Educational CyberPlayGround ®

How To Remove Virus, spyware, Malware from your computer

ARE YOU CRANKY, SCANKY, & INFECTED?

Disclaimer

Since there are no real directions to removing skank (it's very individual depending on what skank you have) I have written about things I've done, however you may need to do more research to remove some specific skankware.

Bottom Line

You can be doing everything perfectly right: and still get a nasty something on your machine - WHY? because when you just innocently visit a mainstream website who happens to have an infected ad server that radomly shows (unlucky you) the infected ad called a dropper - (yeah you heard me, it's easy to put exploit code into the ad itself & droppers are being built into .png - .jpg - .exe - .scr - .zip - postcards & photo files) which pushes the skank malware past all your perfectly updated critical patches that are installed, even while using the lastest Mozilla Firefox browser with "Allow Web sites to install software" unchecked while running a a perfectly good Antivirus Firewall and you still get skanked! The ad serving company really does have a responsibility to police its advertisers and profile the HTML content that they serve to user's browsers.

Why passwords have never been weaker -- and crackers have never been stronger 2012
In late 2010, Sean Brooks received three e-mails over a span of 30 hours warning that his accounts on LinkedIn, Battle.net, and other popular websites were at risk. He was tempted to dismiss them as hoaxes -- until he noticed they included specifics that weren't typical of mass-produced phishing scams. The e-mails said that his login credentials for various Gawker websites had been exposed by hackers who rooted the sites'
servers, then bragged about it online; if Brooks used the same e-mail and password for other accounts, they would be compromised too.
The warnings Brooks and millions of other people received that December weren't fabrications. Within hours of anonymous hackers penetrating Gawker servers and exposing cryptographically protected passwords for 1.3 million of its users, botnets were cracking the passwords and using them to commandeer Twitter accounts and send spam. The ancient art of password cracking has advanced further in the past five years than it did in the previous several decades combined. At the same time, the dangerous practice of password reuse has surged. The result: security provided by the average password in 2012 has never been weaker.
http://arstechnica.com/security/2012/08/passwords-under-assault/

Search engines have become a common tool for spreading malware.
Based on results from McAfee's SiteAdvisor anti-phishing tool, up to 72% of sites a search engine suggests for such simple searches as free screensavers, digital music, and popular software should be considered "risky". Overall, MSN returned 3.9% risky sites, Google 5.3%, and Ask had the worst score at 6.1%. Sponsored links returned from two to four times as many risky sites as unsponsored links. The report claims that American users follow links to malicious websites from search engines 285 million times each month.

How Vulnerable Are You?
See how "open" your machine is right now: Download Detekt software tool scans for surveillance spyware.

 

SPLOIT Metasploit Framework, Part 1 Part 2
(n.) Exploit. A defect in the game code (see bug) or design that can be used to gain unfair advantages. (Source: Dictionary of MMORPG Terms)
Metasploit Project Open-source platform for developing, testing, and using exploit code. Downloads and release notes. Inspiration to get your boss to constantly update and keep your box patched!

"Our products just aren't engineered for security."
http://www.infoworld.com/articles/hn/xml/02/09/05/020905hnmssecure.xml

2012
COMPUTER VIRUS

BOTNETS

A map of global malware distribution in March 2912. One minute of monitoring data on all the botnet nodes in the world that could be geolocated, then snipped off data representing chatter between 9:00 and 9:01 a.m. June 11, 2012. Then it parsed the geolocation, time and communications data to show where each node was, converted the data to show where on the globe each outburst was located, and slowed the whole thing down to one fifth it's actual speed so humans could see the communication as well. The result has the same creepy-crawly feeling as as close-up videos of a house infested with bugs.

 

On June 23, 2009 the company Foolad Technic was the first victim. This version of Stuxnet contained 2 0days that caused it to spread globally, leading to its discovery. Stuxnet is the first ever known Cyber Weapon. It changed the world.

