Virus & Malware Removal
NEED HELP REMOVING MALWARE FROM YOUR COMPUTER?
Meridian has the tools & experience to clean your computer from viruses, malware, rogueware, spyware & adware to give you a fresh start free from these unwanted visitors. You can be assured your issue will be resolved quickly.
Even if you are experiencing a particularly nasty rootkit. We are experienced in recovering pc’s, networks and servers from virus infections. And we will patch your computers or servers which may be running outdated antivirus software.
Can I remove malware by myself?
Most malware virus programs are designed to be hard to remove. Malware often embeds itself in windows, hiding its files or modifying system files with its own code. Malware has become very stealthy and sophisticated, making it very difficult to detect and remove. Not to mention there a number of computer viruses that cannot be detected and removed by standard antivirus software. This makes it very hard for the average user to remove; special utilities are often required which can detect the virus allowing for its removal.
Virus/Malware education and prevention techniques
If you own a computer that has access to the Internet and e-mail, then it is only a matter of time before you fall victim to a malicious spyware program, virus, worm, or hacker. Every day we get customers coming in who are experiencing computer problems due to these threats, and it is only getting worse.
What is even more frustrating is that many of these computer users are back in my office a few days or weeks later with the EXACT same problems and end up having to spend ANOTHER hefty fee for restoring their computer back to normal.
You see, unless you learn how to ward off these evil cyber criminals and beat them at their own game, you will constantly fall victim to their pranks and criminal intent and end up spending hundreds – possibly even thousands – of dollars to get your computer running normal again.
Recently we have seen a sharp increase in the number of computer users falling victim to these attacks and that is why I decided to write this report. I wanted to arm my customers with the facts so they could avoid problems and expensive repair bills.
The information in this Guide will not only educate you as to WHY you are experiencing these problems, but also what you *must* do now to guard against the unethical actions of these cyber criminals.
Don’t Be A Victim To Online Crime!
Cyber criminals lurk everywhere and are constantly finding new ways to harm you. Even legitimate websites have sophisticated methods of snooping into your private information using cookies and spyware. If you want to make sure you aren’t their next victim, read this guide and discover:
- Computer scams, threats, and rip-offs that you MUST be aware of.
- Surefire signs that you are infected with spyware, malware, and viruses.
- Sneaky, underhanded ways cyber criminals access your computer, and how you can stop them dead in their tracks.
- The absolute worst type of program to install for your computer’s health; go to these sites and indulge in these seemingly innocent activities and you’re practically guaranteed to get infected with vicious spyware and destructive viruses.
- The single biggest cause of expensive computer repairs – and how to avoid it.
- 6 Simple steps to keep your computer safe from pop-ups, viruses, spyware, malware, and expensive computer repair bills.
Three Dangerous Threats You Must Be Aware Of
One of the most dangerous aspects of online threats is their ability to cloak their existence. Hackers and the authors of malicious spyware and malware programs go to great lengths to create programs that are difficult to identify and remove.
That means a malicious program can be downloaded and doing its dirty work on your computer long before you are aware of it. Below are the two most common threats you’ll need to guard against with a brief explanation of what they are:
Spyware: Spyware is Internet jargon for hidden programs advertisers install on your PC without your permission to spy on you, gather information, and report this information about you and your online activities to some outside person.
Spyware is NOT harmless; it can be responsible for delivering a boatload of spam, altering your web browser, slowing down your PC, and serving up a bounty of pop-up ads. In some of the more extreme cases, spyware can also steal your identity, passwords, e-mail address book, and even use your PC for illegal activities.
Most spyware finds its way onto your computer via file downloads including free programs, music files, and screen savers. While you *think* you are only downloading a legitimate program to add emoticons to your e-mails, you are unknowingly also downloading a heaping spoonful of spyware programs.
Spyware piggybacks the download and runs undetected in the background collecting information about you and sending it back to its originator until it is removed. Although spyware has malicious components, it is not illegal, and it is not considered a virus because it doesn’t replicate itself or destroy data.
Malware: Malware is short for malicious software and represents all programs, viruses, Trojans, and worms that have malicious intent to damage or disrupt a system. Malware is harder to remove and will fight back when you try to clean it from your system. In some extreme cases, we have had to completely wipe out all of the information on the computers’ hard disk and start with a complete re-install of the operating system.
Among other things, a malware infection can corrupt your files, alter or delete data, distribute confidential information such as bank accounts, credit cards, and other personal data, disable hardware, prevent you from using your computer, and cause a hard drive to crash. Frequently, malware is also designed to send itself from your e-mail account to all the friends and colleagues in your address book without your knowledge or consent.
Hackers: Hackers are computer programmers turned evil. They are the people who design the spyware and malware programs that attack your computer.
Some of them have criminal intent and use these programs to steal money from individuals and companies. Some have a grudge against the big software vendors (like Microsoft) and seek to harm them by attacking their customers (you). Others do it purely for fun. Whatever the reason, hackers are getting more intelligent and sophisticated in their ability to access computer systems and networks.
Surefire Signs That You Are Infected With
Spyware, Malware, and Viruses
Since most malicious programs are designed to hide themselves, detecting their existence not always easy. However, there are a few surefire signs that you have been infected:
You start getting swamped with pop-up ads that seem to come from nowhere and constantly interrupt your use of the computer.
- Your computer is unstable, sluggish, locks up, or crashes frequently.
- Your web browser's home page changes on its own and you cannot modify the settings. You may also see tool bars on your web browser that you did not set up.
- You get a second or third web browser popping up behind your main browser that you didn’t open or request.
- Mysterious files suddenly start appearing.
- Your CD drawer starts opening and closing by itself.
- You get constant run time errors in MS Outlook/Outlook Express.
- You filed emails in your “Sent Items” folder that you didn't send.
- Some of your files are moved or deleted or the icons on your desktop or tool bars are blank or missing.
If you are experiencing one or more of the above when using your computer, you are infected and should seek help from a senior computer technician. Before I talk about getting rid of it, let me share with you 4 costly misconceptions about spyware, malware, hackers, and other threats that you will also need to know…
The Four Most Costly Misconceptions About
Spyware, Malware, And Other Computer Threats
#1: Spyware and Malware is easy to remove.
Some spyware and malware CAN be easily removed using a program such as your standard Virus Removal Software.
However, not all malicious programs can be removed – or even detected – using your standard software. Many programs integrate so deeply into the operating system that it takes a skilled technician several hours to fully diagnose and remove the malicious program. In some extreme cases, we have had no alternative, but to wipe the hard disk clean by deleting all of the files on it and re-installing the operating system.
