10-07-2014, 12:05 PM
(This post was last modified: 10-09-2014, 08:24 PM by SachikoMaeda.)
This is gonna be my work in progress guide to Malware and Malware Removal. It's a pet project of gathered experience in computer repair and servicing PC and Mac.
![[Image: toolbars.jpg?resize=600%2C299]](http://i0.wp.com/www.oddzuki.com/wp-content/uploads/2014/03/toolbars.jpg?resize=600%2C299)
Friends Don't Let Friends Install Toolbars
What is Malware?
Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. This is how Wikipedia defines malware. It's a short and simple term that encompasses all flavors of harmful software. This includes, but is not limited to: trojans, viruses, adware, spyware, hijackers, ransomware, and rootkits. What are all of these things? That's what I'm here to try and explain.
Lets start with the one most people recognize. The classic virus. What distinguishes a virus above all? Viruses contain self replicating codes. That means when the virus is executed (or started, for those unfamiliar with the terms), its only purpose is to replicate. Just like biological viruses, in a way. And just like biological viruses, they need a host program. These viruses can take place in the memory of the computer and boggle it down to inoperable states, a macro virus that embeds itself into programs, and a boot sector virus that starts itself when the device is booted.
The worm is a dying breed from what I've seen. Much like a virus, it's a self replicating program. The difference? It doesn't require a host program. You might remember worms like Mydoom, Blaster, Melissa, ILOVEYOU, and Sasser. I can recall working with my own computers back in the "glory days" of worms. Back then they spread through email attachments. I can even recall specifically getting the old ILOVEYOU email. So sweet, but obviously a trap. I didn't like anyone and I was super awkward so no one liked me. Simple, yeah? Plus I was 8 and boys were icky. The lesson: don't open shifty attachments. Nowadays worms come through with...
Trojans. Want to wonder why they're called trojans? They usually masquerade as a helpful program. Maybe some rogue antivirus. Or maybe you go on a page and unknowingly download it in a drive-by download. These little buggers will open up backdoors in your computer to let more junk in. Sometimes even hackers will toy with your computer, though that's rather rare.
How about they hold your computer hostage? Lock you out and demand money to unlock your computer? Welcome to the world of ransomware. Your computer is locked up and the only way to get it back is to pay them money. Or maybe... You know... Have a basic understanding of how to repair computers. So further on in the guide I'll show you how to deal with these jerks.
So what's another way to get money? How about annoying ads and adware? Lets have the spyware watch what you do and deliver more "targeted" ads with adware. Though, maybe that spyware is after information like when you log on to online banking.
Scareware is a big phony. A big fat phony. Family Guy reference, anyone?. It'll claim things are wrong with your computer and you need to fix it right now! Usually it comes up with some bogus number. How did you have 40956794580762 errors and not notice?!
Now the rootkit, however... It is a very real threat. It's clever and can hide itself from most common scanner tools. Detection can be extremely tricky and is usually best left to someone with experience in finding these suckers.
PUPs. Potentially Unwanted Program. Not those cute little baby dogs. These are programs that miiiiight do good, but can possibly be harmful and/or annoying. Check out this hour long video of PUPs doing scareware bits!
PC and Macs. The Difference
I could drag on the PC vs Mac debates long enough to write a whole novel. We'll go around different uses for PC and Mac and hardware differences and focus on the software differences. After all, malware requires software in order to carry out its tasks. I'm also gonna try to cover the history of both Microsoft and Apple.
![[Image: windows-95-logo.png]](http://www.pageresource.com/clipart/clipart/electronics/computers/logos/windows/windows-95-logo.png)
The Architecture of Microsoft Operating Systems
![[Image: original-apple-logo.jpg]](http://www.onedigitallife.com/images/original-apple-logo.jpg)
The Architecture of Apple Computers Operating Systems
Notable PC Malware
All links are to videos of said malware in action or videos about the history of said malware. Why? I think it's pretty neat. And the old DOS viruses were fun to watch.
APPLEDOS, MSDOS, Tenex, and other OS malware that's historical and fun!
