempts to collect information about the user without their knowledge.  One type of spyware is a keylogger (see below).  Wkipedia's definition
Computer viruses - this term is sometimes confusedly used to refer to any computer infection.  A computer virus must be able to reproduce itself and it is usually software which alters a file or files in order to cause harm to your computer.  Sometimes a virus will do nothing at all and sometimes it can completely destroy a hard drive - this is known as the payload.
Computer Worm - A worm is a self replicating piece of software.  Worms spread through a network with the need for little or no user interaction.  A computer worm can spread because the target system(s) is in someway vulnerable.  For instance, if a software or operating system patch has not been applied this leaves the system open for attack.  On our own network we experienced a worm spreading to computers which did not have a password on the default login.
Keyloggers - software planted on your computer to record keystrokes as you type and then send them off to a remote server (used for identity theft)
4
INTRODUCTION

"Virut" is a nasty, polymorphic file infector, and it infects every executable and screensaver file on access.  Some variant also infects .htm, html, .rar and .zip archives, and latest variants infects php and asp.  It patches system files .e.g., userinit.exe, winlogon.exe, svchost.exe, spoolsv.exe, explorer.exe, sfc_os.dll among others.

This virus will also open a backdoor and connect to an IRC server. It then joins a channel and waits for commands to download files and other malware.  It can also install a Trojan/Rootkit in the infected system.

Virut is a buggy file infector with destructive power; it destroys files. It infects files but not properly done (it misinfects because of its buggy code) so these files are corrupted beyond repair. Antivirus and other scanners can't clean the infected files so these are getting deleted instead and as a result programs will stop working.


METHOD OF INFECTION:

It gets in the System usually when the user uses P2P, browsing crack and keygen sites or visiting infected webpages. Files in the network shares will also get infected if accessed by a compromised machine with write access. It can also spread via Roaming profiles and removable media such as removable discs or USB drives.

SYMPTOMS:

Once the system is infected, you will notice that some programs no longer work, the system becomes sluggish, and you'll start getting errors as files get corrupted. You won't be able to open most …
31
 
LVL 38

Administrative Comment

by:younghv
Comment Utility
HSumlin -
I see that you were referred here in a recent technical question you posted.
"Articles" are here for general information and not for specific advice with problems.

You should respond only over in your original question - where there are some Expert suggestions waiting for you.

younghv
Page Editor
0
 
LVL 23

Expert Comment

by:phototropic
Comment Utility
Like younghv, I've just realised that I have refered to this article several times in answers to questions, but forgotten to vote "yes".

Great article - really useful when trying to explain why a file infector is so problematic.
0

Anti-Spyware

Spyware is software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge; it has also come to include programs that engage in various kinds of electronic fraud. Anti-spyware is software that removes or blocks that software; some common vendors include Malwarebytes, McAfee, Spybot-Search and Destroy, Ad-Aware and BitDefender.