1) Stuxnet (2009-2010) (2013 US and Israeldidcreate Stuxnet attack code)

The arrival of Stuxnet was like a cartoon villain come to life: it was the first computer virus designed specifically to cause damage in the real, as opposed to virtual, world. While previous malware programs may have caused secondary physical problems, Stuxnet was unique in that it targeted software that controls industrial systems. Specifically, Stuxnet was designed to damage machinery at Iran's uranium enrichment facility in Natanz. Based on the available information, including data from the International Atomic Energy Agency, experts believe Stuxnet caused a large number of Iran's centrifuges—essentially giant washing machines used to enrich uranium—to spin out of control and self-destruct. Though Stuxnet was discovered in 2010, it is believed to have first infected computers in Iran in 2009.

Researchers Connect Flame to US-Israel Stuxnet Attack 2012
Could US cyberspies have moles inside Microsoft? US government officials could be working under cover at Microsoft to help the country's cyber-espionage programme, according to one leading security expert. The warning comes in the wake of the Flame virus that targeted key computers in the Middle East, and in part used confidential Microsoft certificates in order to access machines. According to Mikko Hypponen, chief research officer at security firm F-Secure, the claim is a logical conclusion to a series of recent discoveries and disclosures linking the US government to 2010's Stuxnet attack on Iran and ties between Stuxnet and the recent Flame attack. "The announcement that links Flame to Stuxnet and the conclusive proof that Stuxnet was a US tool means that Flame is also linked to the US government," Hypponen said. U.S., Israel developed Flame computer virus to slow Iranian nuclear efforts, officials say.

But looking ahead, how will Americans respond when others begin to employ cyber means to achieve their ends, perhaps even by attacking us? After all, Stuxnet escaped from that Iranian facility into the wild, and is certainly being studied, reverse engineered and tweaked by many around the world. No country may be foolish enough to engage the incomparable U.S. military in open battle, but we seem like fairly easy pickings to the computer mice that may soon roar. Read Cool War

2) Conficker Virus (2009)In 2009, a new computer worm crawled its way into millions of Windows-based PCs around the world, creating a massive botnet army of remotely controlled computers capable of stealing financial data and other information. Its complexity made it difficult to stop, and the virus prompted the creation of a coalition of experts dedicated to stopping its spread. At its height, the Conficker worm infected millions of computers, leading anti-virus researchers to call it the “super bug,” or “super worm.” But the real mystery of Conficker, which still infects a large number of computers, is that no one knows what it was meant to do: the botnet army was never used for any specific purpose, to the best of anyone's knowledge. Conficker's real purpose still confounds security experts.

3) agent.btz (2008) This piece of malware's claim to fame is that it temporarily forced the Pentagon to issue a blanket ban on thumb drives and even contributed to the creation of an entirely new military department, U.S. Cyber Command. Agent.btz spreads through infected thumb drives, installing malware that steals data. When agent.btz was found on Pentagon computers in 2008, officials suspected the work of foreign spies. Former Deputy Secretary of Defense William Lynne later wrote that agent.btz created “a digital beachhead, from which data could be transferred to servers under foreign control.” Though some anti-virus experts have disputed the contention that the virus was the creation of a foreign intelligence agency, its effect was to make cyber war a formal part of U.S. military strategy.

4) Zeus (2007) There is no shortage of malware kits that target personal information, but Zeus has become the go-to tool for many of today's cyber criminals and is readily available for sale in the cyber crime underworld. It can be used to pilfer passwords as well as files, helping to create a literal underground economy for compromised identities that can be bought and sold for as little 50 cents. In the age of Internet banking and online shopping, a compromised identity is much more than just a name and social security number: it's your address, date of birth, mother's maiden name, and even your secret security questions (your first pet, your favorite teacher, or your best friend from grade school).

5) PoisonIvy (2005) PoisonIvy is a computer security nightmare; it allows the attacker to secretly control the infected user's computer. Malware like PoisonIvy is known as a “remote access trojan,” because it provides full control to the perpetrator through a backdoor. Once the virus is installed, the perpetrator can activate the controls of the targeted computer to record or manipulate its content or even use the computer's speaker and webcam to record audio and video. Once thought of as a tool for amateur hackers, PoisonIvy has been used in sophisticated attacks against dozens of Western firms, including those involved in defense and chemical industries, according to a white paper written by Symantec, the computer security firm. The attacks were traced back to China.

