In a previous article, I wrote at length on how ransomware is nothing special when it comes to prevention — it’s “just” malware, and the same steps you take to protect yourself against malware are the steps you take to protect yourself from ransomware.
Because of ransomware’s devastating consequences, however, many people want additional assurance that they’re protected, even if they allow such malware to reach their machine. In particular, two questions come up often: what about files stored in services like OneDrive or Dropbox, and what about backups stored on connected external hard drives?
I recently became aware of a couple of features specifically designed to allay those concerns.
I called a number that I thought was the support center and was immediately connected with a technician who skillfully asked my permission to allow him access to my computer so that he could diagnose the problem and I agreed. After he informed me that I had over a thousand errors that needed to be erased and that he could do this for me for only $250.00 I realized that this was some kind of scam and I promptly ended the call. What kind of risk have I exposed myself to?
First, good on you for terminating that call. While it may have obviously been a scam to you and me, I continue to hear that many people fall for it.
But the big question is, you let a stranger with malicious intent use your machine remotely. How worried should you be?
Ending up with random software on your machine that you never wanted in the first place is annoying as all heck.
Unfortunately, it’s happening more and more. I’d say that PUPs (Potentially Unwanted Programs, although there’s rarely any “potentially” about it), rogue toolbars, and search-engine hijacks are some of the most common issues I see in my inbox.
I’ll talk a little about prevention, but first, let’s walk through the steps I recommend when you suddenly realize you’ve been saddled with software you didn’t know you’d agreed to and certainly never wanted.
Some time ago, news broke that the U.S. government had plans to destroy up to $3 million worth of computers. In fact, they had already destroyed thousands of dollars of computers by the time the story came out.
Why were they doing it? Because of a malware infection.
I get the question, “Should I just throw it out?” due to malware more often than you think. It’s the knee-jerk reaction of someone who has a machine that is fairly infected and feels utterly hopeless about getting it cleared up again.
But I want to be very clear about something. There is never, ever a reason to destroy hardware because of malware.
Someone’s pointing me to a downloadable program as solution for a problem I’m having. I’m really hesitant to download and run unknown EXE files. Is there any way I can scan it with some program or otherwise ascertain if it’s clean or riddled with subtle spyware, viruses, or what ever else could be bad?
I was somewhat taken aback by this question. It’s a perfectly good question — it’s one that more people should be asking more often.
No, my reaction was due to the lack of a good answer.
It turns out that it’s fairly difficult to ascertain whether or not something you’ve downloaded is about to play havoc with your system, particularly before you download it.
How do I find out or know that my computer is free of keyloggers? Would Windows Defender or MalwareBytes find them if there are any, or do you have a referenced article on the topic where I can read about it? Understand that this is the biggest security concern I have about my computer nowadays.
How do you know your computer is free of keyloggers? You don’t.
It’s not the answer most people want to hear, but it’s the true bottom line.
There are a few reasons for it, which I’ll discuss, as well as what you and I need to do in the face of this rather grim reality.
My bank account was just hacked. The hacker opened a new account, transferred money from my line of credit into that account, then transferred the money out to his outside account. So, it appears he somehow got my client card number and my password.
My laptop is about five years old, running Windows 7, which I update every week. I have BitDefender for virus scans, which I do a full system scan every week. My password was 15 characters long, with a mix of numbers and upper and lowercase letters. When I am not at home, I use a VPN service while on the internet. I have changed my bank passwords to 22 characters long and installed Malwarebytes Premium for real time virus protection.
So, I have two questions: how could a hacker possibly do this with the precautions I have? and how can I protect myself further from this point?
You do have good security in place — above average, I’d say. That makes this situation a little more difficult to diagnose, as well as a tad more frustrating.
While I certainly can’t tell you exactly what happened, I can speculate on some possibilities. I also have a few ideas on how I’d protect myself if I were in your shoes.
Two newly discovered vulnerabilities have been getting a lot of press recently. Much of it has been quite sensationalist, due to the nature of the underlying issues.
The flaws are in hardware design — specifically the CPU — and not just one CPU, but apparently a wide variety of CPUs — meaning that just about any computer or device using the most popular CPUs of the last couple of decades is probably vulnerable to the issue.
So, to answer everyone’s first question: yes, your computer or mobile device is likely affected.
