This section of our guide talks about computer viruses. While many malware infections are generally referred to as viruses, a virus is actually it's own specific entity. In computers, a virus is a program or programming code that replicates by being copied or initiating its copying to another program, computer boot sector or document. Learn about proper antivirus tools and best practices and how to remove viruses from your system here.
Table of contents
Rootkit prevention and detection
Prevent and defend against spyware infection
Tools for virus removal and detection
Viruses can be transmitted as attachments to e-mail notes, in downloaded files, or on a diskette or CD.The three basic types of viruses are file vectors, which attach themselves to program files, systems or boot-record infectors, which infect executable code found in certain system areas on a disk, and macro viruses, which infect Microsoft Word applications and are among the most common, yet least damaging, viruses.
Some antivirus tools may help protect against certain virus behaviors to an extent, but not at the level that's needed for true virus protection. So how do you get true virus protection? For starters, SearchWindowsSecurity.com's virus protection and cleansing topics section has a bounty of antivirus tips and recommendations for tools to keep your Windows networks clean.
Our resident security threats expert Kevin Beaver also offers his advice on various antivirus issues in our Windows security threats FAQ section. In this section he explains how to handle situations where your antivirus software is failing in Windows XP, a proper set of antivirus tools, and how to avoid virus infections.
It seems that one of the biggest problems plaguing Windows is recovering from a malware infection. Kevin Beaver says, "In fact, (virus recovery) is the most common question posed to me in my SearchWindowsSecurity.com Ask the security Expert forum. Whether or not they do any damage, certain adware, viruses, and (heaven-forbid) rootkits can really take considerable time to remove from a system."
So, how exactly do you recover from a virus outbreak?
Antivirus scanning tools
One tried and true option is McAfee AVERT Stinger. AVERT Stinger can both detect and remove computer viruses from your Windows system. Another popular spyware detection and removal tool is Spybot Search&Destroy. Many tools only alert you when a new piece of malware has made its way onto your system, but these two tools both allow you and/or your users to take this malware off off your system. You could also try out a series of free malware detection tools, like Windows Defender or Free Resource Center. Unlike the other tools listed here, Free Resource Center does not remove every malware threat it discovers, but it identifies any security threats that exist on your system so that you can remove it later with another tool.
Check all the obvious places such as your Windows startup folder, the Startup tab in msconfig, and any registry keys referencing this program under HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/Current Version/Run in regedit. Also, you cannot underestimate malware that's located in a seemingly benign directory such as the Windows temp directory. It's therefore important to run a full system scan.
Try loading Sysinternals' Process Explorer to view loaded processes and applications and possibly track down the malware in action. You can also run Foundstone's Vision to search for malware bound to a local TCP or UDP port. You can also use your personal firewall's application protection feature (if supported) or a network analyzer such as CommView or Ethereal to see what's taking place behind the scenes. This can help reveal suspect protocols and traffic entering and leaving your computer that you'd otherwise be unable to see.