Obviously this is NOT an ideal situation and we do everything within our power to avoid it. Unfortunately there are some malicious programs that are so intelligent that there is simply no other way of removing them.
Of course you can use free software as a first attempt at cleaning your machine; however, if you continue to notice that your computer runs slow, if you continue to get crippling pop-ups, or any other of the tell-tale signs discussed earlier, you will need to seek the help of an experienced computer technician.
#2: It is my computer’s fault that I continue to get attacked by spyware, malware, and viruses.
In all cases, malware, spyware, and viruses are a result of some action taken by the user (you or a family member that uses your computer). Remember, cyber criminals are incredibly clever and gain access to your computer via some of the most innocent and common activities you are performing; that is why it SEEMS as though it is your computer’s fault.
For example, many of the clients we see simply downloaded an emoticon software program. Emoticons are the smiley faces and action characters that you see at the bottom of many people’s e-mails. In doing so they also (unknowingly) downloaded a payload of spyware and malware and before they knew it, could no longer use their computer due to the instability and pop-ups.
Other deadly programs to avoid are free “enhanced” web browsers, screen savers, and just about any “cute” programs you come across that are free to download. Always read the terms and conditions before downloading ANY program to look for clauses that allow them (the software vendor) to install spyware programs on your computer.
Installing programs is not the only way a hacker or malware program can access your computer. If you do not have the most up-to-date security patches and virus definitions installed on your computer, hackers can access your PC through a banner ad on the web that you accidentally clicked on or through an e-mail attachment that you opened.
Just recently, hackers have even been able to figure out ways to install malicious programs on your computer via your Internet Explorer web browser EVEN IF YOU DIDN’T CLICK ON ANYTHING OR DOWLOAD A PROGRAM. Microsoft is constantly providing patches to their operating system software and all it takes is one missed update to leave you completely vulnerable.
Finally, you should COMPLETELY AVOID any and all peer to peer file sharing networks such as KaZaa. These sites are the absolute WORST online activities you can participate in for your computer’s health because they are pure breeding grounds for hackers, spyware, malware, and other malicious attacks.
#3: If my computer is working fine right now, I don’t need to perform maintenance on it.
This is probably one of the biggest and most deadly misconceptions that most computer users fall victim to. Computers are just like cars. If you don’t change the oil, change the filter, rotate the tires, flush the transmission, and perform other regular maintenance on your car, it will eventually break down and cost you FAR MORE to repair than the cost of the basic maintenance.
There are certain maintenance checks that need to be done daily (like virus updates and spam filtering), weekly (like system backups and a spyware sweep), and monthly or quarterly like checking for and installing security patches and updates, disk defrag, spyware detection and removal, checking the surge suppressor and the integrity of the hard drive, and so on.
Your computer repair technician should be adamant that you have regular maintenance done on your computer and should offer to set up automatic virus definition updates, spam filtering (to avoid viruses), and automatic system backups that are stored on an OFF SITE location (this protects the backup from fire, flood, or other natural disasters).
If your technician does not press you to let him do this for you, then RUN – don’t walk – out of their office. Lack of system maintenance is the NUMBER ONE reason most people end up losing valuable files and incurring heavy computer repair bills. If your technician isn’t offering you these services, you need to find someone else to support your computer or network for two reasons:
- Either they don’t know enough to make this recommendation, which is a sure sign they are horribly inexperienced, OR
- They recognize that they are profiting from your computer problems and don’t want to recommend steps towards preventing you from needing their help on an ongoing basis.
Either reason is a good one to get as far away from that person as possible!
#4: The firewall and security tools provided in the Microsoft Operating System are all the maintenance and protection I need.
Again, this is a terrible misconception. Microsoft does NOT include ALL of the security features to protect your data from viruses, hackers, and data loss or prevent your PC from running slowly.
As a matter of fact, there is no one single vendor that provides ALL of the system security features you need to keep your computer and files safe from harm.
Security and protection from these malicious attacks takes a multi-faceted, layered approach.
6 Simple Steps To Secure Your Computer From Malicious Attacks and Avoid Expensive Repair Bills
While it's impossible to plan for every potential computer problem or emergency, a little proactive monitoring and maintenance of your network will help you avoid or greatly reduce the impact of the vast majority of computer disasters you could experience.
Unfortunately, we have found that most small business owners are NOT conducting any type of proactive monitoring or maintaining their network, which leaves them completely vulnerable to the types of disasters you just read about. This is primarily for three reasons:
- They don’t understand the importance of regular maintenance.
- Even if they DID understand its importance, they simply do not know what maintenance is required or how to do it.
- They are already swamped with more immediate day-to-day fires demanding their attention. If their network is working fine today, it goes to the bottom of the pile of things to worry about. That means no one is watching to make sure the backups are working properly, the virus protection is up-to-date, that critical security patches are being applied, or that the network is “healthy” overall.
While there are over 37 critical checks and maintenance tasks that need to be performed on a daily, weekly, and monthly basis, I’m going to share with you the a few that are most important for protecting your company.
Make Sure You Are Backing Up Your Files Every Day
It just amazes me how many businesses never back up their computer network. Imagine this: you write the most important piece of information you could ever write on a chalkboard and I come along and erase it. How are you going to get it back? You’re not. Unless you can remember it, or if YOU MADE A COPY OF IT, you can’t recover the data. It’s gone. That is why it is so important to back up your network. There are a number of things that could cause you to lose data files. If the information on the disk is important to you, make sure you have more than one copy of it.
Check Your Backups On A Regular Basis To Make Sure They Are Working Properly
This is another big mistake I see. Many business owners set up some type of backup system, but then never check to make sure it’s working properly. It’s not uncommon for a system to APPEAR to be backing up when in reality, it’s not. There are dozens of things that can go wrong and cause your backup to become corrupt and useless. That is why it’s not enough to simply back up your system; you have to check it on a regular basis to make sure the data is recoverable in the event of an emergency. Remember the Health Products Company that shelled out $40,000 to recover data they THOUGHT they backed up? Don’t let that happen to you.
Keep An Offsite Copy Of Your Backups
What happens if a fire or flood destroys your server AND the backup tapes or drive? This is how hurricane Katrina devastated many businesses that have now been forced into bankruptcy. What happens if your office gets robbed and they take EVERYTHING? Having an offsite backup is simply a smart way to make sure you can get your business back up and running in a relatively short period of time.