6) MyDoom (2004) MyDoom muscled its way into the malware world in 2004, quickly infecting some one million computers and launching a massive distributed denial of service attack, which overwhelms a target by flooding it with information from multiple systems. The virus spread through email as what appeared to be a bounced message. When the unsuspecting victim opened the email, the malicious code downloaded itself and then pilfered the new victim's Outlook address book. From there, it spread to the victim's friends, family and colleagues. MyDoom spread faster than any worm seen prior.

7) Fizzer (2003) By 2003, many worms were spreading over e-mail, but Fizzer was an entirely new creature. If earlier worms, like Code Red (see below), were about mischief, Fizzer was all about money. While some initially dismissed the seriousness of the worm because it wasn't as fast moving as Code Red, Fizzer was more insidious. “What makes Fizzer stand out is that it's the first instance of a worm created for financial gain,” says Roel Schouwenberg, a senior researcher at Kaspersky, an anti-virus company. “Computers infected with Fizzer started sending out pharmacy spam.” In other words, Fizzer didn't just take over your address book to spread for the sake of spreading, it used your address book to send out the now familiar porn and pills spam. Fizzer was followed by better-known spam-inducing worms, like SoBig, which became threatening enough that Microsoft even offered a $250,000 bounty for information leading to the arrest of its creator.

8) Slammer (2003) In January 2003, the fast-spreading Slammer proved that an Internet worm could disrupt private and public services, a harbinger for future mayhem. Slammer works by releasing a deluge of network packets, units of data transmitted over the Internet, bringing the Internet on many servers to a near screeching halt. Through a classic denial of service attack, Slammer had a quite real effect on key services. Among its list of victims: Bank of America's ATMs, a 911 emergency response system in Washington State, and perhaps most disturbingly, a nuclear plant in Ohio.

9) Code Red (2001) Compared to modern malware, Code Red seems like an almost kinder, gentler version of a threat. But when it swept across computers worldwide in 2001, it caught security experts off guard by exploiting a flaw in Microsoft Internet Information Server. That allowed the worm to deface and take down some websites. Perhaps most memorably, Code Red successfully brought down the whitehouse.gov website and forced other government agencies to temporarily take down their own public websites as well. Though later worms have since overshadowed Code Red, it's still remembered by anti-virus experts as a turning point for malware because of its rapid spread.

10) Love Letter/I LOVE YOU (2000) Back in 2000, millions of people made the mistake of opening an innocent looking email attachment labeled simply, “I Love You.” Instead of revealing the heartfelt confession of a secret admirer, as perhaps readers had hoped, the file unleashed a malicious program that overwrote the users' image files. Then like an old-fashioned chain letter gone nuclear, the virus e-mailed itself to the first 50 contacts in the user's Windows address book. While by today's standards, Love Letter is almost quaint, it did cause wide-scale problems for computer users. It only took hours for Love Letter to become a global pandemic, in part because it played on a fundamental human emotion: the desire to be loved. In that sense, Love Letter could be considered the first socially engineered computer virus.

7/1/05 There is a 50 percent chance your unprotected Windows PC will be compromised within 12 minutes of going online.

VIRUS - There are two sections here.

  1. Prevention / Tips
  2. Remediation / Removal

Orientation: depending on your hygiene habits . . . don't be surprised when Killing the skank that has infected your 'puter can take more than 8 hours of your time, and 1 thing is for sure . . . a single program won't do everything, it can do a lot but you'll need to use several programs to get the skank out of the machine. <sorry> but No single program removes every Pest, Virus or Trojen.

PREVENTION

  1. Virus Protection
  2. Firewalls
  3. Stay Current with Windows Update
  4. Don't download known skank. http://www.spywareguide.com/product_list_full.php

VIRUS REMOVAL TIPS:

  1. Search “buddies” and helpers aren't really your buddies they are FREAKING SKANK!!!!
  2. BACKUP IMPORTANT FILES
    Keep your documents in My Document, My Pictures, My Music, it's easier to backup than if you put it on your desktop or in some folder on the c: drive.