What are the signs that my PC has been compromised, if nothing is visibly noticeable? By that I mean that perhaps someone is quietly reading my e-mail, or even somehow sees my screen or logs my keystrokes?
You’re not going to like the answer to this one.
There may be no signs at all. It’s possible for a machine to be compromised even though it seems to be working properly.
I get variations of this question often. Someone has correctly determined their computer has some kind of malware, either by symptoms or some other means, but the anti-malware program they’re running fails to detect it — or perhaps detects it, but fails to repair it.
It’s a race, folks, and sometimes your security software isn’t in the lead.
Can you tell me more about zero-day drive-by attacks? I experienced one on my fully updated and patched Windows computer (automatic Windows Update ON) which has the latest anti-malware tools. I saw the hacked behavior and immediately turned off my computer. Scanning both before and after this attack showed no prior or present malware infection. Is this the best response for such attacks as it appears to have successfully prevented malware infection by this drive-by attack that I experienced?
The very nature of “zero day” exploits is that your virus scanner would show that you were clean both before and after being infected.
It’s not until your anti-virus software provider updates their virus databases and you take that update that your scanner knows what to look for.
I am trying to fix a computer that has malware preventing me from getting into regedit and task manager. It will not let me boot into safe mode. It will not let me install any anti-spyware or anti-virus software. I’m not sure where to go from here. It has stopped me from doing much of anything to get the malware off the computer. Any suggestions?
Sadly, this is all too common. Malware can be pretty sophisticated, and it can work hard to prevent you from removing it. That means you may be blocked from downloading or running anti-malware software, or be prevented from running tools already on your machine that might help.
I’ll save the “prevention is so much easier than the cure” missive for a moment. We just want this fixed.
There are things that we can try, but unfortunately, there are no guarantees.
Why would an exploit not be caught or detected by my antivirus program (Avast) or Malwarebytes (running in the background)? If not detectable, how much “damage” can the exploit actually do if users follow prudent operating precautions? Would System Restore be usable if infected? I have also followed your advice and routinely image my Dell laptop.
We need to clear up a little terminology, but your question is a very good one: how can malware get past anti-malware programs to infect the software installed on your machine?
And more importantly, what can you do to protect yourself?
Let’s define some terms with what I’m thinking is my silliest metaphor ever, and then talk about how to stay safe.
I wonder if a backup system that uses an external disk is safe from Ransomware. I have Acronis True Image 2015 – paid version, and do a full backup once a month and an incremental daily. Can Ransomware get to that backup? It is, in reality, just another disk in my system.
The best we can say is … maybe.
It actually depends on a lot of different things, including the type of backup, where it’s stored, and the specific characteristics of the ransomware involved. That’s perhaps the biggest unknown: there are many different types of ransomware, each with different characteristics.
Of course, what to do about this “maybe” also represents a trade-off between getting regular backups and keeping those backups safe.
When installing some software programs I purchased on the web, it says while installing to click on, say, Ask Jeeves for a search engine. This is “recommended” and also is the Ask Jeeves toolbar again recommended. To be quite blunt about this, Leo, I did not click those even though they were recommended. In the past, I recall that some of this stuff is quite aggressive and soon after the install, my PC wasn’t running right. Can the seller that I purchased my software from cause the software to not run correctly because I didn’t install the search engine or toolbar that was recommended with the software?
You did the right thing. If the software is truly optional, then saying “no” should have no impact on your ability to use the software you actually want.
Software installations have become more and more aggressive in attempting to get you to install add-ons that are unrelated to the software you’ve actually purchased.
I keep hearing of viruses that encrypt your hard drive, and even the files on your external hard drive. Doesn’t that mean that my backups would be encrypted as well? Friends are telling me I should disconnect my backup drive when I’m not using it, but that doesn’t feel right either. What should I do?
My opinion is that you run a higher risk of not being backed up if you disconnect the drive than you do having your backups encrypted by ransomware.
Put another way: leave the drive connected and continue to let your backups run automatically.
I’ll explain why I feel that way, and what you can do to mitigate the risk of ransomware.
I give up. My computer has been infected with malware – lots of it – and I can’t seem to get rid of it all. I’m ready to throw in the towel. Should I just get a new computer? Wouldn’t that just solve everything?
