Malware: A Quick Guide to Detection and Removal

It has been a while since I posted a summary for malware removal.

Here are some steps in general you can take if you suspect there is malware on your computer:

1.) Download Malwarebyte’s Antimalware and run the free version to scan for general malware.
Remove anything you find. You can remove/uninstall the program when it’s finished.

2.) If you are paying for antivirus software on your home PCs, stop. Microsoft Security Essentials offers good protection, and is free–even in a commercial use environment on up to 10 computers.
Make sure you’re running scans regularly, and paying attention to any alerts that pop up.

3.) If you still have a problem, download and run the TDSS removal tool from Kaspersky labs.
If the tool either fails to download or run, you have a rather nasty rootkit–you’ll need to call someone for help.

4.) A word about Windows 8–it has free antivirus/spyware built in (Security Essentials is integrated). If you’re paying for it, you really shouldn’t be–even in a commercial environment.

I hope this helps. Malwarebyte’s Antimalware takes care of most threats that have made it past your antivirus scanner. Prevention is better than cure. I’ve written about proactive methods to avoid infection here.

Posted in Antivirus Software, Internet Security, Malware Infection, Malware Removal, phishing, Security, TDL4, TDSS, Virus Detection, Virus Prevention, Web Browsing, Windows 8 | Tagged , , , , , , , , , , , | 5 Comments

Conduit Search: How to Halt the Hijackers

Lately I’ve seen a lot of computers infected with the Conduit Search malware. If your web browser opens up to a page with a search button and a magnifying glass or colored text that reads “conduit” with subtext “engaging people,” with a page layout bearing a general resemblance to a Google search page, congratulations—you’ve been given the gift that just keeps on giving! So, what makes this malware so bad? You’ll be redirected to search results that you didn’t want, given popups meant to “serve” you up ads designed to push you towards Conduit’s clients and you’ll be unable to search using any other search engine or uninstall/remove Conduit for that matter. The worst news is the story behind how Conduit spreads. Software makers are building installation packages for their legitimate programs with the malware embedded, because of a compensation program that Conduit offers them. It works like this: you download a program that you actually want or an update to a program you already use. During the update/installation process, Conduit silently installs itself alongside the legitimate software. Conduit search then hijacks all of your web browsers and redirects your search pages through their site, which generally leads you to even more malware-infested pages, resulting in a highly infected computer.

Removal of the software takes several steps. Firstly, close all programs and navigate to Control Panel>Add/Remove Programs. Uninstall ALL browser toolbars, then uninstall Chrome/Firefox/Safari, etc. Do not save anything except your favorites/bookmarks. Secondly, open internet explorer, click on Tools or the tools cog in the upper right corner>Internet Options>Advanced>Reset IE Settings to Default (check the box to Delete Personal Settings)>click Ok. Finally, reboot your computer into Safe Mode with Networking. You do this by pressing F8 repeatedly as soon as your computer is powered on until the selective startup menu comes up, then selecting “Safe Mode with Networking” using your arrow keys and pressing Enter. After Windows boots, download Malwarebyte’s Antimalware free version (obtainable from Malwarebytes.org) and run a scan. Remove all items the scan finds and reboot. Reinstall your browsers. Computer should be clean!

If you’re having trouble following this text only guide, malwaretips.com has compiled a good visual removal guide.

Posted in Internet, Internet Security, Malware Infection, Malware Removal, Virus Detection, Web Browsing | Tagged , , , , , | Leave a comment