Showing posts with label malware. Show all posts
Showing posts with label malware. Show all posts

2011/10/12

E-Virus (Part III): I have a PC infected! Now as I clean it?

After confirming the presence of one or more e-virus on your PC,



... you should read up as much as possible about the characteristics of those viruses that are present (mode of distribution, payload, removal instructions). If you know your enemy it's easier to defeat him! 


In fact, if you know the name of the virus and how it is dangerous, it is possible to find a specific removal tool freely available from software companies like: Symantec, Kaspersky, McAfee, TrendMicro, etc.. 
For example, there are removal tools for the most common viruses such as: Melissa , Bagle , MyDoom, Sasser , Conficker, Zeus, etc.. 

Otherwise, you can use tools to remove general (broad spectrum) such as:
Obviously you can increase the benefits of these products by performing sequentially scanning of the PC by the use of different tools. 

Sometimes however, you might need to do multiple scans with different products but you can not install too many anti-virus simultaneously on the same PC due to speed and compatibility issues. Besides, the sequential installation and removal of different antivirus is a costly and long process, but you can avoid this using free online tools for virus scan and removal offered by some software companies (the only constraint is need to be online to scan).
Here there are some examples of online malware removal tools:
Of course, all these operations are feasible if the virus has not completely compromised  the access to your PC.

If you can't start the operating system then you can use antivirus software from a CD or bootable USB key (Rescue CD). These systems are typically available as .ISO images and you must create a CD / DVD or install it on bootable USB sticks, so you can operate apart from the operating system (Windows / Linux) that is installed on the infected PC . You have only to carefully verify that the BIOS first boot device is selected to the CD or USB external drive.
Some available tools are:
9) COMODO Rescue Disk CD
Once you start the CD you can scan the hard drive and require the deletion / correction of the infected files.

PERSONAL EXPERIENCE:
I have often used some of these tools along with excellent results. In particular ComboFix has been decisive with the most "insidious" viruses
Regarding the now infamous "worm" Conficker - Downadup, I can indicate the presence of specific free removal tools from almost all antivirus manufacturers. Among these however Bitdefender provides also a free removal tool that works on the whole LAN and not only on the individual PC ( Network Downadup Removal Tool ). 
Sometimes even after the virus removal, the operating system is "unstable" because it is partly damaged by the virus itself. In these cases a viable technique, apart from the total re-installation of the O.S., is to go back the System Restore a few days before the virus infection (feature available from Windows XP ).


2011/07/20

OpenDNS - Replacement for improving DNS performance and security

OpenDNS is a free site that provides its own DNS (Domain Name Services) for resolving Internet names into IP addresses. 

The advantages are: 
1) Provides a faster navigation of Web sites. 
2) Identify fraudulent websites (phishing) and allows you to surf the Web safely. 
3) Corrects typos of Web sites identifying the correct site that you would like to visit. 

The operation to perform, to access the service, is to replace the primary and secondary DNS provided by your Internet provider with those of OpenDNS: 
1° DNS = 208.67.222.222
2° DNS = 208.67.220.220
In addition, by registering on the site and adding its own static IP address to the control panel you can perform additional tasks such as: 
4) to receive daily statistics on sites visited or the amount of traffic generated. 
5) receive reports on malware in your PC network (when the E-virus visit suspicious sites on the control panel appears written Malware / Botnet Activity Detected). 
6) prevent access to specific sites or categories of sites (such as games, social networking, sites for adults) by adopting the so-called "parental control". 

OpenDNS is also suitable for companies or in places where there is a LAN with many PCs that access the Internet through a single connection. In this case it is better to configure your Internet router (and not the individual PC) by entering the DNS of OpenDNS
For those who use Zeroshell as a router, here is the page explaining the steps to follow: http://www.zeroshell.net/opendns/ 
There is also a paid version that provides more advanced services and features. You can also install software to use OpenDNS even if you do not have a static IP address (such as happens to those who use not permanently internet connections).

PERSONAL EXPERIENCE:
I found this service very useful in business in order to prevent user access to entire categories of websites that are NOT of STRICTLY BUSINESS interest. In addition, the function of malware signaling was useful to discover the presence of viruses that even the antivirus on the PC were not able to find out!