Make Sure Your Virus Protection Is ALWAYS On AND Up-To-Date
You would have to be living under a rock to not know how devastating a virus can be to your network. With virus attacks coming from spam, downloaded data and music files, instant messages, web sites, and e-mails from friends and clients, you cannot afford to be without up-to-date virus protection.
Not only can a virus corrupt your files and bring down your network, but it can also hurt your reputation. If you or one of your employees unknowingly spreads a virus to a customer, or if the virus hijacks your e-mail address book, you’re going to make a lot of people very angry.
Set Up A Firewall
Small business owners tend to think that because they are “just a small business”, no one would waste time trying to hack in to their network, when nothing could be further from the truth. I’ve conducted experiments where I connected a single computer to the Internet with no firewall. Within hours, over 13 gigabytes of space was taken over by malicious code and files that I could not delete. The simple fact is that there are thousands of unscrupulous individuals out there who think it’s fun to disable your computer just because they can.
These individuals strike randomly by searching the Internet for open, unprotected ports. As soon as they find one, they will delete files or download huge files that cannot be deleted, shutting down your hard drive. They can also use your computer as a zombie for storing pirated software or sending spam, which will cause your ISP to shut YOU down and prevent you from accessing the Internet or sending and receiving e-mail.
If the malicious programs can’t be deleted, you’ll have to re-format the entire hard drive causing you to lose every piece of information you’ve ever owned UNLESS you were backing up your files properly (see 1 to 3 above).
Update Your System With Critical Security Patches As They Become Available
If you do not have the most up-to-date security patches and virus definitions installed on your network, hackers can access your computer through a simple banner ad or through an e-mail attachment.
Not too long ago Microsoft released a security bulletin about three newly discovered vulnerabilities that could allow an attacker to gain control of your computer by tricking users into downloading and opening a maliciously crafted picture. At the same time, Microsoft released a Windows update to correct the vulnerabilities; but if you didn’t have a process to ensure you were applying critical updates as soon as they become available, you were completely vulnerable to this attack.
Here’s another compelling reason to ensure your network stays up-to-date with the latest security patches…
Most hackers do not discover these security loopholes on their own. Instead, they learn about them when Microsoft (or any other software vendor for that matter) announces the vulnerability and issues an update. That is their cue to spring into action and they immediately go to work to analyze the update and craft an exploit (like a virus) that allows them access to any computer or network that has not yet installed the security patch.
In essence, the time between the release of the update and the release of the exploit that targets the underlying vulnerability is getting shorter every day.
When the “nimda” worm was first discovered back in the fall of 2001, Microsoft had already released the patch that protected against that vulnerability almost a year before (331 days). So network administrators had plenty of time to apply the update. Of course, many still hadn’t done so, and the “nimda” worm caused lots of damage. But in the summer of 2003 there were only 25 days between the release of the Microsoft update that would have protected against the “blaster” worm and the detection of the worm itself!
Clearly, someone needs to be paying close attention to your systems to ensure that critical updates are applied as soon as possible. That is why we highly recommend small business owners without a full-time IT staff allow their consultant to monitor and maintain their network.
Additional Topics & Discussions
The number of computer viruses is increasing daily. If your computer is running slowly, displaying popup ads or just acting strangely, you probably have some form of malware. Simply installing an anti virus program after the fact will not fix the problem because malware will prevent antivirus programs from removing it. Meridian has specially developed utilities to remove the infestation and get your computer running smoothly. With our procedures we can often remove malware without needing to perform a fresh installation of windows. This saves you from reinstalling all your applications. Once the malware is removed and your computer is repaired we install anti-malware software to protect your computer from future infection.
Even with Antivirus protection computers can become infected with viruses & more commonly adware and SPYWARE. This can be a result of outdated virus definitions, involuntarily clicking on adware, or sophisticated viruses that require manual removal. It seems that in today's computing environment spyware and adware are more of a threat then ever, and it takes painstaking time & attention to fully remove these unwanted programs from your PC.
Malware – has become a multi-billion dollar industry
Malware originated from programmers that wanted to make a name for themselves in the community by exploiting operating system security holes. Since 2002 malware's main focus has become profit and quickly gained the attention of criminal organizations. It has become a multi-billion dollar industry funded by stealing your personal information, trade secrets, and banking information and lately by ransoming your data.
What is malware?
Malware is a generic term for several kinds of viruses, adware, spyware, rogueware and malicious software. The basic rule is that if a program installs itself without your consent, its considered malware or malicious software. Types of Malware includes viruses, spyware, adware, worms, trojans and root kits to name a few.
Now a days, malware along with virus protection is a must.
What does malware do?
Each malware software is different. Some malware known as spyware gathers data and your personal information. Spyware transmits this personal information back to a central location so it can be viewed inappropriately by a third party. Usually the person viewing your data illegally has malicious intents. Adware displays unwanted pop up ads, thus the adware term was invented. Just remember Malware = Malicious/ Spyware = Transmit Data/ Adware = Advertising
How does malware get on my computer?
The main method of malware delivery is via email. Email is the perfect catalyst for mass deployment of malicious software. Some email may look safe, from a known sender such as your friends or family. But be cautious. Usually malware pretends its an attachment such as a image or document. You will download this file and accidentally infect yourself. Having regularly updated antivirus software and windows updates will help battle against a threat from malware.
Signs your computer may have a virus or some form of malware:
- Your computer runs slower than normal
- Your computer stops responding or locks up
- Your computer restarts on its own
- You see unusual error messages
- You can't print correctly
- Unwanted pop-ups while on the internet
- Anti-virus application out-of-date
- Computer takes several minutes to reboot
- You have a new Home Page
- You have new tool-bars you didn't create
Malware can be very tricky to get rid of and it often takes a number of scans from multiple utility programs to make sure that the virus has been eliminated. At Meridian, we enjoy the challenge of beating up on the newest virus and malware outbreaks and we provide the best protection possible to keep your systems safe and running at peak performance.
What types of malware are there?
Here is a brief introduction to the different types of malware.
Virus: A computer virus spreads itself by smuggling its code into another program. The name is an analogy to its biological counterpart. Not only does a computer virus spread many times and make the host software unusable, but also exhibits malicious behavior.
Trojan horse/Trojan: A Trojan horse is a type of malware that is disguised as a useful program. The goal is for the user to execute the Trojan, allowing it to take full control of your PC and use it for its own agenda. This typically results in the installation of additional malware (such as backdoors or keyloggers) to your system.