Notable Mac Malware
@Harmonic had a really neat list, but for some reason the URL is dead. Mac malware wasn't near as prevalent as it is now. Around 2006 is when the explosion took place. What's the possible trigger for that? Macs officially left the PPC architecture in favor of Intel based systems. Perhaps that made programming these bugs easier. It did open up the world of Hackintoshing, making OS X available to non-Apple computers. For the most part, OS X faces rootkits and trojans. The Safe Mac is a good site regarding threats seen in OS X and tracks the newest threats.
!!! Current Mac Threats !!!
These are newer threats to OS X systems.
Useful and Free Tools
For free antivirus, I always point people to Avast! Free Antivirus. It offers real time protection, boot scan, browser cleanup, and all sorts of other neat things for free! There are paid versions for more tools, but hey, the free version works better than that fancy-shamncy paid Norton, McAfee, or Kapersky.
With the free Avast I usually back it up with Malwarebytes and SUPERAntiSpyware. These two with Avast is what we offer at the computer shop I work at. They're all free and we make no charges to install it. They're simple update and scan tools with a few other features. If you want them to automatically update, however, you have to invest in the paid versions.
For people more experienced with security, Spybot Search and Destroy is a very good tool. On my PC, I have this along side the trio above. Spybot allows more in depth search and notifies you of any attempted edits to the registry which you can either allow or deny. Be sure to download it from Major Geeks or Bleeping Computer! There are fake versions of it floating around out there!
Hijacker keeps changing your homepage? With the right guidance, Trend Micro's HijackThis is a great tool to rip that sucker out of there.
For a majorly messed up system, there is ComboFix. Note that ComboFix is an extremely powerful tool and should be used as a last resort or under the supervision of a technician.
When it comes to rootkit detection, GMER is a go-to program for the experienced. But if you're not experienced and you suspect a rootkit may be involved with your computer's misbehaving, Malwarebytes has a stand-alone Anti-Rootkit BETA Tool.
The default uninstaller in Windows is nice, but it can leave traces of programs in the registry. IOBit Uninstaller is a great uninstaller. It allows you to do a batch uninstall, so you can select multiple programs and it'll automatically uninstall one after another. Drawback is it can lock up sometimes. Keep the task manager open while running the installations in case an uninstaller locks up.
Even though I don't use Norton Antivirus, Symantec has an excellent security blog. They also release free threat reports and demographics if you like to stay on top of trends. Symantec in itself is a great corporation. It's a shame Norton is laughable security unless you have the enterprise editions. Enterprise products don't play games.
Did you know that Malwarebytes has a YouTube channel? It's really informative. I'd give it a look over if you ever wanna learn more about current malware trends.
Stay on top of cybercrime and scams at Xylibox. They show a lot of technical information on different types of malware and scams. Take caution in that they may link to the source of where they found their malware! Also keep in mind that they make others aware of how the junk works in an effort to try and help people work to detect and/or remove these programs. Using any information to try and code your own malware is just a jerk thing to do. At least make some nice DOS codes like the ones in the Fun and Historical section of Notable PC Malware.
If you're working on an old system or maybe you're getting into virtual machines and you can't seem to find the right program versions or operating systems, WinworldPC is an excellent resource for all things abandonware. It has more than just Windows!
Specific games for old Macs can be hard to get ahold of. Games and other types of abandonware for Macs is available at Macintosh Garden if it's not found at WinworldPC.
If you pick up hobby repair on Macs of the classic variety, I highly suggest joining the 68k Macintosh Liberation Army. It's full of knowledgeable Apple enthusiasts that buy, sell, trade, repair, and guide you through repair Apple computers and some clone computers. The people there are super helpful!
Myths and Facts About Malware
Macs don't get viruses is a common misconception. Back in the days of DOS, Apple computers were just as prone to infection as the PC. That stands true for today. Macs have their vulnerabilities just like Windows and Linux does. The main difference is that Apple has your back. If something does show up in the wild, they'll make an update to fix it or direct you to the proper tool to fix it. Apple also has a support page for people concerned about online security.
Anything harmful on my computer is a virus. If we wanted to get technical, that's malware. Not a virus.
