Hello, I'm Method. I work as a computer technician and deal with lots of infected machines on a daily basis where I work, and here I will tell you how to prevent getting viruses, and what to do if you somehow get one.
So, you're sick of getting viruses, spyware, malware, and all sorts of other nasties. Truth is, there is no 100% way to rid yourself of viruses and the like. Simply because there are at least 50 new viruses a day and someone has to write a fix for them. However, there are of course ways to prevent such infections.
Choose a Good Anti-virus
First and foremost, choose a good antivirus. And no, just because you pay for it, doesn't mean its the best. Mcaffee is a great example. How does one go about choosing a good anti-virus? Well, http://www.av-comparatives.org/ is a great place to start. These guys rate all popular anti viruses and at the time of posting this, Avira Antivir seems to come out pretty high. I personally use it and have had no issues. Previously I've used AVG and noticed Avira had a higher detection rate.
Things to know about an anti-virus are:
1. Do NOT install more than one. Otherwise the two will conflict with each other and cancel each other out.
2. ALWAYS UPDATE before you run a scan.
3. Perform a full system scan at least once or twice a month if you use your computer on a daily basis.
Again, even with anti-spyware tools, ALWAYS UPDATE before you scan. And unlike anti-viruses, you can, and it is recommended, run more than one tool. However, some conflicts may arise. For example, if you run Avira, and run a full system scan, then run Malwarebytes Anti-Malware, and run a full scan, because of Avira's real-time protection, any file it (Avira) deems suspicious, it will force malwarebytes to a halt until you decide what to do with it. If you don't know what it is, it's safe to let avira take care of it.
General Computer Care
Not just anti-viruses need to be updated. Microsoft puts out updates every other tuesday. Be sure to stay on top of all the updates they have to offer, especially their Malicious Software Removal Tool updates.
Now, what happens if you get a virus on your computer, even though you run all these tools? Well, first off, there are at least 50 new viruses a day and someone has to write a fix to remove it. So, depending on WHERE you go on the internet, you're bound to get a virus at some point.
But what do you do?
If it's a tricky virus to remove, such as the common anti-virus lookalikes like Personal Security for example, a lot of times those viruses will disable your anti-virus, and disable the use of running your tools, let alone run anything. In most cases, you can still boot your computer up in Safe-Mode by hitting F8 repeatedly during bootup, and selecting either Safe Mode, or Safe Mode with Networking. (If you are unsure when you last updated your anti spyware tools, it's safe to say use safe mode with network so you can update.) Then run your tools there, and hopefully it will remove the problem, and if not, there are many guides out there on how to remove these viruses.
Also keep in mind these viruses follow a very interesting pattern. A lot of them will create a folder where they put the main program within, inside the Program Files folder. The way I get rid of this, and you can also in a lot of cases do this in Normal mode (As opposed to safe mode), is grab Malwarebytes File Assassin - http://www.malwarebytes.org/fileassassin.php and browse with the tool to the folder it's in, and select the program, usually it's
"C:\Program Files\[program name]\file.exe"
Where [program name] is the viruses name, such as "Personal Security" and where file.exe is obviously under a different name, but is usually the only file in that folder. You also may find that within program files its under a different folder name that is just simply numbers, try there as well, but don't go deleting a bunch of stuff if you aren't sure. When in doubt, Google. If you still can't seem to fix the issue, and have another computer around that can get online, try heading over to http://www.bleepingcomputer.com/ and ask on their forums. Someone will help you out.
That should wrap this up. What anti-virus or anti spyware tool do you use and why? What are your methods of fixing spyware or virus related problems?
Edit: I will also try to update this when new things come out, like new tools and whatnot.
Contrary to the saying, the best defense in this case, is not a good offense, but rather good education. Effective counter-measures against viruses and spyware are certainly a good idea, but the education of users is the best way to stop the counter-measures from being necessary at all. Nice guide regardless.
