Viruses, Spyware & Malware

On this page:
What is Malware?
Types of Malware and How They Work
Prevention of Malware
Symptoms of Malware
Removal of Malware

What is Malware?

"Malware" is a term for any software that gets installed on your machine and performs unwanted tasks, often for some third party's benefit. Malware programs can range from being simple annoyances (pop-up advertising) to causing serious computer invasion and damage (e.g., stealing passwords and data or infecting other machines on the network). Additionally, some malware programs are designed to transmit information about your Web-browsing habits to advertisers or other third party interests, unbeknownst to you.

Types of Malware and How They Work

Some categories of malware are:

• Virus - Software that can replicate itself and spread to other computers or are programmed to damage a computer by deleting files, reformatting the hard disk, or using up computer memory.
• Adware - Software that is financially supported (or financially supports another program) by displaying ads when you're connected to the Internet.
• Spyware - Software that surreptitiously gathers information and transmits it to interested parties. Types of information that is gathered includes the Web sites visited, browser and system information, and your computer IP address.
• Browser hijacking software - Advertising software that modifies your browser settings (e.g., default home page, search bars, toolbars), creates desktop shortcuts, and displays intermittent advertising pop-ups. Once a browser is hijacked, the software may also redirect links to other sites that advertise, or sites that collect Web usage information.

There are several ways that these programs can end up on your computer:

Software that comes bundled with "other software," often called a Trojan. For example, an instant messenger software bundled with a program such as WildTangent, a known spyware offender. Peer-to-peer file sharing software, such as Kaaza, LimeWire, and eMule, bundle various types of malware that are categorized as spyware or adware. Software that promises to speed up the Internet connection or assist with downloads (e.g., My Web Search) will often contain adware.

Malware can exploit security holes in Internet Explorer as a way of invading your machine. Some malware programs exploit Internet Explorer's ActiveX (e.g., Microsoft technology that links desktop applications to the Internet) installation option. If you click a link to an ActiveX program, a dialog box prompts you about executing it. If you click Yes (or if your IE security settings are set lower than normal so you aren't prompted) the software runs and can perform any tasks on your computer, including installing malware.

Sometimes Web sites state that software is needed to view the site, in an attempt to trick users into clicking Yes thus installing software onto their machines. Another trick is if you click No, many error windows display. Other sites will tell you that using a certificate makes their site "safe" which is not the case. Certificate verification means only that the company that wrote the software is the same as the company whose name appears on the download prompt.

Some malware provides no uninstall option, and installs code in unexpected and hidden places (e.g., the Windows registry) or modifies the operating system, thus making it more difficult to remove.

Prevention of Malware

There are several ways you can reduce the risk of malware on your computer :

• Use Virus Protection software and update definitions regularly
• Modify your browser Security Level Setting to be higher
• Reduce pop-up advertisements in your browser
• Obtain security patches regularly
• Know what you're installing

The best protection against malware is a combination of anti-virus software, browser settings, and safe online behavior. If you are unsure how to take steps for prevention, such as those listed above, contact the IS&T Computer Help Desk or your local IT administrator.

VirusScan 8.5 for Windows and 8.6 for Macintosh contain integrated anti-spyware functionality. However, there's still the possibility that your computer will be susceptible to malware, as no one product is designed or capable of catching all malware. Windows machines are more susceptible to adware or spyware products. Most of the code for these types of malware were written with Windows software vulnerabilities in mind so that attackers can infect as many victims as possible. However, Macintosh computers are still susceptible to infection.

By adopting safe online behavior, you reduce the risk of accidentally downloading an unwanted program. Delete unwanted emails and never click on attachments or links in emails you are not sure are safe. When browsing, check URLs first before clicking on them to make sure they haven't been spoofed. A Google search can often bring up lists of pages that have either been modified by an attacker or which seem legitimate but are meant to entrap the unwary visitor to giving out their personal information or downloading dangerous files.

Symptoms of Malware

Some of the symptoms users experience that are caused by the existence of malware programs are:

• Poor system performance, especially while connected to the Internet.
• Computer stops responding more frequently.
• Computer takes longer to start up.
• Browser closes unexpectedly or stops responding.
• Performing a search from a search page provides results on a different site.
• Clicking a link does nothing or goes to a unrelated Web site.
• Browser home page changes to a different site and may not be able to be reset.
• Pop-up advertising windows appear when the browser is not open or over Web pages that do not normally have pop-ups.
• Additional toolbars are added to the browser.
• Web pages are automatically added to list of favorites.
• Desktop icons are automatically added to the desktop.
• When you start your computer, or when your computer has been idle for many minutes, your Internet browser opens to display Web site advertisements.
• When you use your browser to view Web sites, other instances of your browser open to display Web site advertisements.
• You cannot start a program.
• When you click a link in a program, the link does not work.
• Components of Windows or other programs no longer work.

Removal of Malware

What can you do if you notice any of the above listed symptoms?

We do not recommend to try to remove malware yourself! Contact the IS&T Computer Help Desk immediately and they will likely ask you to bring in your computer. They will preserve your files if possible and remove the malware for you at the rate of $60/hour. In the worst-case scenario the result of malware infection is that the fundamental underpinnings of your operating system (the OS binaries) are corrupted. The only solution to this is to reformat and reinstall your operating system and possibly lose all of your data.

Malware can be extremely difficult to remove. Even if programs are removed through the Add/Remove Programs in the Control Panel, portions of the code may still exist on your hard drive, resulting in bad computer performance.

If you run malware removal programs note that these programs are not supported by IS&T. Running these programs may cause minor or serious malfunction of your operating system. If you do use them, be sure to first back up your data using TSM or copying to an external drive or CD.

There are programs designed to inspect your computer's software and registry and remove malware. Some of the free removal tools are:

• Ad-Aware
• SpyBot
• Windows Defender

If you use these, make sure you have the latest, up-to-date version of these programs. Try running several of them in sequence to make sure all malware has been removed. Note that running VirusScan plus an additional malware removal program simultaneously may cause conflict with the result that they are less effective, rather than more effective.