This virus will wreck my computer and make it not work ever again! This is actually fairly rare. CIH (AKA Chernobyl) was the last major form of malware that rendered computers inoperable after rewriting the BIOS. There are rootkits out there, however, than can get this deep into the system. With proper protection and a little know-how, rootkits can't make it there.
Paid antivirus is the only antivirus that works. This is one of the biggest lies there is! Norton is really not that great. McAfee back in the day was good, but not so much anymore. One can find multiple free tools on Major Geeks for PC and Mac as well as Bleeping Computer. Bleeping Computer is possibly one of the best free sources to computer nerds like myself. You can get specialized help on their forums.
You only get malware from porn sites. Did you know you're more likely to get malware from religious websites rather than porn sites? That's right. Private time could never be more enjoyable, yeah? Well. That depends on how you spend your private time. Does that mean all porn sites are good and all religious sites are bad? Nope. Not at all. Like always, you have to be careful!
Tips to Prevent Malware
Pay attention to what you install! If you think a program might be good and it's shoving offers down your throat, it might not be good. Pay attention because some installers may bundle in another installation with the "Terms of Service" no one ever reads. Before you know it, you've agreed to install five other programs that are all junk.
Optional Offer? Optional Junk. Ever notice when you need to go grab Adobe Reader or maybe install Flash player that Adobe tries to offer other things? Once at the shop, Adobe tried to bundle Optimizer Pro with Flash. Seriously. Look for anything that says "Optional Offer" and make sure it's unchecked.
Know what an installer for antivirus or antimalware programs should look like. Rogue antivirus and antimalware is a real thing. You don't want that junk. Trust me. Also try to stick with known names when it comes to antivirus. If you're not sure about one, look it up. If there's people asking how to remove it, then it's more than likely rogue!
Spelling Errors. If they claim their program's good, even if from another language developer, they need at least some sort of spelling and grammar skills to back that claim up. Sometimes it's just plain fun to look at rogue programs and all flavors of malware just to see a lot of spelling errors. Really, look at them on YouTube some time.
"Check out this picture I found of you lol. What were they doing looking for pictures of you? Why do they have to find a link that clearly isn't a photo? Why can't they say "I found this picture of you at X event with Y and I thought it was lulzy, ya know?" Well, chances are it's a bot spreading BS. That link? Don't click on it unless whoever sent it can actually acknowledge that the link is legit.
Call us now for tech support! No. Don't. Don't do it. Ever. There's a multitude of fake tech support groups out there that charge outrageous rates. You can see this forty-five minute video of someone who really knows his stuff sabotage and egg on fake tech support. While on that subject...
NEVER ACCEPT A CALL FROM ANYONE CLAIMING YOUR COMPUTER HAS A VIRUS. I cannot stress this enough. Fake tech support scammers will sometimes call you and tell you things are wrong with their computer. They'll instruct you to log on, give them access, and then they will demand money from you, holding your data ransom. If you don't agree to pay them after they're in, they'll wreck your system. Microsoft will NEVER call you about a virus. No other companies will. No legitimate business can possibly call you about a virus. The only right thing to do is to either hang up or....
Bots, Hijackers, Phishers, and More.
Cleaning Up Malware
More to come
![[Image: toolbars.jpg?resize=600%2C299]](http://i0.wp.com/www.oddzuki.com/wp-content/uploads/2014/03/toolbars.jpg?resize=600%2C299)
Friends Don't Let Friends Install Toolbars
- Table of Contents
- What is Malware?
- PC and Macs. The Difference
- Notable PC Malware
- Notable Mac Malware
- Useful and Free Tools
- Myths and Facts About Malware
- Tips to Prevent Malware
- Bots, Hijackers, Phishers, and More
- Cleaning Up Malware
What is Malware?
Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. This is how Wikipedia defines malware. It's a short and simple term that encompasses all flavors of harmful software. This includes, but is not limited to: trojans, viruses, adware, spyware, hijackers, ransomware, and rootkits. What are all of these things? That's what I'm here to try and explain.
