How did my computer get infected?
A HelpWithWindows TechFile
A question frequently put to our Malware experts after they spend countless hours cleaning up a customer's infected machine is "How did my computer get infected?"
The next question asked is usually "What can I do to prevent getting infected?"
So I've decided to provide this write-up for your education.
The number one reason you got infected is because you didn't practice Safe Internet. Safe Internet requires that you educate yourself on how to use the Internet in a careful and responsible manner. Knowing the different strategies used by malware authors to get their malicious content onto our PC's is the first step we need to take to be able to keep our computer malware free. Being alerted when we are about to enter a web site with a questionable reputation is another step. The number one reason people get infected is because they fall prey to social engineering. The malware writer just needs to convince you to install their software. They do this in various ways, including fake security (anti-malware) programs, unneeded video codecs (really, ask yourself why should you run an EXE file to install a video codec!) and of course the ever popular "KeyGen" to generate a registration code to use a piece of software for free (it is still stealing you know?).
Security software can help you some, but can never fully protect you. Security software is almost always "behind the curve", so they will be (too) late in detecting the latest security tread.
To get you started, here is a list of some precautions that'll start you on your way to practicing Safe Internet:
- If you receive an attachment (any attachment!) from someone whose name (or email address) you don't recognise, don't open it! Opening attachments is still a common method for malware to infect your computer. The days that only .COM, .EXE, .BAT, or .PIF files could cause harm are long gone. Many more file types can spread infections (including .PDF files).
- When receiving an attachment from someone you know, you should still treat it as suspicious. One strategy used by malware distributors is to send email containing the infection to all email addresses in a victim's address book, so if one of your friends gets infected he may send you the virus via email (without his knowledge). Ask yourself: Why would my friend want to send me this attachment? There's also nothing wrong with asking your friend if he did indeed send you the attachment, and asking him what is inside it. You could also make it clear to all your friends you no longer open any attachments you receive.
Microsoft does not send out security updates via email. So if you receive an email with an attachment claiming to be a security update from Microsoft: Delete it! Same goes for your bank: they don't send out a "Banking Security Update" as an attachment! - If you use any Instant Messaging program be extremely cautious about clicking on links in messages that are sent to you. Like email infections, malware spread via IM programs send messages to everyone in the infected person's contact list with a link or attachment that will infect you once you execute it. When you receive a message containing a link or attachment, ask the person if it is legit, although 9 out of 10 times you can easily spot these. Usually the message links to a .ZIP file, and the only message text would be something like "Hey, Can i put theese on facebook?" or "Hey, Some pics from New Year at my place". A message containing only a web site address or attachment is also a sure indication of infection.
- If a pop-up window which appears while you are browsing the internet claims your computer is infected, ignore it! Those pop-up messages (that frequently are made to look like a Windows error message) are scams trying to scare you into buying a piece of software (which most of the time won't help you, or just really infect your PC!).
- Read the End User License Agreement (EULA) of any software before you install it. A widespread tactic of some developers is to offer free software, but bundle other (unwanted) software with it (toolbars and/or spyware). This is how they make their money. By reading the EULA you can frequently spot this and avoid installing the software. (Figure)
On occasion even official software vendors will bundle (unwanted) software with their programs - this is frequently done to monetize downloads. So another tip is to always select Custom Install which is usually the only way to uncheck any boxes which indicate that other programs will be installed alongside the program you actually want installed. (Figure) - Be careful of what you download from web sites and Peer-2-Peer (P2P) networks. Malware distributors frequently use P2P networks to spread their infections. They disguise their malware with the names of legitimate software so as to trick unsuspecting users into installing their poison. If you want to download files from a web site, you can use tools such as BitDefender Traffic Light, McAfee SiteAdvisor, Norton Safe Web, or Web Of Trust (WOT) to check the reputation of the web site.
- Installing any app on Facebook that is promoted to you is also a surefire way to get infected. Have a look at this Facecrooks page, listing the top 10 Facebook scams.
- Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, downloads from these sites are typically riddled with infections.
Do not use P2P programs
Peer-to-peer or file-sharing programs (such as Azures, Limewire, uTorrent, Bitorrent and others) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest. It is almost impossible to know whether the file you're downloading through P2P programs is safe.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You have no idea where the files come from that you are downloading, thus you can hardly ever know they are safe.
Keep Windows up-to-date
A lot of malware/worms try to use vulnerabilities in Microsoft's software (either Windows itself or other Microsoft applications such as Office). Microsoft releases security updates for its software on a monthly schedule (2nd Tuesday of the month) and you should always apply the updates to help keep your PC secure.
I think you should set Windows to automatically install these updates.
-
Windows XP users
You should have the latest service pack (SP3) installed. You can download it directly from Microsoft.
To receive updates automatically, open your Control Panel, click Security Center, then click the link for Automatic Updates.
You can also check for the latest updates to your system by visiting Windows Update.
Note that when you visit Windows Update, and you see a note on the right hand side Upgrade to Microsoft Update... (Figure) you should take this option. Microsoft Update will not only update Windows, but include updates to Office and other Microsoft applications.
-
Windows Vista users
You should have the latest service pack (SP2) installed. For more information, see How to obtain the latest Windows Vista service pack.
To check for Windows updates, run the Windows Update application from your Start menu, although launching Internet Explorer and visiting http://windowsupdate.microsoft.com/ should launch Vista's Windows Update application automatically.
