Having problems with malware on your computer?

Are you having problems with malware on your computer? No matter how good your endpoint protection is (anti-virus, anti-everything), it will still not know or be able to catch everything. So it always helps to have a secondary scanning program to find things when you suspect you are having malware issues. I wrote a few days ago about what to do with stubborn viruses.

You know you have malware issues when your firewall tells you that your computer is visiting websites that you didn’t go to. Ok so since most people don’t look at the firewall, it also is obvious when your computer does crazy things that it shouldn’t do. This is things like not starting a program, not connecting to a website, not doing something that it used to be able to do. When others do not have the same problems, it tends to be malware.

Having problems with malware on your computer?It used to be that when troubleshooting computers hardware issues were the main cause of problems. Now it is software issues. Malware is the #1 reason in most environments when things don’t work right. The problem of constant internet access and browser usage has opened the door to these gremlins. Even email based malware is getting very sophisticated. I have seen people get infected just by looking at the email, and not even opening the attachment. Fortunately Sophos catches this almost every time, but nothing is perfect.

I have found using Malwarebytes to find many issues that other endpoint protection misses. It has fixed issues dozens of times for me. This is my favorite secondary protection. However I have also tried online free virus scanning websites, and for the most they are useless.

The only online free virus scanning website that looked like it really might be doing something is Eset, and that was a small download, update and scan. It took probably a half hour to scan the system, which is more realistic time for a full scan. It never found anything, but neither did any other software used on that computer, so it might have been a false error. It was flagged by the firewall as suspicious behavior.

I ran into a new situation where the firewall keeps identifying a Command and Control virus but these tools above are not finding it. I am running Spybot – Search and Destroy which is also excellent. It has a better reputation than Malwarebytes, so you might want to add that to your list as well.

So my order of operations is obviously: Sophos, Malwarebytes, Eset, Spybot. Good luck in protecting your computer!

Dealing with a stubborn virus

I have talked before about Sophos and how wonderful it has been to use. It ran into a virus yesterday and it took some time to resolve it.

The problem was a class of virus called Command & Control. These are more sophisticated viruses that send information back to an internet connected server. It might be the screen captures, or specific data. The problem is that this is a custom virus that can’t be immediately fixed. Here is how I went about fixing it.

Dealing with a stubborn virusFirst I googled to find the most information I could about the error message. I found a couple of Sophos library references that were not helpful. I also read about a similar virus since often you can use the steps for one for another. The similar virus wasn’t acting like this. I think it might be helpful if I wrote it out in number form.

Dealing with an unknown Virus

  1. Google to find as much information you can about it. If no information exists search for the generic class of virus.
  2. Try additional free utilities. In my case I tried 3 utilities that a website said would fix an earlier generic form of the virus. Two of them didn’t help, but MalwareBytes found things and deleted them.
  3. Download utilities from Sysinternals such as Autorun and RegDelNull. These help you see if there are any processes that don’t look normal. If you don’t understand everything in this tool that is ok, you are looking for a lack of information in the place where other things show information. Autorun also helpfully highlights in yellow and red issues that demand your attention. After running these tools it showed that there weren’t any issues.
  4. Do additional full scans after trying each fix. If the problem exists it might coexist with other problems. In this case, it found a similar problem and was able to fix it automatically. Run a deep scan at least 3 times to make sure it is ok.
  5. Delete the generic warning error in Sophos when Sophos tech has confirmed there is no virus. If Sophos finds it, it will alert you as the administrator with an email.
  6. Explain to the client what happened and how to prevent the error in the future. Often the error couldn’t be avoided by using a Windows system so you can still suggest using a Mac if they want to avoid these problems in the future.
  7. Sit back and enjoy being able to figure out complex things quickly, and be happy you thwarted an illegal attempt.