How to Figure out if you have a Virus on your System!

Infected by Antivirus software

Series picked up!

Few years ago, I did a post called What is a Virus and why do I have one. It spawned someone wanting to find out more about the virus but I have been really busy with my personal to finish the series. I thought this would be a great place to pick it up because of my personal life has slowed down and I wanted to at least finish this excellent series that I was so determined to write about.  Even though I have an Excellent resource for Anti-virus tools and tips, I still feel I could expand on the subject just a little more!   In this series we will talk about a few things like:

  • Where does the Virus and malware usually hide!
  • How to determine if a file should be there!
  • Which anti-virus software is the best, in my opinion!
  • How to warn you friends of Family!
  • What steps you should take in the Future!
  • Windows isn’t the only system that can get infected!

As you can see there is going to be a lot to talk about in this series because I am sure most of you have these types of questions that you would love to get answered.   I won’t say I will cover the topic a 100% because there are always going to be Rogue Viruses and malware that will do something different.   This is after all going to be a generalization of a typical virus!

Where does a Virus and Malware Like to Hide on my computer?

I’m sure you’ve asked this question before and I’m going to help you out a little.  Having removed several different viruses off my own system and others, I will tell you where you should look and what you should look for!   Note: You should look but don’t hit the Delete key.   You just might crash your system and have to restore it.   Sometimes these viruses like to latch on to a system file and you will need an Antivirus software to remove it!

Most of the time they are in the Windows directories:

  • C:/Windows/  (look for names that should be there and either Google the file to see what is being said about it!)
  • C:/Windows/System32 (Do the same as above but also look for .DLL and double check)
  • Make sure there aren’t any Hidden Directories by going to Control Panel / Folder Options / View.
  • Check the Registry for Anything Suspicious!  (The quicked and easiest way for this is to just use Hijackthis and Let it make a TXT File and then let One of the Log Analyzers  check it out!)
  • Check your Windows Program Files C:/Program Files/ and C:/Program Files(x86).   Each directory has files that are going to be Essential to run Windows but that doesn’t mean you can look and search for a file or program.  You will however need to still Google the program when you want to know if it should be there or not!

As you can see there are many places where this like to hide but that doesn’t mean you can’t protect yourself.

How to know if I have a Virus or not!

This has been asked by many people on the internet.   I’m no exception because sometimes you just don’t know, and thus you will want to protect yourself.   I will however tell you some of the more common signs of virus infection and then let tell you my opinion on which is better.  For Right now, though let’s  explore some of the more common signs of an infection:

  • System seems slow — Although this isn’t always meaning a virus, it can be a good indication.
  • Network Slowness — Again, this isn’t always a virus because you could be downloading updates to Windows or other Window files.  It however should be kept an eye out for.   If your interested to see what might be hogging your connection you can always use NETSTAT to see what is being used on your computer.   Remember to make sure you Wifi is not being used by your neighbors.
  • Unusual Website Popups — This is pretty much showing something is being done without your permission.   So you can usually attribute this to Malware but not always.
  • Hard Disk is constantly on — This isn’t always about a virus but something being accessed to much and thus might mean someone Malware is using your computer to store data that they want to hide.

These are the usual tale tale signs of something that shouldn’t be there and thus you should do a system scan to make sure!

Which Software is the Best, in my opinion!

I might be a little biased when it comes to removing viruses and which Antivirus does the job.   I’ve even talked about some of them om my Antivirus page, so you can see I do know a little more than the average Joe.  This doesn’t mean I am a expert on the field but I do know which software seems to run best for removing viruses.   I’m still under the opinion that the free antivirus, which is Malwarebytes [Affiliate Link].   They are constantly updating their virus definitions and have always been there when I had a question.  I have no problems with them in any way and thus I tell people who I remove viruses from to go and buy it [Affiliate Link] because once you have it you are set for life.   No need to buy a license every year, you only have to buy once and you are set.

If your worried about having a virus, just go check out Malwarebytes [Affiliate Link] and they do have a free version that you can try before you buy.

Paul Sylvester

And the Oscar goes to . . . Not these guys!

Sans Internet Storm is reporting on Anti-virus Scareware tactic. I’ll quote from them:

[ad#ad2-right]

ISC reader Gary wrote in to let us know that searching for “oscar presenters” and “oscar winners” with Google brings up a prominently ranked result on a web server in Poland, on a subdomain of “beepl”, which – surprise, surprise – includes a malicious JavaScript. The end result currently seems to reside on stabilitytracewebcom, and is yet another incarnation of the “Fake Anti-Virus Program” malware that we have covered repeatedly. Watch out, the EXE has a meager 6/39 on Virustotal.
[Via Sans]

I did my own research and it is true they are at least 3 sites with the .pl Domain that are used to send you to these fake sites. You should consider checking your system for possible viruses if you been to these sites and are worried. You should also report any site like this to Phishtank to fight this type of scare tactics. Please remember if you are worried about your system this is the best time to install software to prevent these types of scare tactics. Remember you don’t always have to buy software to be safe. There are free anti-virus and Firewall solutions at your fingertips, use them well. It is also a good idea to make sure you have the latest updates from Microsoft while your at it.

