So you got caught with your pants down on the Internet (figuratively, folks) and contracted a virus. That sucks. Or maybe you were wearing protection but still fell victim to some nasty bit of code that managed to slip by your antivirus software undetected. That sucks even more. Either way, it's nothing to feel ashamed about. The web is a dangerous place and even the most tech savvy users sometimes slip up. You can even get a virus through no fault of your own simply by visiting a reputable website that, unbeknownst to you, has been compromised by a hacker with malicious intent. The web is a war zone, and even if you're not a target, you can still end up a casualty.
That's not to say you can't stack the odds decidedly in your favor, because you can. And you should. To help you do that, we've put together a comprehensive guide on how to protect your PC from malware. We cover everything from smart (and not so smart) computing habits, the best free antivirus programs, and what tools work best for removing an infection when all else fails. Don your hazmat suits and let's get started!
Computer viruses can happen to the best of us, and chances are you're going to confront one at least once in your life online. But that doesn't mean you shouldn't try to fend them off as best you can. Maximum PC's Paul Lilly shows us to build the best possible defense for free and what to do if those walls ever come tumbling down.
If you're reading this, it's safe to assume you already know what a computer virus is, and certainly the majority of Maximum PC readers are well informed. So, we won't spend a ton of text dissecting the different kinds of viruses, but we do want to quickly cover the basics. Strictly speaking, a virus is a program that can replicate itself and is designed to spread from one computer to another, doing things the end-user doesn't want and/or doesn't know about.
A broader term is malware, short for malicious software, and there are many different forms, including viruses, Trojan horses, keyloggers, worms, adware, and spyware, to name a few. These days, malware is most often spread through web browsers. According to Kaspersky, there were nearly 1.6 billion browser-based attacks in 2012, up from 946 million a year prior.
A common misconception is that only Windows users need to concern themselves with malware, but that isn't true. Malware writers have traditionally focused their efforts on Windows, but have started targeting other platforms as they become more popular, including mobile. Even Mac users have to be on the lookout.
"In early 2012, the Flashfake botnet was discovered, consisting of 700,000 computers all running under Mac OS X," Kaspersky states in its most recent security bulletin.
The bottom line is, if you use the Internet, you're a target.
Safe Computing Is a Start
Your best line of defense is still you, the end-user. The less risks you take, the lower your chance of becoming just another statistic, and it all starts with developing smart computing habits. Here are five easy ways you can remove yourself from the line of fire:
- Never open unexpected email attachments, even if you know the recipient. If a PC belonging to someone else is infected, it could be auto-generating malicious emails with dirty attachments or booby-trapped URLs.
- It's easy to spoof URLs within emails. Instead of clicking on email links, type the URL directly into your browser, especially if you receive a notice that appears to come from your banking institution or PayPal. This exponentially decreases your risk of falling for a phishing scam. You know what they say about a fool and his money...
- Stay diligent with updating and patching your software. These updates often patch security holes that malware writers can otherwise exploit. If a program has the option of automatically checking for updates, enable it. We also recommend running Secunia's Personal Software Inspector (PSI) on occasion, which is a free security tool that scans for and identifies vulnerabilities in many third-party programs.
- Avoid visiting shadier sides of the web. We're in no way trying to play the part of moral police, but sites that serve up illegal downloads or triple-X rated content are popular places to set digital landmines.
- Use Alt-F4 to close suspicious pop-up ads instead of clicking on the X button. Why? Sometimes the X button is really a part of the ad, and clicking it could redirect you to a malicious website.
A Word About Passwords
As much as you might love your significant other, using his or her name as your password is a really dumb idea. It's far too easy to guess, just like "123456," "iloveyou," "letmein," and others found on SplashData's list of worst passwords.
A good password will be at least eight characters long and will use a mix of letters, numbers, symbols, and capitalization. For example, "Ey3LMpC!" which stands for "I love Maximum PC" is relatively easy to remember and much more secure than a word or phrase that can be broken with a brute force dictionary attack.
You also should be using multiple passwords for different websites so that if one account is compromised, your others are still safe. The downside to this approach is that it can be difficult to remember multiple passwords, especially strong ones. An alternative to remembering them all is to use a password manager like LastPass or KeePass, both of which are free. RoboForm is another option, and though it isn't free, it also fills in forms and allows you to access RoboForm Logins and Identities on all your devices, including mobile. The same is true of 1Password, though it doesn't fill in forms.