Worm: Worms are malicious software that aim at spreading as fast as possible once your PC has been infected. Unlike viruses, they don’t require a host program, but instead spread themselves via storage devices such as USB sticks, communication media such as e-mail or vulnerabilities in your OS. Their propagation causes a reduction in the performance of PCs and networks, and they may also implement direct malicious behavior.
Keylogger: Keyloggers secretly record everything you type on your keyboard, which allows attackers to get their hands on your passwords or other important data such as online banking details.
Dialer: Dialers are relics from the days when modems or ISDN were the standard way of connecting to the internet. They dialed expensive premium-rates numbers, racking up astronomical telephone bills and causing enormous financial damage to their victims. Dialers are ineffective with ADSL or cable connections, which is why they are mostly considered extinct these days.
Backdoor/Bot: A backdoor is a portion of code that is usually implemented into a program by the software’s author, to enable access to your PC or an otherwise protected software function. Backdoors are often installed by Trojans once they have been executed, so that the attacker can gain direct access to your PC. The infected PC, also known as a “bot”, becomes part of a botnet.
Exploit: Exploits are used to systematically exploit vulnerabilities in a computer program. Using them, an attacker can gain either partial or full control of your PC.
Spyware: Spyware is software that spies on you, i.e. by collecting various types of user data from your PC without your knowledge.
Adware: Adware is derived from the word “advertisement”. In addition to the actual function of the program, the user will be presented with advertisements. Adware itself is not dangerous, but the display of countless adverts is generally considered undesirable and is thus detected by good anti-malware solutions.
Rootkit: A rootkit usually consists of several components that grant the author unauthorized access to the target system. In addition, these programs hide their processes and actions using other software. They can be installed, for instance, through an exploit or a Trojan.
Rogues/Scareware: Also known as “Rogue Anti-Spyware” or “Rogue Anti-Virus”, rogues pretend to be security software. They frequently use fake warnings to trick users into purchasing the software, which the attackers then profit from illegally.
Ransomware: Ransomware” is exactly what it sounds like. Ransomware encrypts the user’s personal data or may even lock the entire PC. You are asked to pay a “ransom” via an anonymous service in order to unlock your computer.
What is a computer virus?
A computer virus is a malicious program that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive; when this replication succeeds, the affected areas are then said to be "infected".
Viruses manifest themselves in several seditious, destructive and annoying ways. Pop-ups are one annoying form of a virus although technically they are just annoying advertisements.
Today there are even programs that pose as antivirus programs that tell personal computer users that their CPU is completely infected with viruses. It will tell the computer user they have thousands of viruses and they must download the virus removal program on their screen to fix the virus problem on their computer. That might be classified as adware or spyware, but actually the program itself is a virus.
We have seen viruses which will not allow the computer user to get into their computer and may display an image through the Web Cam of the unsuspecting computer user on their laptop or desktop computer. Several clients have actually contacted the FBI in regards to the FBI money pack virus. Local Police Department's have also received calls about this as well.
What is a Trojan?
A Trojan horse, or Trojan, is any malicious computer program which misrepresents itself to appear useful, routine, or interesting in order to persuade a victim to install it. The term is derived from the Ancient Greek story of the wooden horse that was used to help Greek troops invade the city of Troy by stealth.
Trojans are generally spread by some form of social engineering, for example where a user is duped into executing an e-mail attachment disguised to be pertinent to the recipient, or by drive-by download. Although their payload can be anything, many moderns forms act as a backdoor, contacting a controller which can then have unauthorized access to the affected computer. While Trojans and backdoor programs are not easily detectable by themselves, computers may appear to run slower due to heavy processor or network usage.
What is a Worm?
A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing program. Worms usually cause some type of harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.
What is an Exploit Kit?
One of the top delivery methods for malware today is by an exploit kit. Exploit kits are sneaky little suckers that rummage around in your computer and look for weaknesses in the system, whether that’s an unprotected operating system, a software program that hasn’t been updated in months, or a browser whose security protocols aren’t up to snuff (we’re looking at you, Internet Explorer).
What is Ransomware?
Ransomware is nefarious computer software that installs itself on a victim's computer without their consent or knowledge. It will execute an attack that adversely affects a users computer, and demands a ransom payment to restore it. Non-encrypting ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, and display a message requesting payment to unlock it (example, the FBI virus and all it's variations).
More advanced ransomware encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. The ransomware may also encrypt the computer's Master File Table (MFT) or the entire hard drive. Ransomware is a denial-of-access attack that prevents computer users from accessing files since it is impossible to decrypt the files without the decryption key. Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file.
According to a recent survey sponsored by Malwarebytes, more than 50% of surveyed organizations have been hit by encrypting ransomware out of 500+ IT leaders in the U.K. Germany and the U.S. and Canada.
Already this year, encrypting ransomware has become the most profitable malware type in history, as of 1Q 2016 it has generated an estimated $1 Billion per year in ransonware payments. This figure does not include the cost of remediation and restoring to pre-infection condition. One vendor, Bitdefender estimates the total cost to be $9 Billion to date.
In addition to the monetary loses, other associated costs reveal a much wider impact. According to the survey, 20% of businesses that fell victom to such an attack were forced to shut down.
How is Ransomware Distributed?
Ransomware is generally delivered via phishing emails or through exploit kits. Phishing emails contain malicious attachments, which include the ransomware or sometimes provide links directing the user to a infected webpage hosting the malware. Exploit kits are a malicious tools that hackers use to look for security holes in software that has not been updated. Once the security vulnerability has been found, the attacker can then deliver the ransomware to the computer.
How Ransomware Works
There have been thousands of different ransomware variants out there and growing by the day, the precise steps of how ransomware works to take over a system vary across different strains. Just remember, once ransomware is executed it wastes no time scanning local and connected drives for files to encrypt.
Since many ransomware variants will try to encrypt connected and shared drives, it is critical to keep external hard drives disconnected from your computer when you aren’t making backups. If they are attached when you’re being attacked it will most likely be encrypted as well. Some variants such as Locky can even encrypt unmapped network shares, making the infection even more widespread.
User account control (UAC) is a security measure that Microsoft originally introduced with Windows Vista. Windows by default limits all applications on your computer to standard user privileges. If an application requests higher privileges, you will see a pop-up appearing on your computer, requesting permission from a user with admin rights in order to continue. With UAC bypass, ransomware can stop this popup from ever appearing. Allowing the program to operate at higher privileges, making changes to your system and interact with other programs without the your knowledge.
