Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

  1. Have active and up-to-date trusted anti-virus software:  McAfee and Norton are major names, but there are other providers that do a good job as well.  You need to make sure it is a full-fledged anti-virus suite, however, and it is unlikely (though not impossible) that you'll find one for free.
  2. Pause and consider links and downloads before clicking and installing: even trusted sources sometimes get hacked and can provide infected content.  Take a moment and think about how likely it is that the action you're about to take will be safe - were you expecting that attachment? Do you think you really need that software to do what you're doing?
  3. Be suspicious of very scary warning messages: They're almost always malware themselves, especially if you have to click or install something to further scan your computer.
  4. Run anti-virus and anti-malware scans regularly: In addition to anti-virus, we recommend Spybot Search and Destroy as a fairly light-weight, useful anti-malware tool.  Run scans (in safe mode if you're familiar) at least once a month to help keep your computer clean and healthy
  5. Ask questions: If you're not sure about something, and don't know how to proceed, stop by the ITS helpdesk or give us a call at 507-222-5999 and we will help you out
{box:orange| h1. Cleaning Malware} {expand: Click for instructions, but note: this process has not been updated recently and does NOT guarantee malware removal} This article describes the *cleanup* process the [SCIC] recommends for [scicimport1:Windows] computers that may have some form of [scicimport1:malware] infection. This article does not cover other operating systems because, in recent years, there have been no reports at the SCIC of malware infections on student computers running [scicimport1:Mac OS] or any other non-Windows operating system. h4. 1. Remove unnecessary, pernicious software If the computer is bootable in normal mode (if not, skip to [scicimport1:Reboot in Safe Mode|#4. Reboot in Safe Mode]), go to the Add/Remove Programs control panel and remove any [scicimport1:Norton]\-related programs. (When Norton and McAfee are both installed, they conflict with each other. Carleton only supports McAfee, which it provides free to all students.) Also remove any Peer-2-Peer software, such as Kazaa, Morpheus, or Audiogalaxy. h4. 2. Disable startup items This step prevents many unnecessary programs from running at start-up, including possible spyware. On most systems, it will increase start-up speeds dramatically. However, you may wish to re-enable some start-up programs later, after your system has been cleaned. If you have Windows XP, ME, or 98, go to Start \-> Run and type *msconfig*, then hit OK. Go to the *Startup* tab, then click *Disable All*. Click the checkboxes next to SHSTAT and UpdaterUI to re-enable them; these are core Windows programs. On other versions of Windows, you will have to go in to the registry to change the startup items. Instructions can be found [here|http://www.adriansrojakpot.com/Other_Articles/Win2K_Tips/Windows_Run/Windows_Run.htm]. h4. 3. Install anti-malware software If you do not already have [McAfee Anti-Virus|scicimport1:McAfee Anti-Virus] installed, download and install it. If unable to [register|scicimport1:ResNet registration] for the network, you can download it directly from the registration page. If that doesn't work, contact an [RCC], who should have a CD or [Thumb drive] with all of the SCIC-recommended anti-malware software on it. Also download and install [scicimport1:Spybot], if those are not already installed. h4. 4. Reboot in Safe Mode Reboot your computer. As it begins to start up, hold down F8 (or, on some computers, F5) to enter [Safe Mode]. Choose *Safe Mode With Networking*, if your computer is registered for the network. This will allow you to download updates for your anti-malware software. If given multiple log-in options, choose *Administrator*. The screen may look a little odd; don't worry about that, this is a normal quirk of Safe Mode. h5. 5. Run scans You should run scans with [McAfee Anti-Virus |scicimport1:McAfee Anti-Virus]and [scicimport1:Spybot]. Each is likely to catch malware that the other programs tend to miss. *McAfee Anti-Virus* [McAfee Anti-Virus|scicimport1:McAfee Anti-Virus] is available for free download along with all the other software provided by Carleton. Go to *Start* \-> *Network Associates* \-> *VirusScan Console*. If you are connected to the Internet, click on *AutoUpdate* and then the Play button to download software updates. Then click on *DailyUpdate* and then the Play button to download the latest virus definitions. Now click *Scan All Fixed Disks* and click the Play button. This will become a long, thorough scan, which may take 45-90 minutes. After it's finished, select all items that the scan found, right-click, and select *Delete*. *Spybot* Start [scicimport1:Spybot]. Click *Check for problems* to scan your computer. This will take 15-45 minutes. After it's finished, select all problems and then click *Fix selected problems*. Spybot can be downloaded [here|http://www.safer-networking.org/en/download/]. *Windows Defender* [Windows Defender] is another antispyware program designed by Microsoft. It can be downloaded [here|http://www.microsoft.com/downloads/details.aspx?FamilyID=435bfce7-da2b-4a6a-afa4-f7f14e605a0d&displaylang=en]. h5. Finishing Reboot your computer normally and see if your system appears to be working correctly. You may wish to run scans again in normal mode to make sure that nothing new appears; if something does, it's possibly that a hidden program, not detected by your current anti-malware software, is spawning new malware on startup. You may wish to [drop off|Computer Repair] your computer at the SCIC for more thorough cleanup. The SCIC strongly recommends that Windows users perform this cleanup process at least once per term. {expand} {box}
Wiki Markup
Panelbox
nameorange
title h1. Cleaning Malware
Click for instructions, but note: this process has not been updated recently and does NOT guarantee malware removal