If the Windows Update application lists You receive updates: For Windows only you should consider changing it by clicking Find out more on the advice Get updates for other Microsoft products (Figure), and selecting to install Microsoft Update. Microsoft Update will not only update Windows, but include updates to Office and other Microsoft applications.
-
Windows 7 users
You should have the latest service pack (SP1) installed. For more information, see Learn how to install Windows 7 Service Pack 1 (SP1)
Run the Windows Update application from your Start menu (type update in the Search Programs and files box on your Start menu and click on the result Check for updates (Figure)) to check for the latest updates to your operating system.
If the Windows Update application lists You receive updates: For Windows only you should consider changing it by clicking Find out more on the advice Get updates for other Microsoft products (Figure), and selecting to install Microsoft Update. Microsoft Update will not only update Windows, but include updates to Office and other Microsoft applications.
-
Windows 8 users
Windows 8 is set by default to install updates automatically. You can check for updates by bringing up the charms menu and selecting the Settings charm. Next click Change PC settings and scroll down to (and select) Windows Update. You'll see a button to check for updates now (Figure).
If you start the charms menu from the "classic" desktop in Windows 8, instead of selecting Change PC settings, you can also select Control Panel. Next select System and Security and click Windows Update.
As with previous versions, you should set your system to obtain more than just Windows updates by installing Microsoft Update (start by clicking the link Find out more next to Get updates for other Microsoft products (Figure).
Make sure your Internet Browser is up-to-date
Most modern browsers have come a long way with their built-in security. Keep your browser up-to-date (by running the latest version) to increase your security.
Another check you'll want to do is to check if your browser plugins are up to date.
-
For Firefox you can go to: https://www.mozilla.org/en-US/plugincheck/
For other browsers go to: https://browsercheck.qualys.com/ and click on the Launch a quick scan now link.
For additional reading, see this US-CERT article: Securing Your Web Browser.
Use Antivirus Software
One of your first defenses against infections is Antivirus software. This is a must-have to help keep you protected in today's Internet world. Here are some good Antivirus software packages - and the best part: they are Free!
Most antivirus software can be set to automatically check for updates (recommended) otherwise you should check for updates manually at least once a week and run regular scans. Most antivirus software can be scheduled to scan at a given day/time, this is also recommended.
Note: Never use two personal Antivirus products at the same time to prevent compatibility problems.
Use a Firewall
Using a firewall is extremely important. Without a firewall your computer is at a far greater risk of being hacked and taken over by others. Just by using a firewall (even in its default configuration) you can lower your risk a great deal.
All versions of Windows starting from Windows XP have an in-built firewall. Later versions of Windows greatly improved the built-in firewall. Think of a firewall as a security guard at a bank branch or museum: the guard stops anyone coming into your computer if they're not authorized, and anyone leaving if they don't have permission.
If you use a router to connect to the internet, you should know that routers normally have a firewall built-in (check with your router's manual to see if this is the case). Some people advise installing a 3rd party firewall, but I think this is a matter of personal choice. One thing is certain: at least have some kind of firewall installed!
Note: Never use two personal firewall products at the same time to prevent compatibility problems.
Check if your Windows Firewall is switched on:
-
Windows XP users
Open Control Panel, select Security Center. The Windows Firewall state is indicated (Figure).
-
Windows Vista users
Open Control Panel, select Security, and then select Windows Firewall. The Windows Firewall state is indicated (Figure).
-
Windows 7 users
In your Start menu's Search programs and files box type firewall. The Start menu will now display the results of your search, and under the heading Control Panel, click the listing for Check firewall status (Figure).
-
Windows 8 users
On the new ("Metro") Start screen press the WinKey on your keyboard and simultaneously press the W key. Type firewall in the search box. On the left, click the result Check firewall status (Figure).
If you want to read more on firewalls, see this US-CERT article: Understanding Firewalls.
Make sure your applications are up-to-date
Other applications on your computer can also have security vulnerabilities that could lead to malware infections or security breaches. You should check for the latest versions of applications that are regularly patched to fix vulnerabilities (special attention needed for Oracle Java, Adobe Flash Player, Adobe Shockwave, and Adobe Reader because these are frequently targeted).
Because Java is by far the number one source of infections these days, you should pay close attention to it. Not only should you install the latest version, you should also make sure older versions are removed from your computer. In the past, Oracle did a horrific job by leaving older versions installed when upgrading, and this still leaves vulnerable files on your system.
We suggest running JavaRa to remove older versions of Java from your system. You can go to the Java Verify site to check which version you have installed.
While you can check the applications' respective web sites, we found a software that actually does an even better job: Not only will it automatically keep you updated, it will also select "No" to any additional toolbars or junk that may be included. Best of all, it is free for home use. Visit Ninite to read more or download your copy.
You can also use the free Secunia Personal Software Inspector to automatically scan your computer to detect vulnerable and outdated programs and plug-ins. The software even automates the updates for your insecure programs, making it a lot easier for you to maintain a secure PC.
Install an Anti-Malware program
You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with antivirus software. Like antivirus programs, there are many programs to choose from. We will recommend some free anti-Malware programs here, but we don't claim the list is complete:
*) This is a free program with the option of Activating a full version, unlocking real-time protection, scheduled scanning, and scheduled updating.
Don't re-use your passwords!
Use complex passwords - Minimum eight characters in length, containing any three of the four following groups, upper case, lower case, number, and symbol. And do not use the same password twice.
If you follow this advice you'll be well on the road to practicing Safe Internet!
If you need help in fighting Spyware or Virus infections, we offer a Malware & Virus Removal service.