| |
Back
to home page |
| |
Malware
is any "malicious software" that runs without the users knowledge
or consent |
| |
Table of Contents:
|
| |
1.
Purpose |
(go
to Purpose) |
| |
2.
Important Terminology |
(go
to Trminology) |
| |
3. Warnings |
(go
to Warnings) |
| |
4. Where to begin? |
(go
to Where to begin?) |
| |
5. Symptoms |
(go
to Symptoms) |
| |
6.
Alphabetical checklist on handling malware |
|
| |
1. Purpose(next) |
| |
The following is a list of
malicious software ("malware") considered harmful to end users
most often runs without their knowledge or consent. The hyperlinks and checklist
categories, provided below, illustrate how the software should be removed
from the users workstation. |
| |
Removal often entails detailed
technical support. If a novice user attempts to remove items from this list
the control panel locks up and\or the software cannot be removed simply
by using the add and remove programs option in the control panel. |
| |
The list below is kept up to
date as new harmful software is detected through popup-blockers, Symantec
anti-virus software detection or best practices of the user that keeps themselves
informed of the latest attacks. |
| |
Note: Any software
which redirects you back to an internet site to uninstall software is considered
intrusive and should not remain on the PC. |
| |
2. Important Terminology(next)
(back to Table of Contents) For more detailed
source for terms go this symantec
link. |
| |
a. Adware - Programs that
facilitate delivery of advertising content to the user through their own
window, or by utilizing another program's interface. In some cases, these
programs may gather information from the user's computer, including information
related to Internet browser usage or other computing
habits, and relay this information back to a remote computer or other location
in cyber-space. Adware can be downloaded from Web sites (typically in shareware
or freeware), email messages, and instant messengers. Additionally, a user
may unknowingly receive and/or trigger adware by
accepting an End User License Agreement from a software program linked to
the adware or from visiting a website that downloads the adware with or
without an End User License Agreement. |
| |
b. BHO - A Browser Helper
Object, or BHO, is a small program that runs automatically every time you
start your Internet browser. Usually, a BHO is installed on your system
by another software program. It is a DLL. They can also routinely conflict
with other running programs, cause a variety of page faults, run time errors,
and the like, and generally impede browsing. If you simply rename the discovered
.DLL coming from spyware or adware - you may render connectivity to the
internet inoperable. BHO can be linked to Adware or Spyware. It's purpose
is to monitor the end user's web serfing habits and sends this data to a
remote server. The remote server then can contract with other vendors and
send the end user pop-up advertisements. Some types of BHO's detects the
time the user has spent on that site and sends that information to affiliated
websites. The user then may get other Adware or Spyware from sources they
have not connected to. |
| |
c. Data miner - A data miner
is a program that can collect information on how you browse and use websites.
The collected information can include data gathered from forms you fill
in and submit. Usually data miners work without your knowledge. Some spyware
tools use this term instead of BHO. |
| |
d. Dialers - Any dialer programs
running on a user's workstation should be regarded as a security
incident and should be reported immediately because they
effect billing and security. Programs that use a computer or modem to dial
out to a toll number or internet site, typically to accrue charges. Dialers
can be installed with or without a user’s explicit knowledge, and
may perform their dialing activity without a user’s specific consent
prior to dialing. To get a list of dialer programs click
here. For
more explicit idea of what dialers do and why they are forbidden
click
here |
| |
e. Hack Tools -
Hack Tools can be used by a hacker or unauthorized user to attack,
gain unwelcome access to or perform identification or fingerprinting of
your computer. While some hack tools may also be valid for legitimate purposes,
their ability to facilitate unwanted access makes them a risk. Hack tools
also generally: |
| |
(1) Attempt to gain information on or access hosts surreptitiously,
utilizing methods that circumvent or bypass obvious security mechanisms
inherent to the system it is installed on, and/or Facilitate an attempt
at disabling a target computer, preventing its normal use.
|
| |
(2) One example of a hack tool
is a keystroke logger -- this program that tracks and
records individual keystrokes and can send this information back to
the hacker. Hack Tool also applies to programs that facilitate attacks
on third-party computers as part of a direct or distributed denial-of-service
attempt.
