Versions Compared

Old Version 12

changes.mady.by.user Kendra

Saved on

compared with

New Version Current

changes.mady.by.user Sam Lengyel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Standardized redirect.

What is Malware

Malware is an umbrella term for various types of malicious software. This term encompasses:

Viruses: program that disrupts the normal operation of a computer and causes problems to the computer.
Trojans: software programs devised by professional hackers to detect activity on PCs allowing the hacker to assume the user's identity.
Adware: advertising that is integrated into software.
Spyware: gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes.

One of the primary concerns of is malware infections on Windows computers. Common symptoms of malware infection include slow computer performance; difficulty registering or accessing the network; the inability to run Windows Update, other software updates or anti-virus software such as McAfee; and unexplained pop-up warnings, errors or ads.

Student-owned computers suspected to have any kind of malware infection can be dropped off free of charge at the ITS helpdesk from 8am - 5pm Monday-Friday.

Tips to help Avoid Infections

Warning
titleMac users:

While it is true that there are far fewer infections for Mac computers, Macs are not invincible, and CAN be infected.
Many computers at Carleton were infected by the recent Flashback Trojan.
Do not assume you don't need to be protected or be careful just because you're on a Mac.

It is nearly impossible to guarantee a way to avoid infections, but here are some good things to keep in mind:

  1. Have active and up-to-date trusted anti-virus software:  McAfee and Norton are major names, but there are other providers that do a good job as well.  You need to make sure it is a full-fledged anti-virus suite, however, and it is unlikely (though not impossible) that you'll find one for free.
  2. Pause and consider links and downloads before clicking and installing: even trusted sources sometimes get hacked and can provide infected content.  Take a moment and think about how likely it is that the action you're about to take will be safe - were you expecting that attachment? Do you think you really need that software to do what you're doing?
  3. Be suspicious of very scary warning messages: They're almost always malware themselves, especially if you have to click or install something to further scan your computer.
  4. Run anti-virus and anti-malware scans regularly: In addition to anti-virus, we recommend Spybot Search and Destroy as a fairly light-weight, useful anti-malware tool.  Run scans (in safe mode if you're familiar) at least once a month to help keep your computer clean and healthy
  5. Ask questions: If you're not sure about something, and don't know how to proceed, stop by the ITS helpdesk or give us a call at 507-222-5999 and we will help you out
Wiki Markup
{box:orange| h1. Cleaning Malware}
{expand: Click for instructions, but note: this process has not been updated recently and does NOT guarantee malware removal}
This article describes the *cleanup* process the [SCIC] recommends for [scicimport1:Windows] computers that may have some form of [scicimport1:malware] infection.  This article does not cover other operating systems because, in recent years, there have been no reports at the SCIC of malware infections on student computers running [scicimport1:Mac OS] or any other non-Windows operating system.

h4. 1. Remove unnecessary, pernicious software

If the computer is bootable in normal mode (if not, skip to [scicimport1:Reboot in Safe Mode|#4. Reboot in Safe Mode]), go to the Add/Remove Programs control panel and remove any [scicimport1:Norton]\-related programs.  (When Norton and McAfee are both installed, they conflict with each other.  Carleton only supports McAfee, which it provides free to all students.)  Also remove any Peer-2-Peer software, such as Kazaa, Morpheus, or Audiogalaxy.

h4. 2. Disable startup items

This step prevents many unnecessary programs from running at start-up, including possible spyware.  On most systems, it will increase start-up speeds dramatically.  However, you may wish to re-enable some start-up programs later, after your system has been cleaned.

If you have Windows XP, ME, or 98, go to Start \-> Run and type *msconfig*, then hit OK.  Go to the *Startup* tab, then click *Disable All*.  Click the checkboxes next to SHSTAT and UpdaterUI to re-enable them; these are core Windows programs.

On other versions of Windows, you will have to go in to the registry to change the startup items.  Instructions can be found [here|http://www.adriansrojakpot.com/Other_Articles/Win2K_Tips/Windows_Run/Windows_Run.htm].

h4. 3. Install anti-malware software

If you do not already have [McAfee Anti-Virus|scicimport1:McAfee Anti-Virus] installed, download and install it.  If unable to [register|scicimport1:ResNet registration] for the network, you can download it directly from the registration page.  If that doesn't work, contact an [RCC], who should have a CD or [Thumb drive] with all of the SCIC-recommended anti-malware software on it.

Also download and install [scicimport1:Spybot], if those are not already installed.

h4. 4. Reboot in Safe Mode

Reboot your computer.  As it begins to start up, hold down F8 (or, on some computers, F5) to enter [Safe Mode].  Choose *Safe Mode With Networking*, if your computer is registered for the network.  This will allow you to download updates for your anti-malware software.  If given multiple log-in options, choose *Administrator*.  The screen may look a little odd; don't worry about that, this is a normal quirk of Safe Mode.

h5. 5. Run scans

You should run scans with [McAfee Anti-Virus |scicimport1:McAfee Anti-Virus]and [scicimport1:Spybot].  Each is likely to catch malware that the other programs tend to miss.

*McAfee Anti-Virus*
[McAfee Anti-Virus|scicimport1:McAfee Anti-Virus] is available for free download along with all the other software provided by Carleton.

Go to *Start* \-> *Network Associates* \-> *VirusScan Console*.

If you are connected to the Internet, click on *AutoUpdate* and then the Play button to download software updates.  Then click on *DailyUpdate* and then the Play button to download the latest virus definitions.

Now click *Scan All Fixed Disks* and click the Play button.  This will become a long, thorough scan, which may take 45-90 minutes.  After it's finished, select all items that the scan found, right-click, and select *Delete*.


*Spybot*
Start [scicimport1:Spybot].  Click *Check for problems* to scan your computer.  This will take 15-45 minutes.  After it's finished, select all problems and then click *Fix selected problems*.  Spybot can be downloaded [here|http://www.safer-networking.org/en/download/].

*Windows Defender*
[Windows Defender] is another antispyware program designed by Microsoft.  It can be downloaded [here|http://www.microsoft.com/downloads/details.aspx?FamilyID=435bfce7-da2b-4a6a-afa4-f7f14e605a0d&displaylang=en].

h5. Finishing

Reboot your computer normally and see if your system appears to be working correctly.  You may wish to run scans again in normal mode to make sure that nothing new appears; if something does, it's possibly that a hidden program, not detected by your current anti-malware software, is spawning new malware on startup.  You may wish to [drop off|Computer Repair] your computer at the SCIC for more thorough cleanup.

The SCIC strongly recommends that Windows users perform this cleanup process at least once per term.
{expand}
{box}

For help

If a computer is infected and user is not able to remove the malware, he or she can:

  • For a Carleton-owned or student-owned computer, bring it to the ITS helpdesk (x5999)
  • For all other devices, contact a local computer repair service, for example Reboot Computers on Bridge Square in downtown Northfield.

...


Note

This page has been moved. See this page in our new Knowledge Base: Malware