Of course. However the common user unfortunately isn't as educated as they probably should be. Yes, I use an antivirus and run regular scans, but it never actually finds anything. For a while I ran without one, but, I decided why not.
The common user, when they go to a dangerous website, or a website with dangerous advertisements, such as Facebook, will click on things that look to be very related to the site they are currently on. For example:
A user is on facebook and see's an ad for a facebook related page. However, what's completely oblivious to this user is that they actually clicked a link that goes completely away from facebook, and then all of a sudden they have a virus. why couldnt they catch it? Well, here's something quite interesting. Take a look:
Now, depending on what kind of screen you have, that looks alot like www.facebook.com, right? Copy the first one and paste it into your browser, and you'll get an error saying it doesn't exist. A lot of people who write viruses and website to deploy them will make a page similar to: www.facebook.corn.someothersite.com/nowyouhaveavirus, but to the common user they may (and usually don't) think anything of it.
I like the fact that you have only suggested free and safe tools to run.
You see often where advice is given to run heavy duty programs where training in these utilities is paramount. (I'm sure you are familiar with them). What the average PC user isn't made aware of is that running these tools can be quite harmful to the PC, and they produce a log which only a trained eye can analyse.
There are a couple more free and safe tools I would like to mention.
SUPERAntiSpyware (freeware). I feel this comes second only to MBAM. The free version doesn't have the real-time protection Spybot S&D does, but like MBAM it has a very high detection and removal rate.
WinPatrol by BillP studios (freeware). This is an excellent realtime system monitoring utility. It could actually mean the difference between being hit by a drive-by download and having it installed without your knowledge. It is very effective at warning the user of any system changes they might not have initiated. It is very light on resources too.
I can see your guide leans a little toward the plague of rogue antispyware apps people are getting hit with these days (not to say it isn't just as effective against everyday malware).
I helped a friend of a friend remove a rogue they got through facebook just the other day. I used MBAM (renamed the installer and it completely installed, updated and removed "Security Tool" the executable was a bunch of random numbers. I didn't need to use rkill to kill the rogue processes.) I suggested to bolster their security a little to keep MBAM, download SUPERAntiSpyware and WinPatrol.
Apparently they got infected after clicking a picture in Facebook. Obviously it was a hyperlink to a malicious drive-by.
Installing two AV programs will not result in "canceling each other out". It's akin to saying "If you own two cars, one will crash". It's trying to drive two cars at the same time that will result in a crash, not owning two cars at the same time....a very big and important difference.
There's no issue installing two AV programs, the issue arises when you set both programs active. Your primary AV should be set to active, quick scanning every file as it is opened. The secondary AV must not be set to "active". The secondary AV should be set to perform a full manual scan of selected drives on a schedule, generally when you are not at your machine. I usually set them to scan at 6 am. Since the secondary scan is not in memory except for the hours of 6 - 7 am, there's no way they can interfere with one another.
The double wall technique has saved my arse more than once. The first time was back in the day when Norton was still a de facto standard and the number of AV vendors could be counted on one hand, AnnaK virus blew right by it. The nightly scan of the network by the secondary AV picked it up and removed it from half of the office's machines. The other half had a different primary AV which stopped it.
If I may I would like to share my methods and experiences in avoiding viruses/spyware and so on with pretty much any Windows platform.
Precautions I take
1. A clean (offline) install of Windows, applying the latest patches and service packs before connecting to the internet. My theory is if you start from a clean slate you're ahead of the game, rather than playing catch up with a more susceptible computer
2. Task manager – Take a screen shot of task manager after a basic install to get a feel for the kinds of processes that should be running as part of windows. You can do the same with every application, that way you can see fairly quickly if there is something running that is a bit out of the ordinary. Better to question something that to just ignore it and hope for the best.