Lets start with the one most people recognize. The classic virus. What distinguishes a virus above all? Viruses contain self replicating codes. That means when the virus is executed (or started, for those unfamiliar with the terms), its only purpose is to replicate. Just like biological viruses, in a way. And just like biological viruses, they need a host program. These viruses can take place in the memory of the computer and boggle it down to inoperable states, a macro virus that embeds itself into programs, and a boot sector virus that starts itself when the device is booted.
The worm is a dying breed from what I've seen. Much like a virus, it's a self replicating program. The difference? It doesn't require a host program. You might remember worms like Mydoom, Blaster, Melissa, ILOVEYOU, and Sasser. I can recall working with my own computers back in the "glory days" of worms. Back then they spread through email attachments. I can even recall specifically getting the old ILOVEYOU email. So sweet, but obviously a trap. I didn't like anyone and I was super awkward so no one liked me. Simple, yeah? Plus I was 8 and boys were icky. The lesson: don't open shifty attachments. Nowadays worms come through with...
Trojans. Want to wonder why they're called trojans? They usually masquerade as a helpful program. Maybe some rogue antivirus. Or maybe you go on a page and unknowingly download it in a drive-by download. These little buggers will open up backdoors in your computer to let more junk in. Sometimes even hackers will toy with your computer, though that's rather rare.
How about they hold your computer hostage? Lock you out and demand money to unlock your computer? Welcome to the world of ransomware. Your computer is locked up and the only way to get it back is to pay them money. Or maybe... You know... Have a basic understanding of how to repair computers. So further on in the guide I'll show you how to deal with these jerks.
So what's another way to get money? How about annoying ads and adware? Lets have the spyware watch what you do and deliver more "targeted" ads with adware. Though, maybe that spyware is after information like when you log on to online banking.
Scareware is a big phony. A big fat phony. Family Guy reference, anyone?. It'll claim things are wrong with your computer and you need to fix it right now! Usually it comes up with some bogus number. How did you have 40956794580762 errors and not notice?!
Now the rootkit, however... It is a very real threat. It's clever and can hide itself from most common scanner tools. Detection can be extremely tricky and is usually best left to someone with experience in finding these suckers.
PUPs. Potentially Unwanted Program. Not those cute little baby dogs. These are programs that miiiiight do good, but can possibly be harmful and/or annoying. Check out this hour long video of PUPs doing scareware bits!
PC and Macs. The Difference
I could drag on the PC vs Mac debates long enough to write a whole novel. We'll go around different uses for PC and Mac and hardware differences and focus on the software differences. After all, malware requires software in order to carry out its tasks. I'm also gonna try to cover the history of both Microsoft and Apple.
![[Image: windows-95-logo.png]](http://www.pageresource.com/clipart/clipart/electronics/computers/logos/windows/windows-95-logo.png)
The Architecture of Microsoft Operating Systems
Spoiler:
![[Image: original-apple-logo.jpg]](http://www.onedigitallife.com/images/original-apple-logo.jpg)
The Architecture of Apple Computers Operating Systems
Spoiler:
Notable PC Malware
All links are to videos of said malware in action or videos about the history of said malware. Why? I think it's pretty neat. And the old DOS viruses were fun to watch.
Viruses
Worms
Trojans/Ransomware
Rootkits
PUPs
Worms
- Morris
- Happy99
- Melissa
- ExploreZip
- Kak
- ILOVEYOU
- CodeRed
- SQL Slammer
- Blaster
- Bagle
- Mydoom
- Netsky
- Sasser
Trojans/Ransomware
Rootkits
- win32k.sys
- Service SKYNET
- PDCOMP
- CPU FUN Controller
- tdssserv
- lololol (hidemeimhidden)
PUPs
- MyPC Backup
- Driver Detective
- Optimize My PC Pro
- 27x7 Help
- Application Updater
- Ask Toolbar
- AVG Security Toolbar
- Any Toolbar, really
- BearShare
- Conduit
- CouponPrinter
- Delta Search
- DriverUpdater
- Freeze.com
- InstallIQ
- DomaIQ
- iLivid
- Mobogenie
- Mysearchdial
- OptimizerPro
- PC Health Kit
- PIP
- RegClean Pro
- SearchProtect
- Softsonic
- Wajam
- Weather Notifications
- WeCareReminder
- Yontoo
APPLEDOS, MSDOS, Tenex, and other OS malware that's historical and fun!