You should never have to buy a new computer because of malware.
I hear from people all the time who have machines infected with varying degrees of malware. Their goal is simple: their computer is crippled with malware and they just want it to work so that they can get on with their lives.
If that’s you, and you’re at the point where you’re considering getting a new computer because of it, wait.
Before you get out your credit card and lay out money on a new computer, allow me to clear up some common confusion and possibly save you some cash.
A family member got scammed by a telephone call from someone saying that they were from Microsoft, calling because of PC error reports. Unfortunately, remote access was given. What should be done to prevent further compromise of the PC data? Help!
Note: MS scanner and a Norton scan were done and showed no problems. Remote access software files were removed manually from PC. Could the scammer again access the PC data? Data is backed up to the external drive (not plugged in at the time of the scam). Can the same files/data be safely loaded on to a new HD/computer?
As you point out, it’s a scam. Microsoft doesn’t call people because of errors on their computers. Neither do ISPs, security companies, or pretty much anyone else who might have some role of internet authority.
What’s the best anti-virus program? There’s been so much talk on just how each one works and which has the best protection; it’s really hard to decide which one to choose. One day you might read a review that says one thing and the next day says another, so it really gets quite confusing.
This question comes up all the time. The problem is that it’s both trivial to answer and it’s impossible to answer. There’s a strong argument that says there’s no objective answer at all.
It’s all about opinion, so let me tell you mine: there is no best anti-virus tool. There are several good ones, but none are perfect. And in fact, one that works well for your friend may not work at all for you.
Hi, Leo. Do you have any observations, comments or advice about the recent Symantec talk given to Wall Street Journal? They seem to say that only 45% of computer viruses are caught. Are we as home users more prone to attack nowadays, or is this comment mainly directed to companies as an earnings increase tactic? I’m sure we’ll be interested in their falling profits.
Yeah, this actually made the headlines a couple of weeks ago. The headline that was being generated of course, was “Antivirus is dead”.
Antivirus is not dead.
In my opinion this is just another case where somebody chooses an exceptionally sensational headline or position in the hopes that it will get people talking. Apparently they succeeded, because here I am, talking about it.
I had Microsoft Security Essentials installed for my anti-virus in my Windows Vista but it was still infected with malware that was added from the search site Conduit. I removed it, Conduit, and all its garbage but I kept getting malware detections when I did the security scan. My Microsoft Security Essentials kept getting turned off when I shut down my computer so when I turned my computer on again, I had to turn Microsoft Security Essentials back on. So I downloaded Bullguard because I tried the free version a while ago and it worked great.
Well, it also caught the malware, but I went through the process a few times before it deleted the malware. Also, my main computer profile will not open since View Password was part of the malware and the anti-virus deleted it and my profile is closed. So, I had to make a new profile but strangely, I can open the closed profile in Safe Mode. My scans are clean now for the last 3 days (or so it says) so that problem appears to be gone. I have no more malware or virus notices. I also deleted all temp files and all other non-essential files that were downloaded on that date as well. My problem is this: my computer is very slow now.
I have three bars of internet and plenty of disk space so it should be faster. I keep it cleaned and defragged but many times now I have to refresh to do anything online and sometimes offline. So I’m wondering if the malware has somehow embedded itself and is hiding in my anti-virus? Is that possible? Or am I just paranoid. I wonder if it’s really cleaned? What is the best and safest way to be sure – and the best cleaner that you would recommend?
The best and safest way? I’m afraid you’re not going to like my answer.
Hi, Leo. I seem to remember reading some time ago that it was not safe to download anything from CNet plus I suffered a malware infection, which might have been caused by a download from that site. I’ve been reading your article about Macrium Reflect and considered downloading the free version from the CNet website. What’s your opinion on CNet? Do you think it’s safe to download from this site? I’m presently using Windows XP.
I actually now recommend that you avoid all download sites if at all possible. There are simply too many stories exactly like yours: downloads that come with much more than is expected.
Is there such a thing as a computer that’s not infected? I’ve been diligently and faithfully watching my XP for years and yet I’ve been invaded by malware and cannot get rid of it. I’m using AVG 2014; updating it the first thing every day when I turn on the computer. Running MS Security Essentials, Malwarebytes anti-malware yet I have been infected by something called Friendschecker that pops up in Firefox and Internet Explorer. I searched high and low for some tool to delete this despicable program but no luck so far.
