Viruses, Spyware, Adware and other Malicious Software Removal

Viruses, Spyware, Adware and other Malicious Software Removal

Getting a virus on your computer is not only a huge hassle, it can also cause a lot of anxiety about losing your pictures or documents.  Some viruses or spyware only slow down your computer and you barely notice them, while other viruses can completely shut down your computer or lock you out.  Our techs at Skyview are experts in removing all types of viruses, spyware, or bogus application software with rarely any data loss.  The best defense against being infected is always having an up to date virus detection software on your computer.  (Not all virus software programs are the same - check with Skyview for the best and the worst!)  Skyview techs are your best resource when dealing with a virus or computer infection!

Here is a run down of many of the major types of computer infections and what they can potentially do to your computer.

Adware Software Virus

Adware, or advertising-suppored software is any software package which automatically renders advertisements in order to generate revenue for its author. The term is frequently used to describe a form of malware (malicious software) that presents unwanted advertisements to the user of a computer. The advertisements produced by adware are sometimes in the form of a pop-up. The sevarity of adware varies as some sources rate it only as an "irritant" and others classify it as an "online threat" or even rate it as seriously as a computer virus or trojan. Adware that observes the computer user's activities without consent and reports to the software's author is called Spyware.

The most common Adware Software Virus is:

  • Porn Popups
  • Popup Ads

How to diagnose you have Adware Software Virus:

  • Computer will run slow
  • Internet will run slow
  • You will receive constant pop-up message, whether your on or not on the internet.
  • Adware can be very evasive and at times you will need to bring your computer to a tech for a complete spyware removal to be done.

Spyware Software Virus

Spyware is software that aids in gathering information about a person or organization without their knowledges and may send the information without consent, or that asserts control over a computer without the user's knowledge.  It is mostly classified into four types: system monitors, adware, trojans, and tracking cookies. Spyware is mostly used for the purposes such as: tracking and storing internet users movements on the web, serving up pop-up ads to internet users.

Whenever spyware is used for malicious purposes, it's prsence is typically hidden from the user and can be difficult to detect.  Some spyware such as keyloggers, may be installed by the owner of a shared, corporate or public computer intentionally in order to monitor users.

Sometimes spyware is included along with genuine software, and may come from a malicous website.

The most common Spyware is:

  • Gator Spyware - Gator is installed by users as a password vault. That means that passwords can be recalled for you automatically when visiting sites. The trade-off for this service is that you have to endure pop-ups when visiting certain sites. Claria, the maker of Gator,has cleaned up its act a little by labeling the pop-up ads, but they're still annoying.
  • CoolWebSearch Spyware - This has got to be one of the most notorious browser hijackers out there. This is the name given to a program with many different variants that redirect users to coolwebsearch.com or datanotary.com. Uninstallation can be extremely complex. Users shouldn't try to manually remove this software.
  • 180SearchAssistant Spyware - This software either serves ads in pop-ups or pops up website windows based on your keyword searches. This software usually comes bundled with other "freebie" type software installs like emoticons or wallpaper. Newer versions of the software have an add/remove program uninstall item.
  • Huntbar Software Spyware - Now here's an annoying piece of software. Huntbar installs a toolbar onto internet explorer and windows explorer windows. It changes your home page and search page settings to point to their servers. If you use another search engine, Huntbar will redirect you to theirs. Great stuff. Oh, and it puts a 15% drain on memory resources.
  • Cydoor Spyware - This software usually comes with P2P software, ie. peer to peer. Again, it barrages you with a series of pop up advertisements. It also tracks usage information.
  • ISTbar Spyware - Yet another nice, unwanted piece of software. ISTbar does "drive-by" install via ActiveX and javascript. Basically, that means that you visit a site and it tries to install itself to your computer. Nice, huh. The Activex control installs a toolbar that pushes information to my-internet.info and blazefind.com.
  • WhenU-DesktopBar Spyware - Displays advertising content. Monitors internet traffic, collects search profiles, and can execute code from a remote server using its update feature only. Relevant searches may cause it to display a special offer, coupon, or other advertising content. The adware may also display advertisements.
  • New.Net Spyware - New.Net is a company that sells domain names for "nonstandard" top-level domains. It should be removed pronto.
  • IEPlugin Spyware - As the name implies, it installs a toolbar in Internet Explorer. It tracks web site usage, form items (like names, addresses, etc. - ie. yikes!), and local filenames that are browsed. It's invasive - remove it.
  • BargainBuddy Spyware - Bargain Buddy used to be everywhere. It is distributed by BullzEye Network. And it sets up a Browser Helper Object (BHO) and monitors your computer usage. It then, you guessed it, pushes advertisements your way based on that usage.

