Tuesday, April 10, 2012

Disinfecting a Windows machine

I recently received a spam email from a family member with an unfamiliar, suspicious link. This prompted me to reach out to try to help clean up their computer. I recommended changing the email password from a clean, uninfected machine, but after a few attempts at that, the spam email continued. My next conclusion was that there must still be some malware on the machine. Following are some steps that I provided which may be useful to others who are trying to disinfect a Windows computer from a virus, rootkit, or other malware:
  1. Go to Add/Remove programs and uninstall any "extraneous debris," or any software that you simply don't need. Additional software only increases the attack vector for hackers seeking to leverage known vulnerabilities in software.
  2. Download the Windows Defender Offline tool and create a bootable CD or USB drive from a cleanuninfected computer. You will boot to this tool on the infected machine, which will run before Windows ever loads. What happens is that the malware is so sophisticated that it is able to hide itself from the antivirus scanners using what are called rootkits. The Windows Defender Offline tool should overcome that by booting first and rooting out the problem.
  3. Consider running an additional offline scan using the Kaspersky Rescue Disk. Remember to create a bootable USB or CD from an uninfected computer. Follow the instructions to run an offline scan (meaning that you boot to the rescue disk before Windows loads).
  4. If the above two steps are able to uncover any malware and clean it, then boot the machine as you would normally, and launch the Secunia Personal Software Inspector (online). This requires Java, which I normally recommend uninstalling unless you specifically need it for something, since many of the exploits in recent weeks have leveraged an un-patched flaw in the Java run-time environment. This will scan your computer for any vulnerable or outdated software. Apply the updates as recommended, and ensure that Windows Update is configured to automatically download and install any new updates from Microsoft. You should even launch Windows Update to make sure that there aren't any pending security patches.
  5. If steps 2 and 3 fail to find any malware, consider backing up all of your important files to an external USB drive, then reformatting the computer with your system restore disk (Windows install disk). Sometimes, rather than spend hours and days trying to weed out malware, it is better to start with a clean slate. When you re-install Windows, make sure to load Microsoft Security Essentials before doing anything else.
  6. Going forward, make sure to not click on any unfamiliar links in email or open any email attachments, unless it is something you are expecting--even then, open with extreme caution. Be careful about what software you install--is it something you really need, or are you just installing it for fun? Make sure to run files you download through VirusTotal, which scans the file using a large database of antivirus programs.

No comments:

Post a Comment