VIRUS REMEDIATION

  1. If you suspect you've been skanked, STOP.. No Surfing.
  2. Start up in Safe Mode
  3. Add/Remove Software that is known Skank.
  4. Disable System Restore
  5. Run Ad Aware SE Personal
  6. Run you Virus Scanner

REMOVAL - TOOLS AND SEQUENCE TIPS

1.) Get New Host File
2.) Start in SAFE MODE (Tap F8 when restarting)
3.) Disable System Restore
4.) Run AdAware SE Personal
5.) Run Spybot
6.) Run HiJackThis

DOWNLOAD a new HOST FILE copy and paste contents into your own corrputed host file found in your system folder.

START IN SAFEMODE
Directions
- How to Start in Safemode Spyware will hide in System Restore and when you reboot, it will restore itself. Right click on My Computer and the left click on Properties. Now click on the System Restore Tab and put a check in the box to Disable System Restore.

Before removing any spyware be sure that you disable System Restore on your computer.

Run Ad Aware-
DOWNLOAD FREE - Ad-Aware is designed to provide advanced protection from known Data-mining - will find, quarantine, and get rid of all the skank ware that doesn't let your machine work right.

DOWNLOAD FREE - SPYBOT Run it

OR

DOWNLOAD FREE - SPY SWEEPER Run it

 

OTHER THINGS TO DO

Windows User can run Error Checking every four weeks or so to improve performance.
Right click on the C drive, choose Properties, choose the Tools tab. Click Error Checking. You have to restart and it takes awhile, then defrag the computer.

FREE TOOLS TO CHECK YOUR MACHINE FOR VIRUS SKANK.

Here is another source to use for checking your machine or checking a single file

Everyone needs a firewall like Trend Micro PC-cillin that monitors wireless connections, alerting you whenever someone new tries to join your network or your network changes suddenly. Use PC-cillin to Check Infected Machine. Or Downlad Free Symantec to see if you're vulnerable and/or have been infected by a virus and/or Trojan Horse.

DO NOT install more than one antivirus program. They will conflict, and provide less protection, not more.

 

Be proactive rather than reactive

REVIEW OTHER SPYWARE REMOVAL TUTORIALS for cleaning your system and protecting a new system. Links to free programs and a separate page and explanation on how to use it.

Check for Internet Explorer Updates

DON'T USE EXPLORER only USE FIREFOX MOZILLA

PC Hell explains how to edit your Windows Registry. Please be careful however, incorrect changes to the Windows Registry can cause Windows to not boot. Also find Removal Instructions for Other Programs.

so then . . . for all you hard core wanna be geeks who are ready to temp the computer goddess - you can always erase your hard drive and reinstall all your programs. Luckily, there are folks out there who can help.

Check into Email Virus & Hoax Information

 

 

World's first Mac OS X virus spotted 2006-02-17

BEIJING, Feb.17 (Xinhuanet) -- A mischievous computer worm has been found to hit Apple's OS X operating system, believed to be the first such virus ever to target the Mac platform. Called OSX/Leap-A, the worm is spread via instant messaging programs, according to a posting on the Web site of antivirus software company Sophos. The virus is said to spread using Apple's iChat IM service, forwarding itself as a file called "latestpics.tgz" to an infected user's buddy contacts, according to the Sophos Web site. Clicking on the file allows the malware to install and disguise itself as a harmless-seeming Jpeg icon. "This first Macintosh OS X threat is an example of the continuing spread of malicious code on to other platforms," said Vincent Weafer, senior director at Symantec Security Response, in a statement. The worm will not automatically infect Mac computers, but will ask users to accept the file, Weafer said. Symantec has rated the worm a low-risk security threat.

Best Basic Mac OS X Security - February 16, 2006
Well, now that we have a possible candidate for another Mac trojan (not a virus, not a worm, not an exploit, and not good code) I think now's as good a time as any to cover some basic Mac OS X Security so that people not familiar with such things have more than an ice cube's chance in Phoenix at keeping secure.
Mac OS X is a secure operating system in that it's multi-user and has limits on what some user accounts can do. If an account is setup as a basic user, that user can only hurt himself, not the whole system or other users. However, in the interest of being "friendly" to new users, Apple leaves of a lot of the secure bits off for the first user created and this means that trojans like this week's can cause some pretty nasty problems on your system.
Yet, all of this is easy to correct. Just run over the following and you should be well on your way to a protected computer.