Second Line of Defense: Antivirus Software
Whenever the topic of security software comes up, inevitably someone chimes in that it's completely unnecessary so long as you surf the web safely. They'll then provide anecdotal evidence based on their own personal experience, and while it's true you can get by without AV protection, it's a constant roll of the dice. And for what? To save a few CPU cycles? It's simply not worth the risk, and certainly not the cost when there are free options out there. Let's focus on those first.
Every year we run a roundup of security software and you can read the latest one in the April issue of Maximum PC magazine. In it we tested three free antivirus programs — Avast, Microsoft Security Essentials, and AVG — and out of those three, we found Avast to be the best free antivirus software.
We like Avast because it scans for viruses and spyware, and has a built-in remote support tool that allows you to dish out (or receive) assistance to other trusted Avast users, which is extremely handy if you're the IT guy for family and friends. It also offers tons of fine grain control.
One of our few complaints is that Avast doesn't guard against Potentially Unwanted Programs (PUPs) by default. To change that, click on Security > File System Shield > Settings > Sensitivity and check the box underneath "PUP and suspicious files."
We also recommend doing a full system scan at least once a month. If you keep your PC on 24/7, it's not a bad idea to schedule nightly scans when you're asleep. This ensures that any potential threats are caught before they have much chance to do any harm, provided they get past Avast's real-time scan engine to begin with.
No virus scanner is capable of catching and neutralizing every single threat; it's simply not possible due to the sheer number of new malware that is created on a daily basis. For this reason, it's in your best interest to solicit a second and/or third opinion on occasion using a dedicated spyware scanner. How often depends on how risky your online behavior. If all you're doing is surfing Maximum PC, sports sites, and updating your Facebook feed, quarterly scans should be sufficient.
One of the best programs out there is Malwarebytes. It's free (there's also a paid version) and it does an excellent job of detecting deeply embedded threats that other scanners miss. Malwarebytes is also great at cleaning up remnants left behind after you've eradicated a virus, such as lingering registry entries.
Another popular program is SuperAntiSpyware, which is also available in free and paid flavors. Scanning with both Malwarebyes and SuperAntiSpyware on occasion is a potent one-two combo to supplement your daily AV program.
Internet Security Suites
If you're willing to pay for security software, an Internet security suite offers more robust protection than what's available in any single free program. One of the best available is Norton Internet Security. Put your pitchforks away, if you haven't taken Norton for a test drive in several years, then you have no idea what you're missing. It's not the same bloated program that it was prior to 2009. That's when Symantec re-wrote the software from the ground up with an emphasis on performance. These days it offers top-notch protection with little impact on system performance
Stick Your Head in the Cloud
A substitute for installing security software is to tap into the cloud. There are several cloud scanners at your disposal, but only a select few will go the extra mile and actually disinfect your machine if it finds something wrong, while others try to upsell you. Panda Security's Panda Active Scan detects and removes, though it only works with Internet Explorer. There's also an option to install a small front-end, but even if you go that route, it's still a cloud-based scanner that won't suck up your system resources.
Another handy bookmark is VirusTotal, a free, on-demand online scanner with a twist. Let's say you downloaded a file or email attachment, but are suspicious of its contents. Before you open it up, just upload it to VirusTotal and it will be put under the microscope of dozens of scan engines. It's the ultimate second opinion for single files and URLs, albeit the maximum file size is 32MB.
Hide Behind a Virtual Machine
Have kids that share your PC? You're a brave soul. Kids have a tendency to click on pop-up requests willy-nilly, but there are steps you can take to mitigate any potential headaches. Here they are:
- Teach them smart computing habits. It's never too early to learn, and since their brains are like little sponges, they may surprise you with how much they retain.
- Set up a different user account. It won't save your PC from nasty infections, but hey, do you really want to login and find that your Windows theme has been changed over to Spongebob or Dora the Explorer? We didn't think so.
- Install Sandboxie, a free application that runs selected programs in an isolated environment. You can configure Sandboxie to run any time a browser is opened, so when your kids inevitably download something they shouldn't have, the changes aren't permanent. This is also a wonderful tool for installing on PCs belonging to friends and family. It works with any browser, too.