You won’t make money from W32:Sality.ao

People should be cautious of the making money because there is a variant out there trying to leverage the users into thinking they can make money.

McAfee Says “W32/Sality.ao is a parasitic virus that infects Win32 PE executable files. It infects files (*.exe and *.scr files) on the local, network and removable drives by overwriting code in the entry point of the original file and saving the overwritten code in its virus body. It then appends the virus body to the host file.”

Aliases for this Virus is:

  • Virus.Win32.Sality.y (Ikarus)

  • W32/Sality.AE (Norman)

  • W32/Sality.AH (Panda)

  • W32/Sality.AK (F-Prot)

  • Win32.KUKU.a (Rising)

  • Win32/Sality.AA (VET)

These links should help people understand it it.   You can visit my Malware Resources to help remove this virus.  Something to consider before removing this is to disable your restore points.

Remember there’s no easy to make money, the only real way is to work hard.  According to my research the Anti-virus companies have ways to remove this virus and as long as you update your database.

Tech Journalist breaks the silence — Journalist got Pwned!!

It was another ordinary day for this tech journalist. He had just waken up from his lovely dreams and hadn’t realized that he was being baited with Phish. Yes that is correct he actually gave out his password to an Phish site and didn’t know it.

I have to admit that he didn’t hide it, in fact he decided to post about how he got Pwned and what happened.

The Face Of A Facebook Phishing Scam The Face Of A Facebook Phishing Scam
[Click Picture to see the full story]

[ad#ad2-right]As you can see the site : Facebookcom.awardspace.com is a phishing site and should never give out your information to third parties.   Some things to remember if you get an email with a link sometimes won’t send you to the real link.  This can be easily done just like blogging.  You don’t know where you will end up when you click an email link.   One thing to remember is if in doubt log into facebook the old fashion way and see for yourself.

You could be the next person to have your Identity taken away from you.  So what should you do to prevent this type of phishing attacks, assume any email you get from Facebook, Myspace, Twitter, and Any other Social Sites to be a possible phish email.   These are always going to be a problem for these sites.  The spammers want access to be able to spam your friends and family with links, or to make you look foolish.  This is the reason they do it for Money or just for laughs.

One thing to remember is having a strong password will make it that much harder for you to be phished because if you can’t remember it you will be more careful.  I will keep preaching this having a good Firewall and Anti-virus will also prevent you from getting viruses from these type of phishing attacks.  It will also make it much more harder to go to sites that smell like Phish.  Remember only you can keep your identity a secret.

Internet Security Companies Warn about Patch Tuesday and Valentines Day.

With Tomorrow being released some very highly rated Remote Code Execution to become Zero day in very short time. Some researchers are speculating about more viruses will be released in conjunction to Valentines day. According to this one post it will be likely to be E-cards being sent to try to lure you into downloading Malware.
[ad#ad2-right]

Various security vendors, including CA Inc, MX Logic Inc., Trend Micro Inc., and Panda Security, have issued alerts about new Valentine’s Day-themed spam campaigns that try to dupe users into installing the Waledec bot.

Researchers note that many websites which are affiliated to Waledac e-card scam have been recently updated with content based on the Valentine’s Day theme.

Web sites distribute Trojan files which are commonly named love.exe; onlyyou.exe; you.exe; youandme.exe; and meandyou.exe and the list is not exhaustive.
[Via Express Buzz]

So which ones will likely be the exploits they will use? I have a few theories on that and One of them is the INTERNET EXPLORER vulnerability that will be patched and will try to get you to launch the link and will most likely try to launch it in Internet explorer, That would be my guess.    It seems to be Internet Explorer 7 and Below which will be patched so if you want to try out the IE 8 Beta,  You should be safe on that.  Although the best bet is to prevent users from clicking links in emails and also warning them not to open any attachments they are not expecting.    I’d also have the AutoPatcher ready to install the lastest patches for this Tuesday and schedule a time this week to update all the possible systems involved with the Databases.  Although this isn’t one that tries to steal your data it is however a chance the writers to look at what you have and you know how that can be call a data breach.   So if your the IT for the department I’d suggest sending out warnings so they can keep from being caught with their pants down.   I’d also suggest having Anti-Virus and free Firewall installed on all the major systems and it wouldn’t hurt to have the installed on minor systems if at all possible.