How to diagnose if you have a Spyware Software Virus on your computer:

  • Your computer will run slow
  • Your internet will run consistantly slower then normal
  • While some free spyware software will be able to remove some spyware, generally they can't remove everything.  A professional level tech will run multiple professional level malware removal programs on your computer to make sure that your computer is throughly cleaned from these types of software.

Trojan Virus

A Trojan horse, or Trojan virus is a type of spyware malware program containing malicious virus code that, when executed, carries out actions determined by the nature of the Trojan software.  Typically causing loss or theft of data, and possible system harm. Trojan software viruses often present themselves as a routine, useful or interesting program or tool in order to persuade victims to install them on their computers.  Trojan type malware is on the rise, accounting for 83% of global virus / malware detected in the world.

Trojan virus software often act as a backdoor, contacting a controller which can then have unauthorized access to the affected computer. The hacker can then gain access to all aspects of the computer like: all data files, keystroke logging, watching the users screen, or viewing through the webcam, electronic money theft, infecting other computers on the network and more. The trojan virus is not easily detectable, but if they carry out significant computing or communications activity, it will cause the comptuer to run noticeably show.  A computer may ghost a trojan virus via a malicious program that a user is duped into executing - often an e-mail attachement disguised to be unsuspicious - or by a download like music or peer to peer file sharing.

The most common types of Trojan Viruses:

  • Netbus Trojan Virus
  • Subseven or Sub7 Trojan Virus
  • Back Orifice Trojan virus
  • Beast Trojan Virus
  • Zeus Trojan Virus
  • Flashback Trojan Virus (Trojan BackDoor.Flashback)
  • ProRat Trojan Virus
  • ZeroAccess trojan virus
  • Koobface Trojan Virus
  • WinLock Trojan Virus
  • Darkcomet Trojan Virus
  • OPTIMIZER PRO Trojan Virus

How to diagnose you have a Trojan virus spyware software on your computer:

  • Crashing computer
  • Blue screen of death (BSOD)
  • Missing or corrupted files
  • Slow running computer
  • Slow running internet
  • Because of the severity of some infections, it is encouraged that you bring your computer to a professional. Our IT team will run multiple professional level programs to make sure that the infection has indeed been taken care of.

Computer Worm

A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing program. Worms almost always cause at lease some harm to the network, even if only consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

Many worms that have been created are designed only to spread, and do not attempt to change the systems they pass through. However, even these "payload free" worms can cause major disruption by increasing network traffic and other unintended effects. A "payload" is code in the worm designed to do more than spread the worm—it might delete files on a host system, encrypt files, or send documents via e-mail. A very common payload for worms is to install a backdoor in the infected computer to allow the creation of a "zombie" computer under control of the worm author. Networks of such machines are often referred to as botnets and are very commonly used by spam senders for sending junk email or to cloak their website's address. Spammers are therefore thought to be a source of funding for the creation of such worms, and the worm writers have been caught selling lists of IP addresses of infected machines.

The most common types of Computer Worms:

  • Email Worms - Spread through email messages
  • Internet Worms - Spread directly through the internet.  The worm searches for open ports and sends its self to other systems
  • Network Worms - Usually is also an email, internet or other type of worm, but is restricted ot a local network.
  • Other Types of worms - IRC (internet relay chat), IM (Instand Message), P2P (Peer-to-Peer file sharing) like Spybot and Oompa
  • Multiple Vector Worms - have 2 or more ways of spreading to other computers like Nimda and Swen worms

How to diagnose if you have a computer worm?

