Malware and you

Yes, we all probably had run ins with that rouge FBI virus that hijacks your browser to a webpage that says you have been viewing illegal NSFW sites and been sending spam e-mails and states that the FBI will raid arrest you in "X" days if you don't pay a fine (in reality, the FBI attains a search warrant after a surveillance period, then arrest you without notifying you). Or that trojan that pretends to be a anti-viral scanner called Windows Anit Virus Patrol to ransom you for several hundreds dollars and can only be disabled by using an "activation code" before it can be removed. So what I want to talk about here is sharing methods on dealing with viruses that are more sophisticated than the average infected ad.

The one time I had trouble with a Ransom Virus, I just downloaded Spybot S&D and called it a day.

Though I can imagine that wouldn't work with the ones you are talking about.

I got that FBI ransomware virus twice now. I got rid of them by booting my computer up in Safe Mode then doing a system restore to before it showed up.

Haven't seen anything bad enough to lock me out of my computer in years, probably as far back as middle school due to my... ahem, *questionable* site viewing and downloading practices back then.

The worst I have to deal with these days is just those annoying browser add-ons that the other users of this computer keep on trying to goddamn download without realizing that they're malware in disguise, or the typical spybot. Doesn't help that said user is borderline clueless when it comes to telling the difference between the legitimate software vs the Trojan crap that she keeps touching on Facebook ads. Fortunately I'm usually able to remove it the same day with little issue... except for one of the original ones she found.

I believe it's called "My Web Search", and that sucker is damn near impossible to remove from by comp. It's dug in so deep that manually removing it by deleting it's files never works since it has it's own admin permissions and immediately restores itself upon deletion, and I haven't been able to find a anti-virus program capable of removing it either. The one time I tried to see if a tech support shop could do it they totally failed as well. Only conclusion I've come to is that the day I purchase a new comp I'll just have to re install everything from scratch and try to avoid downloading any large files directly from this comp to the new one as much as possible.

System restore fixes everything major I've ever encountered, with the fake FBI things that won't let you close the tab I just control, alt, delete the browser closed and it's gone.

I've had a small handulf of malware problems over the years. A number of times, my laptop encountered that malware that fucks with the EXE file associations. Each time AVG pounced on the executable in question within seconds, but I still had to reset the file associations in the registry, which can be a bit annoying. Then on one occasion I got an adware program on my laptop that caused Google links in Firefox to redirect to spam sites and also messed up the Windows Explorer GUI. AVG was unable to fight it, but when I downloaded and ran TDSSKiller, it said it found a nasty thing hiding on the hard drive outside the filesystem and gave it a good beating, and the adware seemed to be gone after that.

Since then I've always turned the Java and Adobe Reader plugins off in Firefox, and I've yet to notice any more infections on any of my machines. Nor has it been for lack of trying; a number of shady sites have tried to automatically open PDFs or Java applets, and many a filehosting site has tried to get me to use a 'downloader' (read: adware) or even download an EXE with a filename similar to the file I wanted. But so far they've all bounced off my defenses, and even AVG doesn't have a lot of work to do these days (I mostly use it for scanning downloaded software to make sure it's not hiding anything bad).

edited 23rd Jul '14 9:47:34 PM by Meklar

I'm mostly in the same boat as Meklar here. I'm of the mind that as long as you only selectively enable scripts when browsing the web, have a good anti-virus program, and be mindful of the sites you visit and what's on them (as well as the stuff you download), you pretty much rarely ever need to worry about malware.

Granted, my wisdom in this area largely comes out of growing up with computers that often got filled with crap and having to go through lengthy processes to fix them (to the point where I can typically solve a problematic PC in a few short hours at worst these days, unless it's been damaged by something beyond my technical know-how), so I imagine most people won't understand unless they actually have had it happen to them and were actively involved in the cleanup process. And, y'know, take a little time to know how some simple things on the computer work. And remember them.

Personally, my trump card is Malewarebyte Antimalware Ver. 2.0. Well right now, I'm under attack by nonstandard pop-up ads an browser redirects. The culprit is something called PUP.Optional and it shows on my PC basically every week now. But just because it infects me every week doesn't means that it'll still on my PC for the rest of the day.

I just use Task Manager and find the offending .exe under "Processes". One time i had one that would kill the task manager as soon as i opened it, but i outsmarted it by running the task manager right on startup, before the malware had a chance to load.

None on my current computer at all, thankfully. Maybe once or twice it's even found viruses, never anything bad.

A lot of the time if there's a rogue program on a computer, I'll often investigate every program folder on the computer and manually delete all the files and folders associated with it, using AVG to find ones I missed and to clean up loose ends.

