Viruses and malware

Revision as of 10:13, 2 February 2010 by James Beauchemin (talk | contribs)


Types of computer infection

There are many types of computer infection with varying levels of threat to your computer and personal data.  Here is a brief breakdown:

Malware — a combination of the terms "malicious" and "software" — is a catchall word used to describe threats such as viruses, worms, Trojan horses, spyware, adware, and software installed by hackers.

Viruses and worms (a type of self-replicating virus) usually spread very quickly and can cause a number of problems, including repeated computer crashes or the deletion of important files. Unlike traditional viruses, Trojan horses cannot spread on their own, but they are just as dangerous, tricking users into installing them by masquerading as a legitimate or useful program. Once it has infected your computer, a Trojan horse can even allow hackers to access your computer or force it to attack other networks.

Adware will merely annoy you by occasionally (or frequently) subjecting you to pop-up ads. However, malignant forms of spyware can have more serious consequences. For example, a nasty piece of spyware could redirect your home page against your will or hog so much memory that your computer slows to a crawl. The worst spyware variants can even steal your personal data by installing a keylogger, a component that records every keystroke you make and sends a log back to a cyber-thief.

Symptoms of infection

Not all complaints mean that a computer is infected. Keep reading.

  • Pop-up ads: Particularly watch out for popups from an unfamiliar program warning you that your computer is infected with viruses; the popup is fake and malicious.
  • Error messages mentioning filenames that look fake or suspicious.
  • Bluescreening, freezing, slowness, or crashes can be the result of hardware problems just as easily as viruses. Do some Hardware Diagnostics to determine whether your computer has a hardware problem.
  • Mouse moves on its own: someone has infected and hijacked the computer. Ensure it's disconnected from the network before taking any other steps; then either do a very thorough clean, or just wipe the system.
  • Computer is slow: When is it slow? Slowness can result from too many autostarted programs, old hardware, or even Windows updates. If a virus infection is causing slowness, it is severe enough that you will see other clear symptoms of an infection as well.

Help!  Please fix my computer.

Computer infections occur predominently while you are connected to a network or more likely to the Internet.  Depending on where you navigate to or how protected your computer is based on virus protection infections can and do happen.  Since this is a situation that occurs on a regular basis across campus the Technology Help and Support desk is inundated daily with requests to clean-up computer infections.  Because of the frequency of these type of requests the Technology Helpdesk requires the user to perform several steps prior to being notified for assistance.

Helpdesk position on computer infection clean-up and support:

The Technology Help and Support Desk will provide guidance and support to users complaining about computer virus infections and will present tools and steps to hopefully eliminate the infection issues (see below).  After all "user" steps to resolve infections are complete and the infection issues persist, then the Technology Help and Support Desk will perform a complete re-image of the computer in question with a turn-around time of 5 business days. The end user is expected to perform Steps 1-3 below before contacting the Technology Helpdesk.  All "user" data will be backed-up and saved to MiddFiles by user prior to the re-imaging process.

Faculty and Staff computers

All Middlbury faculty, staff and public computers will be supported by the Technology Help and Support Desk.

Student owned computers

Student owned computers purchased through Middlebury College will be supported by the Technology Help and Support Desk. For liability reasons the student owner of the computer will be required to sign a waiver document before the Technology Help and Support Desk begins any work to resolve the issue(s).

Personal computers not purchased through Middlebury College will NOT be supported under this type of situation.  The Technology Help and Support Desk may give guidance toward a possible resolution of the issues at hand but will not perform any corrective action.  In this situation it is recommended that the user seek out retail/commercial support resources.

Resolution Steps ( to be performed by "User" )

Restart your computer in Safe Mode. While restarting the computer, press F8 once every second to load the Windows "emergency startup" menu. Select Safe Mode with Networking and press your Enter or Return key to load a bare-bones version of Windows. When Windows has started up, you can use programs and access the internet as normal - but non-essential programs (including any viruses) will not start up, meaning that you can do more diagnostics here.