3. Run only known software on your computer, for example applications from a known to be safe (virus free) location.
4. If you must run anything you haven’t tried before, run it within a virtual machine first and test. This especially goes for anything download off the internet, even software from safe sites because you may not know the additional ‘extras’ that are installed with the particular software you want to use. For example VLC media player will install Softonic Toolbar for Internet Explorer. You can never be 100% sure of everything that an application installer will do to your computer. Once you’ve checked it out and deemed it safe, only then commit it to your main system.
5. If you are not using the internet, do not connect to the internet! Maybe sounds a bit silly, but if all you are using your computer for is to play a game or write a document, the chances are you do not need access to the internet!
6. There was a quote i saw one time on this forum that pretty much summed up web browsing: "Don't click that damned banner, no one is giving you a free f**king iPod!" Now i forget who i'm quoting, but the message is there. Don't click adds or links promising you something that sounds to good to be true!
7. Backup all data as often as possible. What i do is probably overkill for most users, but make sure and take 2 backups of really important stuff. One to keep at home, and keep the other elsewhere.
Main server --> Backup server, effectively a clone (weekly - backup server is offline 6/7 days)
Main server --> Backup hard drives, stored offsite (monthly)
Each server scans files for viruses before copying across, and the same occurs when I backup to my set of hard drives
8. A rebuild of my main computer every 6 months, as in complete format and re-image with Norton Ghost or Acronis True Image. I have been favoring Acronis more recently due to better hardware support. I also like the ease of its secure zone and ‘F11’ restore options.
1. Boot rescue media, wipe out OS and restore from backup image. Perhaps this seems overkill for a home user, but i guess i have never taken any chances with any of my data. I'd rather wipe my whole computer, which just contains the OS and applications, rather than risk losing data.
The issue with running two Antivirus programs is caused usually by heuristic detection and sometimes unencrypted antivirus data.
Running 2 AV's will often cause system instability even if one is not active. This happens because when a scheduled scan starts from the active AV scanner, when it reaches the virus definition files of the non-acive scanner, heuristics will start flagging the files for removal because basically the scanner is taking an educated guess that the files are associated with malware, which they are.
Because the definition files are being flagged for removal or quarantine, this is effectively the active scanner cancelling out the resident on-call scanner. System instability occurs because these files are staunchly protected, they are not designed to be removed willy nilly.
Have not experienced or read of such a thing ever happening with any of the products I have used.....though I would expect this to be "designed in" with Norton., TrendMicro or any of the "I am more interested in getting your subscription renewal monies than protecting your PC" outfits
One conflict was from an online scanner that was run prior. There are many more, but if you google something like "install 2 antivirus programs" you can get the general consensus on the issue, or even "antivirus conflict" there's plenty of reading.
If you can get a stable system with 2 AV's running thats good for you. It is always nice to have a 2nd opinion. I personally like to run antispyware apps or even an online scan. Most major antivirus developers offer this free service, although not all offer threat removal without subscription.
Why not use a program like DeepFreeze ( at least on the C Drive) . When the pc is switched off after a session , Deep Freeze keeps the Drive that it is on in the same state as it was before the session started . So in effect , no new files can ever be added or deleted from the Drive it is installed on . I would say it's a BRILLIANT program . Also , it gives the user flexibility to 'thaw' it & that is when he can make any changes that he wants to , to that drive , such as updating sofware applications , drivers ,installing or removing any programs ,after which he can again 'Freeze' the drive . As viruses usually strike in the C Drive , very effective utility . What say ?
method320, thank you for this thread. Some very useful information throughout given here.
I would like to add a technique to prevent the installation of those rouge or fake anti-virus, which, trick web surfers after they have just clicked on a link, into believing they are infected by viruses and are running a scan to rid them of this infection. DO NOT click anywhere on this window to exit out of it, whereas, in fact, most do and are unknowingly allowing the virus to install. Use the Task Manager (while holding down Alt, Ctrl keys, tap Delete key) to stop this within the Applications section and Stop the Process there.
Again, thanks to all for the information already given...gwb56