This article describes the cleanup process the recommends for computers that may have some form of infection. This article does not cover other operating systems because, in recent years, there have been no reports at the SCIC of malware infections on student computers running or any other non-Windows operating system.

1. Remove unnecessary, pernicious software

If the computer is bootable in normal mode (if not, skip to scicimport1:Reboot in Safe Mode), go to the Add/Remove Programs control panel and remove any -related programs. (When Norton and McAfee are both installed, they conflict with each other. Carleton only supports McAfee, which it provides free to all students.) Also remove any Peer-2-Peer software, such as Kazaa, Morpheus, or Audiogalaxy.

2. Disable startup items

This step prevents many unnecessary programs from running at start-up, including possible spyware. On most systems, it will increase start-up speeds dramatically. However, you may wish to re-enable some start-up programs later, after your system has been cleaned.

If you have Windows XP, ME, or 98, go to Start -> Run and type msconfig, then hit OK. Go to the Startup tab, then click Disable All. Click the checkboxes next to SHSTAT and UpdaterUI to re-enable them; these are core Windows programs.

On other versions of Windows, you will have to go in to the registry to change the startup items. Instructions can be found here.

3. Install anti-malware software

If you do not already have McAfee Anti-Virus installed, download and install it. If unable to register for the network, you can download it directly from the registration page. If that doesn't work, contact an , who should have a CD or with all of the SCIC-recommended anti-malware software on it.

Also download and install , if those are not already installed.

4. Reboot in Safe Mode

Reboot your computer. As it begins to start up, hold down F8 (or, on some computers, F5) to enter . Choose Safe Mode With Networking, if your computer is registered for the network. This will allow you to download updates for your anti-malware software. If given multiple log-in options, choose Administrator. The screen may look a little odd; don't worry about that, this is a normal quirk of Safe Mode.

5. Run scans

You should run scans with McAfee Anti-Virus and . Each is likely to catch malware that the other programs tend to miss.

McAfee Anti-Virus
McAfee Anti-Virus is available for free download along with all the other software provided by Carleton.

Go to Start -> Network Associates -> VirusScan Console.

If you are connected to the Internet, click on AutoUpdate and then the Play button to download software updates. Then click on DailyUpdate and then the Play button to download the latest virus definitions.

Now click Scan All Fixed Disks and click the Play button. This will become a long, thorough scan, which may take 45-90 minutes. After it's finished, select all items that the scan found, right-click, and select Delete.

Spybot
Start . Click Check for problems to scan your computer. This will take 15-45 minutes. After it's finished, select all problems and then click Fix selected problems. Spybot can be downloaded here.

Windows Defender
is another antispyware program designed by Microsoft. It can be downloaded here.

Finishing

Reboot your computer normally and see if your system appears to be working correctly. You may wish to run scans again in normal mode to make sure that nothing new appears; if something does, it's possibly that a hidden program, not detected by your current anti-malware software, is spawning new malware on startup. You may wish to drop off your computer at the SCIC for more thorough cleanup.

The SCIC strongly recommends that Windows users perform this cleanup process at least once per term.

For help

If a computer is infected and user is not able to remove the malware, he or she can:

...