  • Slow computer performance
  • Freezing/crashing
  • Programs opening and running automatically
  • Irregular web browser performance
  • Unusual computer behavior (messages, images, sounds, etc)
  • Firewall warnings
  • Missing/modified files
  • Appearance of strange/unintended desktop files or icons
  • Operating system errors and system error messages
  • Emails sent to contacts without the user’s knowledge
  • Many times once the infection is found, a professional is needed to remove the worm.

Misleading Applications

Have you ever seen a strange security message pop up like an advertisement while you're surfing the web? Have you seen an unexpected balloon message appear from an unknown program on your system, telling you that you’re infected with a new threat? These are common tactics used by a type of software called "misleading applications". Other people refer to them as “Rogue Software” or “Rogue Anti-Virus”. These programs typically sneak onto their victims’ systems while they surf the web, masquerade as a normal Microsoft Windows alert, or otherwise trick people into downloading them onto their computer. Once installed, misleading applications exaggerate or make false claims about the security status or performance of your system, then promise to solve these bogus problems if you pay them.  The most recent version of this program is the FBI / CIA or police program that takes over your screen and tells you that you have done some illegal act and must now pay to unlock your computer.

Once the downloaded application is installed and ready, the malware that installed it will inform the user that they are infected with a new, previously unknown threat. This can be done through a “balloon message” that appears in the lower right-hand side of the system, or as a screen takeover. The misleading application will then present itself and either pretend to download or run a scan of the system.

The victims of misleading applications have paid for software that does not work, handed their personal information to scammers, and are left with a false sense of security that leads them to potentially greater risks from more aggressive threats. Even if a person catches on to the ruse and does not pay the misleading application vendor, the programs can be notoriously difficult to remove without the proper security software.

Most common types of misleading applications:

  • Antivirus2009
  • AntiVirusXP2008
  • SpySheriff
  • WiniGuard
  • TheRegistrySentinel
  • VirusRemover2008
  • VirusDoctor

How to diagnose if you have a misleading application:

  • If you've installed a virus or security program with no visible results, or you have constant popups about new virus threats
  • Your computer may lock you out and show a picture of yourself with a CIA or FBI warning that you have dowloaded porn or something else illegal
  • Because these are "applications" as opposed to viruses, they are very difficult to remove. Many virus programs are unable to completely remove these, therefore contacting a professional to do a proper and full removal is highly recommended.

Fake Security Assessment Tools

Security message popups that tell you that you're computer is at risk of infection or that your computer has been infected.
**see Misleading Applications above for more information.

Remote Access Trojans (RATs)

RATs are malicious programs that run invisibly on host PCs and permit an intruder remote access and control. On a basic level, many RATs mimic the functionality of legitimate remote control programs such as Symantec's pcAnywhere but are designed specifically for stealth installation and operation. Intruders usually hide these Trojan horses in games and other small programs that unsuspecting users then execute on their PCs. Typically, exploited users either download and execute the malicious programs or are tricked into clicking rogue email attachments.

RAT originators can explore a particular machine or send a broadcast command that instructs all the Trojans under their control to work in a symphonic effort to spread or do more damage. One predefined keyword can instruct all the exposed machines to format their hard disks or attack another host. Intruders often use RATs to take over as many machines as they can to coordinate a widespread distributed Denial of Service (DoS) attack (known as a zombie attack) against a popular host. When the traffic-flooded victim tries to track down the intruder, the trail stops at hundreds of innocent, compromised DSL and cable-modem users, and the intruder walks away undetected.

After you remove most malware programs, the damage is done and the worst of the crisis is over. Not so with RATs. Like their virus and worm cousins, RATs can delete and modify files, format hard disks, upload and download files, harass users, and drop off other malware. RATs have two unique features—content capturing and remote control—that make them a higher order of particularly dangerous malware.

First, the ability to capture every screen and keystroke means that intruders can gather users' passwords, directory paths, drive mappings, medical records, bank-account and credit card information, and personal communications. If your PC has a microphone, RATs can capture your conversations. If you have a WebCam, many RATs can turn it on and capture video—a privacy violation without par in the malicious-code world. Everything you say and do around the PC can be recorded. Some RATs include a packet sniffer that captures and analyzes every packet that crosses the PC's network card. An intruder then can use the information a RAT captures to create future back doors, cause privacy violations, perform identity theft, and create financial problems—problems that might not be readily identifiable for months. Whether you can ever trace these problems back to the RAT is debatable.