More advanced malware encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. The ransomware may also encrypt the computer's Master File Table or the entire hard drive. Thus, ransomware is a denial-of-access attack that prevents computer users from accessing files since it is intractable to decrypt the files without the decryption key. Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file.
Encrypting ransomware infects a victim's computer using the same methods as any other malware. Some of these infection vector's are very old-school and some are fairly new and unknown to most users. Here are some of the common ways a computer may have become infected:
- Opening an attachment in an e-mail message with possibly one of the following file types: .bat, .com, .exe, .js, .lnk, .pdf, .zip, or any of the Microsoft office file types such as .doc, .docx, .xls or .xlsx.
- Clinking on a malicious link in an e-mail message.
- Clicking on a malicious Social Media message in either Facebook or Twitter.
- Opening a legitimate web-page that has been compromised.
- opening a legitimate web-page that contains malicious advertising (malvertising).
- Clicking on a malicious pop-up or a banner ad from a web-page.
- Letting a remote-support scammer connect to your computer.
What is Leakware - Also Known as Doxware?
In contrast Doxware threatens to publish stolen information from the victim's computer system rather than deny the victim access to it. In a leakware attack, malware exfiltrates sensitive host data either to the attacker or alternatively to remote instances of the malware, and the attacker threatens to publish the victim's data unless a ransom is paid. This type of attack differs from the extortion attack in the following way. In the extortion attack, the victim is denied access to its own valuable information and has to pay ransom to get it back, where as with a Doxware attack the victim retains access to the information but its disclosure is at the discretion of the computer virus. The attack can yield monetary gain in cases where the malware acquires access to information that may cause damage to the victim, by revealing information that may cause reputational damage as a result of publishing the information.
Meet Some Of The Ransomware Family
Cryptowall is one of the earliest and probably the most notorious culbrit. Cryptowall is a Trojan horse that encrypts files on the compromised computer. It then requires the user to pay a ransom in order to have the files decrypted. The threat typically arrives on the affected computer through spam emails, exploit kits hosted through malicious ads or compromised sites, or other malware.
Once the Trojan is executed on the compromised computer, it creates a number of registry entries to store the path of the encrypted files and run every time the computer restarts. It encrypts files with particular extensions on the computer and creates additional files with instructions on how to obtain the decryption key. This threat family attempts to convince the user to pay money in order to get the key to unlock their files. It uses a variety of different techniques in order to encourage the user to pay the ransom.
In Cryptowall spam campaigns, the emails usually contain a malicious attachment and include a message attempting to convince the user to download the file. The email could claim that the attachment is an invoice, an undelivered package notice, or an incoming fax report. If the user opens the attachment, then their computer will be infected with Trojan.Cryptowall.
The Trojan may also be distributed through exploit kits hosted on compromised websites or malicious ads. Some of the exploit kits that have been used to compromise users’ computers with the threat include the Rig exploit kit and the Nuclear exploit kit. Antivirus software companies continue to develop extensive IPS protections to guard against these kits. The Trojan may also arrive through other threats that have already compromised the computer, such as Downloader.Upatre orTrojan.Zbot.
Locky Ransomware Virus is a new ransomware which has been discovered and will encrypt your data using AES encryption and then demands .5 bitcoins to decrypt your files. It targets a large amount of file extensions and even more importantly, encrypts data on unmapped network shares. Encrypting data on unmapped network shares is trivial to code and the fact that we saw the recent DMA Locker with this feature and now in Locky, it is safe to say that it is going to become the norm. Like CryptoWall, Locky also completely changes the filenames for encrypted files to make it more difficult to restore the right data.
At this time, there is no known way to decrypt files encrypted by Locky.
Locky is currently being distributed via email that contains Word document attachments with malicious macros. The email message will contain a subject similar to ATTN: Invoice 9999 and a message such as "Please see the attached invoice (Which is a Microsoft Word Document) and remit payment according to the terms listed at the bottom of the invoice".
Attached to these email messages will be a malicious Word document that contains a name similar to invoice_J-99999.doc. When the document is opened, the text will be scrambled and the document will display a message stating that you should enable the macros if the text is unreadable. Once a victim enables the macros, the macros will download an executable from a remote server and execute it. The file that is downloaded by the macro will be stored in the %Temp% folder and executed. This executable is the Locky ransomware that when started will begin to encrypt the files on your computer.
Locky is very well designed, the encryption uses a server infrastructure which is resilient and difficult to take down for authorities as there are backup systems in place. The malware uses strong encryption as well and unless a big flaw is found in the attacker's methodology, victims are best served restoring from any backups they may have.
Hollywood Presbyterian Medical Center made headlines recently after it paid $17,000 to ransomware attackers to restore and decrypt files the malware took captive.
One would have to guess if they decided to pay the ransom, it probably means that they;
- They weren't able to recover the data
- Didn't have very good backups
- That the data would have been lost if they didn't pay the ransom
With so much sensitive information at the mercy of hackers, hospitals, schools or other government-related institutions have a lot to lose if such files cannot be recovered.
Zcryptor is a new type of ransomware that unlike it's predecessors exhibits worm-like behavior. This ransomware leverages removable and network drives to propagate itself and affect more users. Zcryptor is distributed through spam email. It can also be installed on your machine through other macro malware, or fake installers such as (Flash Player setup). To make matters worse, ZCryptor drops an autorun.inf file on removable drives, which allows it to infect any computer these drives are plugged into. Microsoft researchers explain that the malware also leverages network drives to propagate itself, and that it drops copies of itself in different locations and changes the file attributes to hide itself from the user in file explorer.
At this time, there is no known way for users affected by ZCryptor to recover their encrypted files for free, unless they have a secure backup of their data on hand.
A MASSIVE RANSOMWARE attack spread across the globe early Friday morning, May 12th, 2017, locking up thousands of hospital, telecommunications, and utilities systems in nearly 100 countries. The attack used data stolen from the NSA to exploit vulnerabilities in Microsoft Windows and deliver the WanaCrypt0r ransomware. WannaCry uses a type of worm that spreads rapidly across networks via a vulnerability that was present in windows. This worm, once inside a network spreads like wildfire from computer to computer, without any action from the computer’s user.
This issue was actually patched by Microsoft in March 2017, meaning the worm only impacted computers with out-of-date operating systems. This is typical of hospitals which are bound to existing hardware that is not built to handle modern operating systems, yet are always connected to the internet.
