Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

What is Malware

Malware is an umbrella term for various types of malicious software. This term encompasses:

Viruses: program that disrupts the normal operation of a computer and causes problems to the computer.
Trojans: software programs devised by professional hackers to detect activity on PCs allowing the hacker to assume the user's identity.
Adware: advertising that is integrated into software.
Spyware: gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes.

One of the primary concerns of is malware infections on Windows computers. Common symptoms of malware infection include slow computer performance; difficulty registering or accessing the network; the inability to run Windows Update, other software updates or anti-virus software such as McAfee; and unexplained pop-up warnings, errors or ads.

Student-owned computers suspected to have any kind of malware infection can be [dropped off] free of charge at the ITS helpdesk from 8am - 5pm Monday-Friday.

Tips to help Avoid Infections

Mac users:

While it is true that there are far fewer infections for Mac computers, Macs are not invincible, and CAN be infected.
Many computers at Carleton were infected by the recent Flashback Trojan.
Do not assume you don't need to be protected or be careful just because you're on a Mac.

It is nearly impossible to guarantee a way to avoid infections, but here are some good things to keep in mind:

  1. Have active and up-to-date trusted anti-virus software:  McAfee and Norton are major names, but there are other providers that do a good job as well.  You need to make sure it is a full-fledged anti-virus suite, however, and it is unlikely (though not impossible) that you'll find one for free.
  2. Pause and consider links and downloads before clicking and installing: even trusted sources sometimes get hacked and can provide infected content.  Take a moment and think about how likely it is that the action you're about to take will be safe - were you expecting that attachment? Do you think you really need that software to do what you're doing?
  3. Be suspicious of very scary warning messages: They're almost always malware themselves, especially if you have to click or install something to further scan your computer.
  4. Run anti-virus and anti-malware scans regularly: In addition to anti-virus, we recommend Spybot Search and Destroy as a fairly light-weight, useful anti-malware tool.  Run scans (in safe mode if you're familiar) at least once a month to help keep your computer clean and healthy
  5. Ask questions: If you're not sure about something, and don't know how to proceed, stop by the ITS helpdesk or give us a call at 507-222-5999 and we will help you out
Unknown macro: {box}
  Click for instructions, but note: this process has not been updated recently and does NOT guarantee malware removal

This article describes the cleanup process the [SCIC] recommends for [scicimport1:Windows] computers that may have some form of [scicimport1:malware] infection. This article does not cover other operating systems because, in recent years, there have been no reports at the SCIC of malware infections on student computers running [scicimport1:Mac OS] or any other non-Windows operating system.

1. Remove unnecessary, pernicious software

If the computer is bootable in normal mode (if not, skip to scicimport1:Reboot in Safe Mode), go to the Add/Remove Programs control panel and remove any [scicimport1:Norton]-related programs. (When Norton and McAfee are both installed, they conflict with each other. Carleton only supports McAfee, which it provides free to all students.) Also remove any Peer-2-Peer software, such as Kazaa, Morpheus, or Audiogalaxy.

2. Disable startup items

This step prevents many unnecessary programs from running at start-up, including possible spyware. On most systems, it will increase start-up speeds dramatically. However, you may wish to re-enable some start-up programs later, after your system has been cleaned.

If you have Windows XP, ME, or 98, go to Start -> Run and type msconfig, then hit OK. Go to the Startup tab, then click Disable All. Click the checkboxes next to SHSTAT and UpdaterUI to re-enable them; these are core Windows programs.

On other versions of Windows, you will have to go in to the registry to change the startup items. Instructions can be found here.

3. Install anti-malware software

If you do not already have [McAfee Anti-Virus] installed, download and install it. If unable to [register] for the network, you can download it directly from the registration page. If that doesn't work, contact an [RCC], who should have a CD or [Thumb drive] with all of the SCIC-recommended anti-malware software on it.

Also download and install [scicimport1:Spybot], if those are not already installed.

4. Reboot in Safe Mode

Reboot your computer. As it begins to start up, hold down F8 (or, on some computers, F5) to enter [Safe Mode]. Choose Safe Mode With Networking, if your computer is registered for the network. This will allow you to download updates for your anti-malware software. If given multiple log-in options, choose Administrator. The screen may look a little odd; don't worry about that, this is a normal quirk of Safe Mode.

5. Run scans

You should run scans with [McAfee Anti-Virus ]and [scicimport1:Spybot]. Each is likely to catch malware that the other programs tend to miss.

McAfee Anti-Virus
[McAfee Anti-Virus] is available for free download along with all the other software provided by Carleton.

Go to Start -> Network Associates -> VirusScan Console.

If you are connected to the Internet, click on AutoUpdate and then the Play button to download software updates. Then click on DailyUpdate and then the Play button to download the latest virus definitions.

Now click Scan All Fixed Disks and click the Play button. This will become a long, thorough scan, which may take 45-90 minutes. After it's finished, select all items that the scan found, right-click, and select Delete.

Spybot
Start [scicimport1:Spybot]. Click Check for problems to scan your computer. This will take 15-45 minutes. After it's finished, select all problems and then click Fix selected problems. Spybot can be downloaded here.

Windows Defender
[Windows Defender] is another antispyware program designed by Microsoft. It can be downloaded here.

Finishing

Reboot your computer normally and see if your system appears to be working correctly. You may wish to run scans again in normal mode to make sure that nothing new appears; if something does, it's possibly that a hidden program, not detected by your current anti-malware software, is spawning new malware on startup. You may wish to [drop off] your computer at the SCIC for more thorough cleanup.

The SCIC strongly recommends that Windows users perform this cleanup process at least once per term.

FAQs

1. How can I tell if a computer is suffering from virus or Adware problems?

Is your computer a Mac? If so, you are probably not suffering from virus problems but something else. There are hardly any known viruses that affect Macs.

As for PC's...

  • 1. You've noticed that your computer has been running a lot slower lately, especially during startup, but also just during general usage (browsing the web, checking e-mail, playing music), and you can't remember installing anything new which might be the cause of this.
  • 2. You've received an e-mail from Les LaCroix (llacroix@carleton.edu) telling you that you have a virus and that you need to clean your system or you will be disconnected from the Carleton ResNet (however, if the e-mail has an attachment, it's probably not really from Les, and you should not open it!).
  • 3. McAfee VirusScan or another virus scan program tells you that it has found a virus.
  • 4. If you have a virus, clean it.

2. Why isn't the virus scan removing the virus?

If your virus scan has found a virus (or any other piece of malware), but it can't remove it, try going into Safe Mode before running virus scan. If this still doesn't work, contact the [SCIC].

For help

If a computer is infected and user is not able to remove the malware, he or she can:

  • For a student, bring it to the SCIC (x4040).
  • For faculty or staff, bring it to ITS (x5999).

If all else fails, user may have to wipe their hard drive and do a clean install of their operating system.

  • No labels