- Creeper and Reaper
- ANIMAL
- Elk Cloner
- Ambulance
- Suicide
- Tequila
- Espacio
- Nople
- Billiard
- Techno
- Walker
- Plane
- Kuku
Notable Mac Malware
@Harmonic had a really neat list, but for some reason the URL is dead. Mac malware wasn't near as prevalent as it is now. Around 2006 is when the explosion took place. What's the possible trigger for that? Macs officially left the PPC architecture in favor of Intel based systems. Perhaps that made programming these bugs easier. It did open up the world of Hackintoshing, making OS X available to non-Apple computers. For the most part, OS X faces rootkits and trojans. The Safe Mac is a good site regarding threats seen in OS X and tracks the newest threats.
Trojans
- Oompa Loompa
- DNSCharger
- PokerStealer
- HellRTS
- Mac Defender
- LaoShu
!!! Current Mac Threats !!!
These are newer threats to OS X systems.
- XSLCmd. This one looks to be the current big baddie.
- iWorm. Stopped with recent update. It's very important to keep OS X up to date!
- LaoShu. Low level threat now.
Useful and Free Tools
For free antivirus, I always point people to Avast! Free Antivirus. It offers real time protection, boot scan, browser cleanup, and all sorts of other neat things for free! There are paid versions for more tools, but hey, the free version works better than that fancy-shamncy paid Norton, McAfee, or Kapersky.
With the free Avast I usually back it up with Malwarebytes and SUPERAntiSpyware. These two with Avast is what we offer at the computer shop I work at. They're all free and we make no charges to install it. They're simple update and scan tools with a few other features. If you want them to automatically update, however, you have to invest in the paid versions.
For people more experienced with security, Spybot Search and Destroy is a very good tool. On my PC, I have this along side the trio above. Spybot allows more in depth search and notifies you of any attempted edits to the registry which you can either allow or deny. Be sure to download it from Major Geeks or Bleeping Computer! There are fake versions of it floating around out there!
Hijacker keeps changing your homepage? With the right guidance, Trend Micro's HijackThis is a great tool to rip that sucker out of there.
For a majorly messed up system, there is ComboFix. Note that ComboFix is an extremely powerful tool and should be used as a last resort or under the supervision of a technician.
When it comes to rootkit detection, GMER is a go-to program for the experienced. But if you're not experienced and you suspect a rootkit may be involved with your computer's misbehaving, Malwarebytes has a stand-alone Anti-Rootkit BETA Tool.
The default uninstaller in Windows is nice, but it can leave traces of programs in the registry. IOBit Uninstaller is a great uninstaller. It allows you to do a batch uninstall, so you can select multiple programs and it'll automatically uninstall one after another. Drawback is it can lock up sometimes. Keep the task manager open while running the installations in case an uninstaller locks up.
Even though I don't use Norton Antivirus, Symantec has an excellent security blog. They also release free threat reports and demographics if you like to stay on top of trends. Symantec in itself is a great corporation. It's a shame Norton is laughable security unless you have the enterprise editions. Enterprise products don't play games.
Did you know that Malwarebytes has a YouTube channel? It's really informative. I'd give it a look over if you ever wanna learn more about current malware trends.
Stay on top of cybercrime and scams at Xylibox. They show a lot of technical information on different types of malware and scams. Take caution in that they may link to the source of where they found their malware! Also keep in mind that they make others aware of how the junk works in an effort to try and help people work to detect and/or remove these programs. Using any information to try and code your own malware is just a jerk thing to do. At least make some nice DOS codes like the ones in the Fun and Historical section of Notable PC Malware.
If you're working on an old system or maybe you're getting into virtual machines and you can't seem to find the right program versions or operating systems, WinworldPC is an excellent resource for all things abandonware. It has more than just Windows!
Specific games for old Macs can be hard to get ahold of. Games and other types of abandonware for Macs is available at Macintosh Garden if it's not found at WinworldPC.
If you pick up hobby repair on Macs of the classic variety, I highly suggest joining the 68k Macintosh Liberation Army. It's full of knowledgeable Apple enthusiasts that buy, sell, trade, repair, and guide you through repair Apple computers and some clone computers. The people there are super helpful!