STEP 1 - Run a virus scan with Symantec Antivirus

To scan your computer for viruses (option 1):

  • Double-click the Symantec AntiVirus icon in the system tray (this is a yellow icon, shaped like a shield, in the lower right corner of your screen).
  • After a brief pause the Symantec Antivirus window will appear.
  • Click on "Full Scan" and then click "Scan"
  • The scan will commence, and it may take several hours.
  • Any viruses found will be reported in the scan window. If no viruses were found, the window will be blank.

                                  (or try Option 2 below)

  • Click on the Start menu, click on Programs or All programs, click on "Symantec Client Security" and click on "Symantec Antivirus"
  • After a brief pause the Symantec Antivirus window will appear.
  • Click on "Full Scan" and then click "Scan"
  • The scan will commence, and it may take several hours.
  • Any viruses found will be reported in the scan window. If no viruses were found, the window will be blank.

NOTE1:  If your Symantec Anti-Virus software detects any viruses and states it cannot "delete" or "quarantine" the infection then contact the Technology Helpdesk at x2200.

NOTE2:  If you need to install an Anti-Virus program then visit this link.

>> Problems persist?  Try Step 2 <<

STEP 2 - Run Malware removal Tool

Malwarebytes' Anti-Malware can detect and remove most Malware with no further actions required for free.
1.  Please download Malwarebytes' Anti-Malware to your desktop.

     Double-click mbam-setup.exe and follow the prompts to install the program.
     At the end, be sure a checkmark is placed next to the following:

          Update Malwarebytes' Anti-Malware
          Launch Malwarebytes' Anti-Malware
          Then click Finish.

2.  If an update is found, it will download and install the latest version.
     Once the program has loaded, select Perform quick scan, then click Scan.
     When the scan is complete, click OK, then Show Results to view the results.

3.  Be sure that everything is checked, and click Remove Selected.
     When completed, a log will open in Notepad and if required the program will ask you to reboot to remove locked files.

>> Problems persist? Goto Step 3 <<

STEP 3 - Technology Help and Support Desk

You have arrived at this step because you have completed the prior two steps without a resolution to your infection issues.  At this point the Technology Help and Support Desk will assume ownership of the issue. 

Before contacting the Technology Helpdesk:

1. You are aware of the Technology Help and Support Desk's postion on personal computers NOT purchased through Middlebury College (see above). 

2. You have performed Steps 1 & 2 without resolution

3. You have backed-up ALL of your data from the computer and placed it in a safe place (e.g. MiddFiles home directory).

4. You fully understand that the next steps performed by the Technology Help and Support Desk will be to wipe all information from the computer and re-install the Microsoft XP operating system. At this point the Technology Help and Support Desk will not be responsible for any personal data so it will be very important for you to backup everything you will expect to restore on the newly imaged computer. If this is a student's personal computer purchased through the college then a work waiver must be signed before work begins.  The Technology Helpdesk has a turn-around time of 5 business days so you will need to plan to check-out a loaner laptop from the Circulation Desk on the main floor of the Main Library. You should check availability of a loaner laptop asap.

Contacting the Technology Helpdesk:

After performing Steps 1-3 and after reading the section above titled "Before contacting the Technology Helpdesk" you may contact the Technology Helpdesk at x2200.  If you have a laptop that is infected then we ask you to please drop it off at our Walk-In Helpdesk Center located on the main floor of the Main Library LIB202. After you drop-off your laptop you can walk across the lobby to the Circulation Desk to check-out a loaner laptop; while your laptop is being processed.  If you have a desktop or tower computer then please contact the Technology Helpdesk at x2200 and ask for the unit to be picked-up.

Computer Security Checklist

A cross-platform, comprehensive checklist that should help you stay protected proactively, as well as provide some guidance if an infection/attack is suspected. For details see: Computer Security Checklist

More resources to help you with protecting yourself and computer

Visit "Viruses and Risks" page at Symantec.Com

Visit "Threat Explorer" Page at Symantec.Com