Second, an unauthorized user's ability to remotely control the host PC is a powerful tool when wielded in the wrong hands. Remote users not only can manipulate PC resources but can pose as the PC's legitimate user and send email on behalf of the user, mischievously modify documents, and use the PC to attack other computers.

If you think that your computer is infected with a Remote Access Trojan it is EXTREMELY IMPORTANT to SHUT DOWN THE COMPUTER IMMEDIATELY and bring it to Skyview for evaluation.

Most common types of Remote Access Trojans:

  • Back Orifice - an impressive array of features that include keystroke logging, HTTP file browsing, registry editing, audio and video capture, password dumping, TCP/IP port redirection, message sending, remote reboot, remote lockup, packet encryption, and file compression
  • Sub Seven -  This Trojan functions as a key logger, packet sniffer, port redirector, registry modifier, and microphone and WebCam-content recorder
  • Stealth Spy
  • Intruders Paradise
  • NukeNabber
  • BO jammerkillahV
  • Phase0
  • NeTadmin
  • Satanz Backdoor

How to diagnose if you have a Remote Access Trojan:

  • If you have ever had a worm or virus you are a prime candidate for a RAT
  • A clear clue to a RAT infection is an unexpected open IP port on the suspected machine
  • when you suspect that a computer is infected IMMEDIATELY disconnect the PC from the internet so that the remote intruder can't detect the security probe and initiate more damage
  • Do NOT boot in safemode because doing so often prevents the trojan from loading - thus defeating the purpose of running tests.
  • Bring your computer to Skyview for a full evaluation and cleaning to fully remove the Remote Access Trojan infection

Trackware

This program secretly monitors user behavior or gathers confidential information, then forwards the information to a third party. Trackware can be thought of as spyware that monitors the user's behavior and/or gathers information about the user.The information gathered can sometimes involve confidential and/or personally identifiable details, including account log-in names, passwords or other sensitive data.
***See Spyware for more information

Rootkit or Bootkit Virus

A rootkit is a stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer. Rootkit installation can be automated, or an attacker can install it once they've obtained root or administrator access. Obtaining this access is a result of direct attack on a system (i.e. exploiting a known vulnerability, password (either by cracking, privilege escalation, or social engineering)). Once installed, it becomes possible to hide the intrusion as well as to maintain privileged access. The key is the root/Administrator access. Full control over a system means that existing software can be modified, including software that might otherwise be used to detect or circumvent it.

Rootkit detection is difficult because a rootkit may be able to subvert the software that is intended to find it. Detection methods include using an alternative and trusted operating system, behavioral-based methods, signature scanning, difference scanning, and memory dump analysis. Removal can be complicated or practically impossible, especially in cases where the rootkit resides in the kernel; reinstallation of the operating system may be the only available solution to the problem. When dealing with firmware rootkits, removal may require hardware replacement, or specialized equipment.

Diagnosing a Rootkit or Bootkit Virus:

Rootkits are frustrating. By design, it's difficult to know if they are installed on a computer. Even experts have a hard time but hint that installed rootkits should get the same consideration as other possible reasons for any decrease in operating efficiency. Sorry for being vague, but that's the nature of the beast. Here's a list of noteworthy generic symptoms:

  • If the computer locks up or fails to respond to any kind of input from the mouse or keyboard, it could be due to an installed kernel-mode rootkit.
  • Settings in Windows change without permission. Examples of this could be the screensaver changing or the taskbar hiding itself.
  • Web pages or network activities appear to be intermittent or function improperly due to excessive network traffic.

If the rootkit is working correctly, most of these symptoms aren't going to be noticeable. By definition, good rootkits are stealthy. The last symptom (network slowdown) should be the one that raises a flag. Rootkits can't hide traffic increases, especially if the computer is acting as a spam relay or participating in a DDoS attack.