I haven't had a computer virus (or any other kind of malware) in... at least six years, probably longer. Prevention is the best cure. Use noscript (so you only run javascript from sites you've whitelisted), use adblocker (for a similar reason — adverts are a frequent vector of infection), make sure you know what you're downloading and don't pirate software. Stay away from freeware or adware; well-known open-source stuff is fairly safe. Make sure that you're not running as an administrator account, so that you'll have to enter a password whenever some software wants to install itself. Make sure you keep everything updated to the latest version.

Just how important is anti-malware? I hear contradicting advice on this, and it's hard to distinguish between people who genuinely want to help, people who want to sell me an antivirus and people who want to spread malware.

I had some adware called e-2give wreck one of my computers years ago.

You can get good enough anti-virus/malware for free (I use malwarebytes for instance), so it's kind of hard for them to rip you off as long as you don't go for any of the purchase options, which shouldn't be necessary for most people.

I think the one time my anti-virus came in handy was when I fell for the classic "YOUR FIREFOX IS OUT OF DATE" redirect, where a hacked webpage (usually due to an unchecked ad) sends you to a site where you are prompted to download a flash player "update". When I realized it was a trick, I just turned on my free anti-malware system. It found and quarantined the sneaky program in a matter of minutes. Never had any problems since.

Still, I get really annoyed that people choose to make a living attacking other peoples' computers. They're a really cowardly type of criminal, all things considered.

Anti-malware can be useful, but a savvy user without any anti-malware is safer than an incompetent with it.

edited 24th Jul '14 6:02:15 AM by imadinosaur

Fingers crossed — I haven't had a malware infection since I've been old enough to have my own computer; the sole exception being an infected USB thumb drive that got passed around at my work and never touched my home PC. I've even helped my friends and family clean their machines a few times.

I've done it all with nothing more than a commercial AV/firewall (Norton for the most part) and common sense. The most important things, in no particular order:

• Always install browser, OS, and plugin updates immediately once they become available. Turn on your auto-update features if they aren't enabled by default.
• Don't ever, ever, click on links or attachments in emails unless you explicitly trust the sender and were expecting that particular email. Be mindful that spammers will send targeted emails posing as people who have you as friends/contacts, based on the skimming of those people's contact lists.
  • As an extra measure of phishing security, don't click on links even from emails that look legit; log into the website yourself and then find the thing that the email was talking about. Most companies will do this nowadays.
• Don't visit the skeevy side of the Internet. Seriously, don't try to pirate stuff, don't download hacks, warez, etc., because those sites are loaded with malware. Just brimming.
  • Related: if you're going to browse porn (and we all do), use your browser's private, secure, or incognito mode so you can't be tracked; it may also offer additional security against certain types of attacks.
• Get a decent AV and firewall and pay attention when they warn you about something. Anti-spyware is also nice but not needed.
  • Enable your router's firewall if you have one. It keeps 99% of intrusion attempts from even getting to your computer in the first place. Update your router's firmware whenever a new revision comes out.
• Don't ever click on unexpected pop-ups, doubly so if they offer "tune-ups" or claim that you have a virus. Close them immediately, and if you can't, force-quit your browser.
• Don't use passwords that are easy to crack. Don't ever tell anyone your password, even if they act like they're a representative of a company that you do business with. No reputable company will ever ask you for your password; if a reset is required, they'll send you to a web page where you can do it yourself.

Really, it's about common sense.

edited 24th Jul '14 6:53:58 AM by Fighteer

Actually, those privacy modes do nothing of the sort — all they do is stop the browser from recording what sites you visit (and what forms you've filled in, and it doesn't save cookies, etc.). If you want to avoid being tracked, you'd have to use something like Tor (though please don't use Tor for watching porn, you'll slow the system down for everyone else).

<cue smug asexual who doesn't browse actual porn>

But, dogdily scanlated manga gets me into enough trouble that my various counter measures have to deal with. Seriously, some ad servers should be ashamed of themselves, the number of times they get swatted.

edited 24th Jul '14 11:52:07 AM by Euodiachloris

Has tvtropes managed to finally swat that irritating "your Java script needs updating" adware yet?

Fighteer, you forgot to mention not click on browser redirects. Those are an obvious indicator that you need to run your AV scanner.

Yes, of course. Generally those start happening after you're already infected; my guide is more like a way to prevent infection in the first place.

Necroing this thread.

A lot has gone by in the past 6 years. Most notably, ransomware took hold as it became more dangerous as most large-scale malware attacks involved ransomware. What are your experiences with malware?

Never had any Malware on my machines because I'm vigilant with emails

Linux user here. Nya, nya.

My grandparents once got a Chromebook, but it came preinstalled with ransomware, locking out access of the browser and making the computer basically useless. I think it was because they bought from the cheapest dealer on Amazon. Pro tip: If you are buying something from Amazon, always buy directly from Amazon if possible even if it's more expensive.