Because this worm only impacts computers that have not had the most recent Windows update installed, any vulnerable computer open to the internet is at risk. This is why we always stress the importance of keeping all software, especially your operating system, up to date.
The demand from WannaCry was for $300 per PC.
The WCry ransomware, also referred to as WNCry, WannaCry, WanaCrypt0r or Wana Decrypt0r, was originally spotted in campaigns in early February 2017, with more campaigns following in March. It wasn’t until now that the attack went global.
Unlike most ransomware campaigns, which usually target specific regions, WCry is targeting systems around the globe. The authors have been courteous enough to provide translations of the ransom message in 28 languages.
Like most ransomware families, WCry renames files it encrypts, adding the .WNCRY extension.
On June 27, 2017, an updated version of Petya was used to attack companies across the globe. It all started in Ukraine, then spread to Spain, France, UK, and then spread FAST across Europe. People couldn't access their money because banks are down as well as government PCs, airports, and cell providers.
Upon boot-up, computers were displaying a cryptic message demanding payment of $300 paid out in Bitcoin per computer to decrypt and access their files.
The attack is the latest in a series of global cyber-attacks, including the WannaCry ransomware attack that infected hundreds of thousands of computers last month.
Initially, researchers said the malware was a new version of the Petya ransomware that first struck in early 2016. Later, researchers said it was a new, never-before-seen ransomware package that mimicked some of Petya's behaviors. With more time to analyze the malware, researchers on Wednesday are highlighted some curious behavior for a piece of malware that was nearly perfect in almost all other respects: its code is so aggressive that it's impossible for victims to recover their data.
Like most forms of malware, ransomware infections may arrive through malicious web pages, infected thumb drives, or other common attack vectors. But the most common infection vectors are email-based—often using the same techniques found in phishing emails.
“Phishing” is when criminals send a seemingly legitimate email that disguises a malware-laden attachment or link to an infected website. Criminals often use phishing to trick users into submitting sensitive information such as passwords or credit cards; but these days, they’re also using it to spread ransomware.
In a recent study, 94% of people couldn’t tell the difference between a real email and a phishing email 100% of the time. When study participants received an email that was spoofed to appear as if it was sent by UPS, 62% trusted it enough to click the link.
Help stay protected against ransomware:
- Back-up your files to an offsite enterprise grade backup service. Establish and maintain regular backup routines - off site (cloud-based), generational (versioning), automatic and tested on a regular interval. This won't prevent the infection, but will eliminate the need to pay the ransom.
- Set up standard users with limited privileges (not administrator or local administrator).
- Beware of phishing emails, spams, and clicking malicious attachment. Train users on the dangers of opening attachments or clicking on links in e-mails. Some of the most common infected attachments are resume.zip, invoice.docx, and there are others that masquerade as failed delivery notices from DHL, Fedex, UPS, or USPS. They can also be disguised as faxes, photos, voicemail messages, court appearance notices or missed jury duty notices.
- Change the default settings in Windows Explorer to show all File Extensions.
- Disable the loading of macros in your Office programs. Make sure Microsoft Office is set to not allow macros in documents downloaded from the web.
- Keep your Windows Operating System and antivirus up-to-date. Set them to download and install updates automatically. Use a patch management program to automatically keep ancillary programs updated, such as Adobe AIR, Flash, Reader, Shockwave, Java, Browsers, Media Players etc.
- Change the default file association for .js file types to open in Notepad instead of java.
- Enable file history or system protection. In your Windows 10 or Windows 8.1 devices, you must have your file history enabled and you have to setup a drive for file history
- Use web filtering protection. It will prevent you from browsing sites that are known to be hosting exploits, and protect you from socially-engineered attacks such as phishing and malware downloads.
- Disable your Remote Desktop feature whenever possible
- Use two factor authentication
- Use a safe internet connection
- Avoid browsing web sites that are known for being malware breeding grounds (illegal download sites, porn sites, etc.)
What to do if you're hit with ransomware?
Unfortunately, if you haven't backed up your files offsite, there's nothing much you can do, except pay the ransom. Of course, there is no guarantee you'll get your data back. Plus, that just empowers the perpetrators and opens the door for future malware attacks. So what's the best course of action? Stop the attack from happening in the first place. But most importantly, Make sure you have good off site backups.
Some possible ways to recover data files:
- Restore from a cloud-based backup service as of a specified date and time before the encryption occurred.
- Try to restore from Shadow Volume Copies.
- Look in the recycle bin for non encrypted files, the file names and suffixes may have been changed.
- Try an Undelete utility program where file names and suffixes have been changed.
Phishing is a form of fraud in which cybercriminals masquerade as a reputable person or a legitimate organization. They often try to obtain sensitive information, such as login credentials or account information. They then use this information to steal money, data, and even people's identities.
Cybercriminals execute phishing attacks through various communication channels, including phone calls, instant
messaging, and Short Message Service (SMS) messaging. However, the most common channel is email messages, as it
enables cybercriminals to attack a massive number of people at once. Cisco Systems reports that in a typical
phishing attack, emails are sent to about 1 million people. In email phishing scams, cybercriminals use a convincing pretense to lure recipients into performing an action. These digital con artists usually want the recipients to click a link or open an attachment. Doing so often unleashes malware.
The phishing email itself is harmless. Recipients can simply delete it to avoid becoming a victim. However, if they fall for the scam or inadvertently click the link or open the attachment, they might release one of many different types of malware. For example, the malware might be a web trojan that collects credentials from victims' computers, a keylogger that tracks input from their keyboards, or ransomware that encrypts and holds their files for ransom.
Types Of Phishing Scams To Look Out For?
An advance-fee scam is a type of fraud that involves promising the victim a significant share of a large sum of money in return for a small up-front payment. If a victim makes the payment, the fraudster will either invent a series of new fees for the victim to keep paying, or will simply disappear.
Traditional Phishing Scams
Phishing is the attempt to obtain sensitive information such as your username, password and credit card details by pretending to be a trustworthy entity such as Microsoft, Amazon, PayPal, ebay or your bank. While most traditional phishing scams are implemented via email, many phishing attempts happen through social media or other legitimate web-sites. Recently the most common have been Tech Support scams.
Microsoft Tech Support Calling?
What would you do if you were faced with a pop-up telling you that your computer has a virus and that ‘tech support’ is conveniently letting you know?