If you're particularly reckless on the web, a full-blown virtual machine is the next best thing to a dedicated web box. A virtual machine isn't completely fool proof, but it's close to it. Microsoft's Virtual PC works relatively well, especially if you're mostly interested in surfing the web, and so is VMWare's Player. Another thing VMs are good for is installing suspicious programs and beta software. If something turns out to be malicious, the damage is contained away from your OS.
I'm Already Infected, Now What!?
Despite your best efforts, sometimes the bad guys win. If that happens, or if a family member drops off a badly infected PC, follow these steps to clean it up.
Scan, Scan, and Scan Again
First, try installing a free antivirus program. If it works, great, proceed to scan the system, and then follow that up with Malwarebytes and SuperAntiSpyware sweeps. This three-pronged approach should rid the system of most, if not all malware, unless it's a particularly nasty infection. If it doesn't, don't worry, we're not ready to throw in the towel.
Before we proceed, are you even able to install security programs? Some malware detects when security software is being installed and stops it dead in its tracks. If that's happening to you, try to disable the offending program. Hit CTRL+ALT+DEL to start the Task Manager and look for any suspicious entries in the Processes tab. Anything that's gibberish — for example, "mgbelwisfl" — is probably up to no good. Highlight the entry and press End Process. Are you now able to install AV scanners?
If not, you'll need to boot into Safe Mode, which only loads the bare minimum drivers required to run Windows. To do that, hit the F8 key during boot (press it repeatedly during during bootup if you have trouble with the timing). When prompted, select Safe Mode with Networking. Now try installing/running your security software.
If your system's still displaying malware symptoms (slowed performance, random pop-ups, etc), you may need to dig deeper. HiJackThis is a free utility that generates an in-depth report of registry and file settings, but be warned it doesn't discern between good and harmful settings. If you don't know what the settings are, solicit outside help by posting a HiJackThis log to a computer forum like one here at Maximum PC. Alternately, you can post the contents of the log on HiJackThis.de Security and/or I Am Not a Geek for quick and basic parsing, though you should still seek outside help before nuking an entry you're unfamiliar with.
Running HiJackThis is simple. Just click the "Scan" button and wait for it to finish scanning your system (it only takes a few seconds). When it's finished, click on "Save Log" to save the contents to a Notepad file, which you can then copy/paste into any of the sites mentioned above.
Assuming you recognize an obvious malicious entry, check the appropriate box(es) and click "Fix checked."
Comodo Cleaning Essentials
At this point, we're starting to run out of options, but all is not yet lost. Comodo Cleaning Essentials (CCE) is a tool that any geek should be toting around in his/her tool chest. It doesn't require any installation, meaning you can run it direct from a USB key, which is perfect for making house calls.
CCE digs deep for a variety of infections, including rootkits, making it an indispensable tool. It even scans the Master Boot Record (MBR), so to say it's thorough is an understatement.
Inside the CCE directory, you'll also find an entry called KillSwitch.exe. It's a much better version of the built-in Task Manager because it provides a bunch of additional information, and will even tell you if a program that's running is safe or known to be malicious. If you can't get into the Task Manager to kill an offending program, try using KillSwitch. If you want, you can even have it replace the Task Manager by enabling the setting in the Options menu.
Persistent infections that manage to evade your best efforts to eradicate could be indicative of a rootkit. A rootkit is particularly stealthy, though not entirely invisible. Download and run Kaskperky's TDSSKiller if you think you might have a rootkit. Like CCE, this utility doesn't require installation and can be carried on a USB stick.
When you're at your wit's end and ready to reinstall Windows, that's when you should try ComboFix, a powerful cleanup tool that can either save the day or leave your PC unable to operate correctly. Before downloading and running ComboFix, backup any data as if you're reinstalling Windows, because in the end, you might have to anyway. Before you proceed, you should also read through the extensive usage guide on Bleeping Computer.
If you've gotten this far and your system is still infected, throw in the towel and start with a fresh Windows installation. Sure, you could keep plugging away in hopes of cleaning up your system, but by the time you're done, you could be rocking a fresh Windows install with no trace of malware.
Know of any tips we missed or have software recommendations of your own? Let us and other readers know by posting them in the comments section below!