|
| |
f. Joke - It is a malicious
display of messages or distortion of monitor activity Simple scans should
be able to remove these files. Some messages give users message that their
PC is inoperative. They are closer to hoaxes than adware. |
| |
g. Remote Access - Are programs
that allow one computer to access another computer (or facilitate such access)
without explicit authorization when an access attempt is made. Once access
is gained, usually over the Internet or by direct dial access, the remote
access program can attack
or alter other computers. It may also have the ability to gather personal
information, or infect or delete files. They may also create the risk that
third party programs can exploit its presence to obtain access. Such remote
access programs generally:
Attempt to remain unnoticed, either by actively hiding or simply not making
their presence on a system known to the user, and/or attempt to hide any
evidence of their being accessed remotely over a network or via the internet.
These programs provide access that may include notifying a remote host of
the machine by sending its address or location, or employing functionality
that wholly or partially automates access to the computer on which the program
is installed. |
| |
h. Spyware - Programs that
have the ability to scan systems or monitor activity and relay information
to other computers or locations in cyber-space. Among the information that
may be actively or passively gathered and disseminated by Spyware: passwords,
log-in details, account numbers, personal information, individual files
or other personal documents. Spyware may also gather and distribute information
related to the user's computer, applications running on the computer, Internet
browser usage or other computing habits. Spyware frequently attempts to
remain unnoticed, either by actively hiding or by simply not making its
presence on a system known to the user. Spyware can be downloaded from Web
sites (typically in shareware or freeware), email messages, and instant
messengers. Additionally, a user may unknowingly receive and/or trigger
spyware by accepting an End User License Agreement from a software program
linked to the spyware or from visiting a website that downloads the spyware
with or without an End User License Agreement. |
| |
i. Trackware - Programs that
track system activity, gather system information, or track user habits and
relay this information to third-party organizations. The information gathered
by such programs is neither personally identifiable nor confidential. Trackware
programs are installed with the user's consent and may also be packaged
as part of other software installed by the user. |
| |
j. Trojan Horse- A destructive
program that masquerades as a benign application. Unlike viruses, Trojan
horses do not replicate themselves but they can be just
as destructive. One of the most insidious types of Trojan horse is a program
that claims to rid your computer of viruses but instead introduces viruses
onto your computer. Trojan horses can steals system information and send
it to predetermined Web servers. An example are false warning notices to
users to upgrade Microsoft's Internet Explorer. |
| |
3. Warnings
(next) (back
to table of contents) |
| |
a. If anyone ignores the message
to fix any malware in safe mode with system restore off they may wind up
corrupting their workstation. |
| |
b. If the workstation is reimaged
because it is badly infected with lots of malware, and the end user does
not change their habits of surfing on the internet then the likelihood of
the workstation being reinfected is very high. |
| |
c. There are two places to
look: Threat History and Tamper History - the vast major of times Threat
History will be sufficient |
| |
(1) Threat History - Four common sources
of threats exist - floppies that are infected, CD's that cantain applications
that go to the internet to download applications that have spyware or
adware attached, surfing sites that contain threats or most common downloading
shareware or freeware that carries with it adware/spyware.
|
| |
(2) Tamper History - If internal or
external sources attempted to alter the method of Symantec's tamper
protection then this would flag identifying the source of the tampering.
|
| |
4.
Where to begin? (next)
(back to table of contents) |
| |
a. Go to Norton
Symantec's website search tool as a good starting point . Click
here |
| |
b. There
is a alphabetical and chronological list of removal tools on Symantec's
web site is next place to check. Click
here |
| |
c. A
list of removal tools from Symantec can be found easily enough
Click
here. |
| |
d. If the
user has not experienced viruses or popups in the past then it is very sound
it to check for the most recent
attacks. |
| |
e. Another
useful link if the malware is not on the list below
is Click
here Still another useful auxiliary link is
Click
here |
| |
f. Sometimes
it is important to check what processes are running(Ctrl+Alt+Del
Task List Processes) to see if they may contain hidden malicious programs
unknown to the end user. Click
here to check the list of processes and their purpose. |
| |
g. A
brief glossary of terms to assist in documentation can be found Click
here. |
| |
5. Symptoms:
This is a checklist of questions for the end user: (next)
(back to table of contents) |