The solution seems only a quick call away. The popup even provides you with an 800 number.
But, it’s the people who are claiming to help you that are about to load your computer full of junk and charge your credit card for the privilege.
The scam is simple. Someone calls, pretending to be calling from Microsoft or a partner company. They ask you to give them remote control access of your computer, then trick you into installing their software after they show you lists of fake error reports.
Once the installation is complete, they ask for your credit card details to charge you for the ‘anti-virus’ they have just installed. In the meantime, you have absolutely no way of knowing what has been installed and what kind of private information you have just given away. Microsoft is aware of these scams and reports on their website:
“You will never receive a legitimate call from Microsoft or our partners to charge you for computer fixes.”
Cloud Storage Phishing
Utilizing the suites that many people now rely on for work, these phishing scams are conducted via shared documents. In past phishing scams, Google and Dropbox have even unknowingly hosted these scams in the past with SSL certificates, giving them the appearance of being 100% legitimate.
The most recent example making waves was a phishing email that appeared as a Google Doc. It urged users to give permission to the app in order to view the document through a genuine Google Sign-in screen. These permissions allowed a malicious third party web app to access your email and contacts, in turn spreading the phishing email to your contacts.
Which was popular a ways back seems to be making a comeback. This method redirects traffic from a legitimate site to a malicious one without your knowledge. Any personal information you enter into this page is going directly to the scammers. These pages are usually reached via links shared in deceptive phishing emails, Skype chats and social media ads.
There has even been a type of scam that prevents users from closing their browser without calling the number on their screen to have the message removed. This kind of scam borders on the edge of ransomware as you feel forced to call and inevitably pay to have your system ‘cleaned.’
These popups flood websites with high amounts of traffic and popular search engines. Even if you google tech support online these scammers have paid to reach the top of search engine listings. Even if they don’t convince you with the popup, they can easily convince you from a google search that they are a legitimate online tech service.
How To Prevent Phishing Scams
What can you do?
Though scams are getting more sophisticated all the time, there are easy steps you can take to prevent phishing attacks.
- Ignore pop-ups within your browser that lock up your screen or ask you to call a number to ‘clean your system.’
- If your browser is locked by the popup, move your mouse to the clock in the bottom right hand corner of your screen and right click to open the ‘task manager.’ Select your web browser from the list and close the program.
- If the popups continue, contact Meridian immediately to remove the software that was installed by the scammer and to clear your computer of potentially unwanted programs (PUPs) that may be causing the popups.
- If you receive phone calls claiming to be tech support or Microsoft, simply hang up.
- If you are already infected and have paid for the service offered over the phone, immediately dispute the transaction with your bank and contact a trusted computer technician to remove the software that was installed by the scammer.
- DON’T click on any links in emails claiming to be from your bank or any other trusted organisation. Especially if it asks you to verify or update your personal details. Delete these immediately. If you’re in doubt, manually type in the company’s address into the browser and access your account that way.
- NEVER provide personal information in an unsolicited phone call. Even if you believe the person calling you is legitimately from your bank, call your bank directly on the number listed on their website to be sure. They will confirm if you were contacted and why. Never return a call on a phone number given to you by the caller directly.
- Use a reputable anti-malware solution to keep nasty popups out of your browser.
How to Spot Phishing Attacks?
To get more information on phishing, download our white paper called "How to Spot Phishing Attacks".
What is spyware?
Spyware behaves differently than viruses as spyware is basically computer software that gathers information from your computer without your knowledge and usually transfers the information to a server or email address on the internet. Spyware is normally associated with freeware or shareware programs. You download and install a free program and the spyware is installed as well and begins tracking your moves on the internet for instance. Virus and spyware removal processes are different but they should be performed together as one could open the door to allow the other into your computer. So, when you are trying to get rid of a virus, make sure you also focus on spyware removal as well.
When a spyware program is tracking what you do on your computer, it can display ads (referred to as adware) that will be targeted to your internet browsing history and cookies. All browsers and operating systems can be suseptible to these tactics but the Windows operating systems are the most targeted and tend to require more attention during the spyware removal process.
Examples of spyware can be as simple as a browser cookie or as complex as the Zlob Trojan which can track your search history, websites you frequent and it can log your key strokes. Installing toolbars in your browser is one of the worst things you can do as it not only slows down the browser but it gives the toolbar a front seat view as you surf the web. One of the worst toolbars is the Cool Web Search toolbar. It can be a real problem as it could redirect traffic and displays pop up ads.
A spyware program is rarely alone on a computer, usually a computer will have multiple infections. Users frequently notice unwanted behavior and degradation of system performance. A spyware infestation can create significant unwanted CPU activity, disk usage, and network traffic. Stability issues, such as applications freezing, failure to boot, and system-wide crashes are also common. Spyware, which interferes with networking software, commonly causes difficulty connecting to the Internet.
In some infections, the spyware is not even evident. Users assume in those situations that the performance issues relate to faulty hardware, Windows installation problems, or another infection. Some owners of badly infected systems resort to contacting technical support experts, or even buying a new computer because the existing system "has become too slow". Badly infected systems may require a clean reinstallation of all their software in order to return to full functionality.
Moreover, some types of spyware disable software firewalls and anti-virus software, and/or reduce browser security settings, which further open the system to further opportunistic infections. Some spyware disables or even removes competing spyware programs, on the grounds that more spyware-related annoyances make it even more likely that users will take action to remove the programs.
Keyloggers are sometimes part of malware packages downloaded onto computers without the owners' knowledge. Some keyloggers software is freely available on the internet while others are commercial or private applications. Most keyloggers allow not only keyboard keystrokes to be captured but also are often capable of collecting screen captures from the computer.
A typical Windows user has administrative privileges, mostly for convenience. Because of this, any program the user runs has unrestricted access to the system. As with other operating systems, Windows users should use the least privilege, non-administrator accounts. Alternatively, they can also reduce the privileges of specific vulnerable Internet-facing processes such as Internet Explorer.
To make matters worse, malicious programmers have released a large number of rogue (fake) anti-spyware programs, and widely distributed Web banner ads that warn users that their computers have been infected with spyware, directing them to purchase programs which do not actually remove spyware, they may end up adding more spyware of their own.
The proliferation of fake or spoofed antivirus products that bill themselves as anti spyware continues to rise. Users may receive popups prompting them to install programs to protect their computer, when it will in fact add spyware. This software is called rogue software or rogueware. It is recommended that users do not install any freeware claiming to be anti-spyware unless it is verified to be legitimate.
