Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

My computer has a virus infection; how much has been compromised?

Question:

I have found that my computer contains 2 trojans. I have heard that hackers
use trojans to gain unauthorized access to all your data. Is this true? If so,
then is the data in my external hard disk (which I connect to the computer at
least once a week and for a span of half an hour) also compromised?

Sometimes. Maybe.

There are so many different types and variations of malware out there that
it’s hard to give a definite answer. However we can certainly examine what they
might be doing, and why. We’ll also look at the assumptions you’ll probably
make, and which of those I’d make in your shoes.

Become a Patron of Ask Leo! and go ad-free!

To answer your second question first, without knowing the specific malware
that you’ve been infected with we can’t make any assumptions at all about what
it might, or might not have access to.

Strike that, we can make only one assumption: malware can access everything
on your machine (even devices that are connected only occasionally) and quite
possibly any other machines on your local network as well.

Scary, huh?

So in your specific configuration, if your machine was infected the last
time you connected that external hard drive, it’s quite possible that it was
compromised.

Now, I also need to clarify what we might mean by the word “compromised”.
There are two primary forms:

“… this is malware we’re talking about. There are no
guarantees.”
  • Infection: the malware might simply copy itself to your
    external hard drive. The goal here is the malware’s propagation – it’s trying
    to move to other machines. If your external drive becomes infected and you were to then plug it into another machine it’s possible that the malware could
    infect that other machine. Your external hard drive could become a “carrier”
    for the malware.

  • Data Access: If your machine has been infected and the
    malware is active, then it absolutely could be accessing that external hard
    disk when it’s connected and, for all we know, locating “interesting stuff” and
    sending it off to points and people unknown.

Now, I want to be clear about something: as I understand it most
malware does neither. Most malware simply infects your machine and then goes on
to do other things. And of the two compromises that I’ve listed above,
Infection is the most likely form of compromise, in my opinion. As
we’ll see in a moment, most malware is more interested in propagating than it
is in your data.

More often than not if you’ve been infected data on your external drive has
not been harvested. But this is malware we’re talking about. There are no
guarantees.

So just what is malware doing if it’s not likely sucking up all your data
and sending it off somewhere?

In years past, malware’s goal was simply to cause trouble. It was more
likely that your data would disappear as the result of an infection, and not
much more. You might lose the contents of your hard disk, but none of that data
would have been sent anywhere.

In recent years the landscape has changed, and in a word that change is
spam”. Some very large percentage of malware these days is all about trying to
infect machines in order to create spam-sending zombies operating as part of
botnets. They have two goals:

  1. Propagate and infect more machines into joining the botnet.

  2. Wait for further instructions from the botnet operator. Typically that means
    being prepared to send out huge amounts of spam when instructed.

You can see that looking at your data isn’t part of their job.

Why the shift? Money. There’s no money in causing trouble for trouble’s
sake, but there are people willing to pay to get their spam sent. As a result
botnet operators can actually make money by managing a network of infected
zombie machines to send out spam.

So all that’s well and good, but if you’re infected what should you
do?

It depends on your level of paranoia.

What I would do is this: use anti-malware tools remove the malware
from the infected PC, and then also scan the external drive for
infections. Assuming everything turns out clean, I’d be satisfied and move on
with my life. (Taking note to avoid whatever it was I did to get infected in
the first place, of course.)

However, there’s an extremely paranoid, and yet very valid position with
regard to malware infections: “Once infected, all bets are off.” That means
that once you’ve been infected malware has become so stealthy and malicious
that there’s no way to know with 100% certainty that it’s really been
eradicated from a system. If you follow this philosophy to its logical
conclusion, the only action you can take after an infection is to reformat and
reinstall your machine from scratch. And sadly, taken to this extreme, that
includes the external hard drive.

To be clear, I would not do this on a personal machine. Your
situation might be different; I’d expect government and other sensitive
installations to perhaps need to be more paranoid about these types of things.
I’m typically quite happy with a good virus scan and cleanup. The only
exception was some years ago when the server hosting Ask Leo! became infected –
I elected at that point to build out a new server and move the site and my
other data to it. The infected server was then reformatted.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

7 comments on “My computer has a virus infection; how much has been compromised?”