Googling is useless as the responses are full of “go to Control Panel, choose friendschecker and delete it.” The program just doesn’t show up. I use CCleaner and Advanced Uninstaller (both fabulous tools) but they don’t find this program. Noted that I use the free tools but what I noticed is that this virus seems to have migrated over to my netbook while it is connected to my home network. As a long time computer user, I’m at my wits’ end. Could you please suggest a virus remover program that is better than the ones I’ve listed? What about deleting Facebook completely? Could that help? I think I deleted something from Facebook, people I have no connection to at all, so I have no problem trying to delete Facebook if it can be done at all.
To be clear, deleting Facebook won’t help. Facebook is nothing more than a website you visit. It actually doesn’t install anything on your computer, so there’s nothing to delete. There are occasionally rogue apps that try to install stuff on your computer, but you usually get those by visiting sites other than Facebook where they try to get you to download something. That’s more traditional malware, as it does in fact download and install on your machine.
Now, I’m not even saying that’s how you got this.
To be honest, I don’t really know exactly how you got it. Somehow, somewhere, though, something was indeed downloaded and installed on your machine.
Leo, I believe that the vast majority of PC users are not exactly sure about what is normal or what’s supposed to happen during the Windows uninstall process; most specifically, or importantly, when dealing with malware. Can the unscrupulous malware writers hijack the process somehow in an attempt to get the PC user to install something else, or worse??
It might be helpful here to start with a definition of the term “uninstall”. “Uninstall” is a term we use to refer to the orderly process of removing software that has been installed. It’s usually performed by the very setup program that put it there in the first place.
And, to be clear, there’s really no such thing as a standard Windows uninstall process.
Hello, Leo. Tonight on Dutch TV news, there was a warning that hackers can use your webcam although you do not actually use the camera yourself. It’s recommended that the lens should be blinded by means of a sticker or something similar. What’s your opinion on this?
My opinion is that this is another case of everybody getting all excited about one very specific issue.
The problem here is really much, much larger and a lot less newsworthy than getting everyone excited about their webcam. It’s essentially sensationalistic journalism.
You can cover your lens if you want to, but that really, really misses the point.
Leo, I am terrified of getting a virus or some form of malware by clicking on a photo on the web such as an image in Google Image Search or on a forum where someone has posted a thumbnail image to a larger photo. I frequent a photo sharing website and asked the webmaster about this and he sent me this reply: “Well, technically speaking, a picture cannot contain malware. A picture can contain malicious code, which can only be executed by computers, which are already infected with a special virus designed to execute that malicious code. The name of that virus is “Perrun” and it’s more of a proof of concept than an actual virus. If you’d like to be on the safe side, I suggest you look for a freeware online to verify that you are not affected with the “Perrun” virus. Then you can click any photo you want on the web and not worry about catching anything.”
Now I use Google Chrome as my default browser and I frequently use the right-click “Search Google for this image” feature and find the highest resolution of a photo. I have even installed the VirusTotal.com VTchromizer extension to my browser and use it to pre-scan every photo. But still, just the act of right-clicking a thumbnail image worries me. Please help me. Am I worrying for no reason or am I at risk?
This is an interesting question for a number of reasons.
The pragmatic answer is no. You’re not going to get malware from a picture and it’s not something I’d worry about at all.
However, behind that answer are a few very important assumptions that I think people need to understand.
All these PC online technicians say “your computer is infected; you need to pay at least $100 to have us fix it like new.” They told me that even if I go to factory settings it won’t help. Now, I’ve been running McAfee security and I do full scans and I have no virus. Is the internet just packed with tricksters?
The very direct answer to your question is yes.
Yes, there are a lot of scams and misleading advertisements out there.
That’s why there’s one skill I believe strongly that everyone needs to develop.
The other day, my wife was looking at a website when suddenly she was hit with the System Progressive Protection virus. She never even clicked on a link! We shut her machine down, and I went on the internet and found what seemed to be a reasonable site describing how to get rid of it. After many steps, I think I did.
My wife then asked me how did this virus get through? We have a firewall through the router and she had Microsoft Security Essentials running.
Firewalls only protect you from internet-initiated connections – the kind that other computers out on the internet try to make to yours.