What is Adware?
Adware, or advertising-supported software, is any software that automatically displays advertisements in order to generate revenue for its author. The advertisements may be in the user interface of the software or on a screen presented to the user during the installation process. The functions may be designed to analyze which Internet sites the user visits and to present advertising pertinent to the types of goods or services featured there. The term is sometimes used to refer to software that displays unwanted advertisements known as malware.
In legitimate software, the advertising functions are integrated into or bundled with the program. Adware is usually seen by the developer as a way to recover development costs, and in some cases, it may allow the software to be provided to the user free of charge or at a reduced price. The income derived from presenting advertisements to the user may allow or motivate the developer to continue to develop, maintain and upgrade the software product.
The term adware is frequently used to describe a form of malware which presents unwanted advertisements to the user of a PC. The advertisements produced by adware are sometimes in the form of a pop-up or sometimes in an "unclosable window".
While some sources rate adware only as an "irritant", others classify it as an "online threat" or even rate it as seriously as computer viruses and a Trojan. The precise definition of the term in this context also varies. Adware that observes the computer user's activities without their consent and reports it to the software's author is called spyware. However most adware operates legally and some adware manufacturers have even sued antivirus companies for blocking their software.
Unwanted program Removal
What is a PUP?
PUP stands for Potentially Unwanted Program, and programs that fall under this moniker are slightly different than malware. A Potentially Unwanted Program is an application that is installed along with the desired application the user actually asked for. Also called a barnacle, in most cases, the PUP is spyware, adware or some other unwanted software. However, what makes spyware or adware a PUP rather than pure malware is the fact that the end user license agreement (EULA) does inform the user that this additional program is being installed. Considering hardly anyone ever reads the license agreement, the distinction is a subtle one.
From a technical standpoint, a PUP is not malware. PUPs are not created with the intent to destroy your computer or steal your personal information. Rather, PUPs are usually just marketing tools that find their way onto people’s computers through a bit of social engineering.
In the past, PUPs were referred to as spyware and ad-ware, but many of the companies that create these programs didn’t like these terms. They found them counterproductive, as they associated their programs with malware and scared people away. As such, there now exists a fine legal line between what constitutes a PUP and what constitutes malware, and anyone in the business of labeling programs must be cautious about which term they use.
The Problem with PUPs
The problem with PUPs is that most people don’t have just one; they usually have a number of them installed. This happens because, over time, most computer users download a lot of freeware – and most of this freeware comes loaded with at least one PUP.
Load your computer with too much of anything, and you can be sure that it will slow down. At the end of the day, this is why PUPs are named the way they are. “Potentially unwanted” because if you install enough of them, your computer is going to turn into a slug.
What is a PUM?
Potentially Unwanted Modification's are not infections but rather settings which you may have made and in some cases, malware also makes. A PUM is an unwanted change made to your computer's settings. PUMs can be performed by both legitimate applications and malware, though changes made by malware are more likely to cause serious problems. In some cases, you may not know about a PUM until after it has taken place.
PUMs often modify settings at the system level. On Windows systems, this usually involves updating the Windows registry. In Mac OS X, a PUM may modify the System Preferences or the Launch Services database. A common example of a potentially unwanted modification is when the default program is changed for one or more file types. Many applications set themselves as the default program for supported file types when they are installed. While most programs ask you if you would like them to be configured as the default application, some do not. Even programs that do ask for your permission may change more file associations than you expect.
When a default program is changed, it may be a nuisance, but it will not cause serious problems and can easily be fixed. Other PUMs involve more complex changes and can create security problems with your computer. Examples include PUMs that modify your Internet security settings or change your user login preferences. These types of changes may be caused by viruses or spyware and should be fixed as soon as they are found. Installing an Internet security program on your computer is a good way to both prevent and fix unwanted modifications made to your system.
The difference between Anti-Virus and Malware Software?
We are often asked this question by concerned PC users. Let’s start by explaining what are considered viruses and what is considered malware. A virus is a piece of code that is capable of copying itself in order to do damage to your computer, including corrupting your system or destroying data. Malware, on the other hand, is an umbrella term that stands for a variety of malicious software, including viruses, Trojans, spyware, worms, adware, ransomware. So for now, we can say all viruses are malware, but not all malware are viruses. This why users need to have both types of programs (anti-virus & anti-malware) running at the same time. By taking a layered approach to security, the end user has a much better chance of avoiding any type of infection.
To further clarify the difference of viruses & malware. We need to take a broader look at the evolution of both. Viruses have been around for a while and haven't changed all that much. They aren't used very often by today's cyber criminals, which is why many antivirus companies have evolved to fight more than just viruses. This can include infectious malware like worms, web threats like key loggers, or concealment malware, such as rootkits.
So why use anti-virus software at all?
While anti-virus software deal’s with more established threats, such as Trojans, viruses, and worms, which are still circulating in the wild and a PC user still needs to be protected. Anti-malware, by contrast, typically focuses on newer threats, such as polymorphic malware and malware delivered by zero-day exploits. Antivirus protects users from lingering, predictable and still dangerous malware. Anti-malware protects users from the latest, currently in the wild, and even more dangerous threats. In addition, anti-malware typically updates its rules faster than antivirus, meaning that it's the best protection against new malware you might encounter while surfing the net. By contrast, antivirus is best at crushing malware you might contract from a traditional source, like a USB or an email attachment.
Which one should you choose?
There is no one tool can catch everything, which is why we recommend a layered approach. It's better to have more than one set of eyes looking at threats from different angles. Your best bet is to use an antivirus program to catch the classic threats and an anti-malware program, like Malwarebytes Anti Malware, for the newer, more advanced dangers. And you needn't worry about the impact of running two real-time scanners at the same time on your machine's performance—most anti-malware software is lightweight, easy-to-run, and designed to work alongside antivirus.
The Layered approach
By installing several different types of malware software, you can reduce the chances of becoming infected by one of today’s malicious threats. There are various products out there that cover viruses, malware, adware, spyware, rogueware etc. Finding a good mix between an AntiVirus program and a Malware program is a good start. In addition you might consider adding a web-filtering program that will add another layer of protection to your web-browsing experience.
But please keep in mind that even the best anti-malware and anti-virus programs are only as good as your ability to keep them up to date. So keep the program up to date and scan the computer regularly.
Recent Virus & Malware Topics
Sign up with your email address to receive news and updates.
We respect your privacy.