  1. I hate this question cause it’s happened to me so many times before….. I can not stand just a single, standard AV run to catch everything… I have to do a fully detailed scan with NOD32 (my recommended av)with all the options checked and let it run for as many hours as it needs. I then have to do the same with another av to make sure and then another scan with a mal/spyware checker.. All this while disconnected from the internet, just in case something is trying to communicate outside… It’s such a hassle, but it’s 99.9% guaranteed to catch it all.. I would then connect back to the internet, download the latest virus defs for both AVs and run them both on detailed scan again if there were new update.

    Reply
  2. Just another thought. There is nothing more safe than having your Virus scan turned on at all times. Catch the threat BEFORE you get infected. I’ve had to many times, after a fresh windows install, pass on installing an AV till the end. Biggest mistake ever each time, yet I sill do it thinking I would be safe… Never am…

    I do install backup software first before anything though :)

    Reply
  3. Hello, as a fellow quote unquote “G33K”, there be many ways of clearning your nasties (otherly known as bugs, worms, trojans, viruses, and etc). The most promenant way of clearing these is of the use by the avarage anti-virus cleaner. These are for your everyday use and most people think with the mindset that if these dont pick up anything, then your clean, this is a wrong usumption. Often scan with tools other than your antivirus, and make them a different brand, dosn’t meen you need to go spend 400 dollars, 200 british pound or etc on software, I did mine all for free.

    AVG free is for simple cleaning once a week. I recomend you do a complete scan with every tool I mention. You do not need to use these to keep in mind, but alternatives are also usefull. I often just use trials of programs, and just uninstall them when done or crack, buy, torrent, p2p or get ripped versions of them (don’t, most people will regret this since doing this can often result in malware). Ad-aware is usefull, until about the first week when the trial expires. That is one thing I should say to the mom. It is good that you buy the program because it will not update after then. Use command prompt utils availible at both Nortan and Macafee (both free for IT peoples that know what they be doing) and when buying as a normal persons, you be buynig for the contant security and visual boggieness, use this to scan about once a week or ever seven days, or you know what I mean.

    As an ex-virus writer, to mindset is of the most important, to catch me, or the billions of others, then you must think like us. Protect your sensitive material, make your computer safe with a good firewall, even if that means getting zone alarm.

    One thing you should know, is that I turned to programming as my professions, it be much more chalenging (although much in the same as virus programming), it actually has a purpose for macking legal money these days, and thats what I do. Like I said, use a good fire wall (that means patching and securing your routers too, they are easy to get into and kill yer computers if they are left unsecure since all I have to do is walk up to yer be’s house with a laptop and wireless card and start ‘a’ tappin’ on the keys and I can make your computer a living zombie to do anything I say, send me all your cached files, install keyloggers and etc and make your bank accout virtualy open to the world, not to scare yall, but this is the risks of viruses at the extreme.)

    Now a good malware remover (take in mind microsoft is new at this, that is why they have so many holes in windows, they are novice antivirus writterns.), antivirus, firewall, spyware remover, adware remover (often packaged with spyware removers) and etc, and just scan, dont download anything that seems to not be needed, and scan weekly, this should help yer daily persons.

    Reply
  4. Also Chris, NOD32 is gewd. But viruses are in the breeding constantly, antiviruses look for attributes and actions of viruses, and in most cases, viruses are in the form of windows files, making a reinstall neccisary, and etc, and most antiviruses wont catch new malware for at least a day, thats many computer infected, by the milliuons, so there is never a complete security.

    Sorry I completely butchered me spelling, its too early in the mosrning.

    Reply
  5. hi
    please help me
    my cool disk has a terrible problem.
    when i have a data in it sudenley all folder change to folder that their name is unintelligible and when i open this folder it apear nothing in it. and i cant delet them. i had to format my cool disk to delet . i use avg antiviros or remove run auto paly but it dosent work.please help me

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.