That protection’s important. Some malware constantly tries to connect to random IP addresses on the internet. Once connected, the malware attempts to exploit vulnerabilities. A firewall prevents that connection from happening.
If your router has a log, it’s interesting to see how many random connections are attempted from the outside.
Leo, I’ve got a USB flash drive with a full persistent bootable installation of Linux on it. Can this flash drive become infected if I plug into a Windows machine with a virus on it? Say at an internet café or a public library?
The answer is yes, no, and maybe. It’s complex, but it’s a good question to ask because the devil is in the details.
I’m running various virus and malware checkers, but my computer seems more sluggish all the time. A guest borrowed my PC and may have browsed some questionable sites. Any suggestions? I’m very nervous about logging into my bank online. A keystroke logger could grab my data.
As it turns out, there’s actually no way to prove that you don’t have malware on your machine. From a logical perspective, you can’t prove a negative.
You didn’t say what tools you’re running, so it’s hard for me to judge the answer to your question. If you’re concerned, let’s look at what you can do.
I have a page that somehow embedded itself with a corrupt software program that I downloaded from an American university. I understand that this thing is a parasitic browser that provides a route to viral contamination. With the help of Norton, I eventually managed to remove it. Why is there no indication in the Control Panel for removal? Using “search” brought out the offending program, but it did not allow me to delete it. What advice can you give for tracking an unwanted and intrusive browser? The normal Norton 360 failed to protect my laptop, but thanks to one of their online agents, after an exhaustive analysis of the registry, it was removed with a more powerful scan made available by them.
What you’re dealing with is a form of malware. It may not be the malware per se; meaning that it’s not doing anything specifically bad itself, but it’s a vector for malware. It installs itself on your machine, so malware can download without your permission or interaction.
I’ll talk about the malware in a moment. First, let’s talk about the Add/Remove Programs list.
I recently ran Microsoft Safety Scan, which identified a Java exploit. Are Java exploits a dangerous threat or do they merely function as a tool allowing hackers to infect your computer with malicious software? If the computer is otherwise clean, there’s no reason to worry that the computer has been compromised, right?
The issue here is that the term “exploit” really isn’t clear. In the industry, it ends up being used somewhat ambiguously to mean a couple of things. That can be frustratingly vague.
So, I’ll throw out two definitions of exploit for you.
About a week ago, something shut my computer down and now demands $100 to unlock it. How do I unlock or delete this and use my computer? I use Windows Vista.
What you are experiencing is called ransomware.
Ransomware basically holds your computer, your data, or some part of your machine hostage until you pay them money or do whatever it is they ask of you to do.
Following their instructions, paying the ransom, actually may or may not unlock your computer. The creators of ransomware may just extort money out of you and then do nothing. You’ll still be left with an unusable computer.
There are a couple of different things that I strongly recommend you do.
I wanted to download Firefox and a search on Bing came up with this site at the top (it’s a download site; I’m not going to mention the URL), not Mozilla. I didn’t notice that it wasn’t the official site until I clicked Install on their site. Before I was able to install Firefox, I was taken through several steps trying to get me to agree to downloading various third-party software packages bundled in with Firefox (including Norton Anti Virus). At this point I realized that it wasn’t Mozilla and canceled the download. I don’t think that I actually ever downloaded anything. When I check in IE downloads, it doesn’t show anything and I never gave permission for any programs to run on my Windows 7 OS. Is there any way that my operating system may have been infected with any Trojans or spyware or do you think this might have been a close escape?
My gut reaction is that you probably just had a close call. You did all the right things – as soon as you noticed that something wasn’t what you expected it to be, you canceled the suspicious download.
But, there’s no way to be completely certain that something didn’t get downloaded. But clearly the site that you went to is doing more than you’re asking them to do.
One of the more difficult situations to find yourself in is to have a malware-infected machine that either won’t boot, or won’t allow you to run anti-malware tools because of the infection.
The most common next step is to download a bootable anti-malware disc, and burn it to CD or install it on a USB flash drive. You then configure your computer’s BIOS or UEFI to boot from the CD or USB, reboot, and instead of starting Windows you’re running the anti-malware tool instead that can then scan the hard disk in your system.
There are several, but my first choice is Microsoft’s own Windows Defender Offline.