Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 16 Next »

What is Malware?

Malware is an umbrella term for various types of malicious software. This term encompasses:

  • Viruses: program that disrupts the normal operation of a computer and causes problems to the computer.
  • Trojans: software programs devised by professional hackers to detect device activity, allowing the hacker to assume the user's identity.
  • Adware: advertising that is integrated into software.
  • Spyware: gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes.

One of our primary concerns is malware infections on Windows computers. Common symptoms of malware infection include slow computer performance; difficulty registering or accessing the network; the inability to run Windows Update, other software updates or anti-virus software such as McAfee; and unexplained pop-up warnings, errors, or ads.

Student-owned computers suspected of having any kind of malware infection can be dropped off free of charge at the ITS helpdesk from 8 am–5 pm Monday–Friday.

Tips to Help Avoid Infections

Mac users:

While it is true that there are far fewer infections for Mac computers, Macs are not invincible and CAN be infected. Many computers at Carleton were infected by the recent Flashback Trojan. Don't assume you don't need to be protected or be careful just because you're on a Mac!

It's nearly impossible to guarantee a way to avoid infections, but here are some good things to keep in mind:

  1. Have active and up-to-date trusted anti-virus software: McAfee and Norton are major names, but there are other providers that do a good job as well. You need to make sure it is a full-fledged anti-virus suite, however, and it is unlikely (though not impossible) that you'll find one for free.
  2. Pause and consider links and downloads before clicking and installing: Even trusted sources sometimes get hacked and can provide infected content. Take a moment and think about how likely it is that the action you're about to take will be safe—were you expecting that attachment? Do you think you really need that software to do what you're doing?
  3. Be suspicious of very scary warning messages: They're almost always malware themselves, especially if you have to click or install something to further scan your computer.
  4. Run anti-virus and anti-malware scans regularly: In addition to anti-virus, we recommend Spybot Search and Destroy as a fairly light-weight, useful anti-malware tool. Run scans (in safe mode if you're familiar) at least once a month to help keep your computer clean and healthy.
  5. Ask questions: If you're not sure about something, and don't know how to proceed, stop by the ITS helpdesk or give us a call at 507-222-5999, and we will help you out.
Cleaning Malware
  Click for instructions, but note: this process has not been updated recently and does NOT guarantee malware removal

This article describes the cleanup process the /wiki/spaces/TAR/pages/26468299 recommends for /wiki/spaces/scicimport1/pages/1769631 computers that may have some form of malware infection. This article does not cover other operating systems because in recent years there have been no reports at the SCIC of malware infections on student computers running /wiki/spaces/scicimport1/pages/1770712 or any other non-Windows operating system.

The SCIC strongly recommends that Windows users perform the following cleanup process at least once per term!

1. Remove unnecessary, pernicious software

If the computer is bootable in normal mode (if not, skip to scicimport1:Reboot in Safe Mode), go to the Add/Remove Programs control panel and remove any Norton-related programs. (When Norton and McAfee are both installed, they conflict with each other. Carleton only supports McAfee, which it provides free to all students.) Also remove any Peer-2-Peer software, such as Kazaa, Morpheus, or Audiogalaxy.

2. Disable startup items

This step prevents many unnecessary programs from running at start-up, including possible spyware. On most systems, it will dramatically increase start-up speeds. However, you may wish to re-enable some start-up programs later, after your system has been cleaned.

If you have Windows XP, ME, or 98, go to Start -> Run and type msconfig, then hit OK. Go to the Startup tab, then click Disable All. Click the checkboxes next to SHSTAT and UpdaterUI to re-enable them; these are core Windows programs.

On other versions of Windows, you will have to go in to the registry to change the startup items. Instructions can be found here.

3. Install anti-malware software

If you do not already have /wiki/spaces/scicimport1/pages/1769870 installed, download and install it. If unable to /wiki/spaces/scicimport1/pages/1769542 for the network, you can download it directly from the registration page. If that doesn't work, contact an /wiki/spaces/TAR/pages/26547273, who should have a CD or Thumb drive with all of the SCIC-recommended anti-malware software on it.

Also download and install /wiki/spaces/scicimport1/pages/1769577 if if are not already installed.

4. Reboot in Safe Mode

Reboot your computer. As it begins to start up, hold down F8 (or, on some computers, F5) to enter Safe Mode. Choose Safe Mode With Networking if your computer is registered for the network. This will allow you to download updates for your anti-malware software. If given multiple log-in options, choose Administrator. The screen may look a little odd; don't worry about that, this is a normal quirk of Safe Mode.

5. Run scans

You should run scans with /wiki/spaces/scicimport1/pages/1769870and /wiki/spaces/scicimport1/pages/1769577. Each is likely to catch malware that the other programs tend to miss.

McAfee Anti-Virus
/wiki/spaces/scicimport1/pages/1769870 is available for free download along with all the other software provided by Carleton.

Go to Start -> Network Associates -> VirusScan Console.

If you are connected to the Internet, click on AutoUpdate and then the Play button to download software updates. Then click on DailyUpdate and then the Play button to download the latest virus definitions.

Now click Scan All Fixed Disks and click the Play button. This will become a long, thorough scan, which may take 45–90 minutes. After it's finished, select all items that the scan found, right-click, and select Delete.

Spybot
Start /wiki/spaces/scicimport1/pages/1769577. Click Check for problems to scan your computer. This will take 15-45 minutes. After it's finished, select all problems and then click Fix selected problems. Spybot can be downloaded here.

Windows Defender
Windows Defender is another antispyware program designed by Microsoft. It can be downloaded here.

Finishing

Reboot your computer normally and see if your system appears to be working correctly. You may wish to run scans again in normal mode to make sure that nothing new appears; if something does, it's possibly that a hidden program, not detected by your current anti-malware software, is spawning new malware on startup. You may wish to drop off your computer at the SCIC for more thorough cleanup.

For Help

If a computer is infected and user is not able to remove the malware, he or she can:

  • For a Carleton-owned or student-owned computer, bring it to the ITS helpdesk (x5999).
  • For all other devices, contact a local computer repair service, for example Reboot Computers on Bridge Square in downtown Northfield.

If all else fails, users may have to wipe the hard drive and do a clean install of the operating system.

  • No labels