Myths and Facts About Malware
Macs don't get viruses is a common misconception. Back in the days of DOS, Apple computers were just as prone to infection as the PC. That stands true for today. Macs have their vulnerabilities just like Windows and Linux does. The main difference is that Apple has your back. If something does show up in the wild, they'll make an update to fix it or direct you to the proper tool to fix it. Apple also has a support page for people concerned about online security.
Anything harmful on my computer is a virus. If we wanted to get technical, that's malware. Not a virus.
This virus will wreck my computer and make it not work ever again! This is actually fairly rare. CIH (AKA Chernobyl) was the last major form of malware that rendered computers inoperable after rewriting the BIOS. There are rootkits out there, however, than can get this deep into the system. With proper protection and a little know-how, rootkits can't make it there.
Paid antivirus is the only antivirus that works. This is one of the biggest lies there is! Norton is really not that great. McAfee back in the day was good, but not so much anymore. One can find multiple free tools on Major Geeks for PC and Mac as well as Bleeping Computer. Bleeping Computer is possibly one of the best free sources to computer nerds like myself. You can get specialized help on their forums.
You only get malware from porn sites. Did you know you're more likely to get malware from religious websites rather than porn sites? That's right. Private time could never be more enjoyable, yeah? Well. That depends on how you spend your private time. Does that mean all porn sites are good and all religious sites are bad? Nope. Not at all. Like always, you have to be careful!
Tips to Prevent Malware
Pay attention to what you install! If you think a program might be good and it's shoving offers down your throat, it might not be good. Pay attention because some installers may bundle in another installation with the "Terms of Service" no one ever reads. Before you know it, you've agreed to install five other programs that are all junk.
Optional Offer? Optional Junk. Ever notice when you need to go grab Adobe Reader or maybe install Flash player that Adobe tries to offer other things? Once at the shop, Adobe tried to bundle Optimizer Pro with Flash. Seriously. Look for anything that says "Optional Offer" and make sure it's unchecked.
Know what an installer for antivirus or antimalware programs should look like. Rogue antivirus and antimalware is a real thing. You don't want that junk. Trust me. Also try to stick with known names when it comes to antivirus. If you're not sure about one, look it up. If there's people asking how to remove it, then it's more than likely rogue!
Spelling Errors. If they claim their program's good, even if from another language developer, they need at least some sort of spelling and grammar skills to back that claim up. Sometimes it's just plain fun to look at rogue programs and all flavors of malware just to see a lot of spelling errors. Really, look at them on YouTube some time.
"Check out this picture I found of you lol. What were they doing looking for pictures of you? Why do they have to find a link that clearly isn't a photo? Why can't they say "I found this picture of you at X event with Y and I thought it was lulzy, ya know?" Well, chances are it's a bot spreading BS. That link? Don't click on it unless whoever sent it can actually acknowledge that the link is legit.
Call us now for tech support! No. Don't. Don't do it. Ever. There's a multitude of fake tech support groups out there that charge outrageous rates. You can see this forty-five minute video of someone who really knows his stuff sabotage and egg on fake tech support. While on that subject...
NEVER ACCEPT A CALL FROM ANYONE CLAIMING YOUR COMPUTER HAS A VIRUS. I cannot stress this enough. Fake tech support scammers will sometimes call you and tell you things are wrong with their computer. They'll instruct you to log on, give them access, and then they will demand money from you, holding your data ransom. If you don't agree to pay them after they're in, they'll wreck your system. Microsoft will NEVER call you about a virus. No other companies will. No legitimate business can possibly call you about a virus. The only right thing to do is to either hang up or....
Spoiler:
Bots, Hijackers, Phishers, and More.
Cleaning Up Malware
More to come
![[Image: KceuhuX.gif]](http://i.imgur.com/KceuhuX.gif)
![[Image: eKcKrrq.png]](http://i.imgur.com/eKcKrrq.png)
I am tech support
[4:16:27 PM] Cristovao di Silvio ( @CappnRob): theres the bar. then theres the bottom of the barrel, then theres you sachi