One of the most common calls we take here at G Squared Computing is from users that have been infected with Malware. I’d like to take a minute to discuss the most common vectors for attack, prevention, and cleanup. Most Malware infections we see come through one of three primary sources; Social Networking, Email, and Google Images links (USB keys are another common source). They tend to exploit un-patched operating systems or applications to enter your machine, and once there they will continue to download and infect your computer.
The best way of preventing Malware is making sure your computer operating system is up to date at all times by visiting the Windows/Microsoft Update website and patching all critical updates. Also make sure you are running the latest version of your web browser of choice whether it is Internet Explorer, Firefox, or Chrome. If your job depends on you using Google Images we strongly suggest using Google Chrome web browsers for that function. Many image farms contain millions of images and they use JavaScript often to attempt to compromise your machine when you click on the image. Google Chrome is better at blocking that particular attack than the others.
There are two very common applications that are exploited to install Malware; Adobe Acrobat and Adobe Flash.
For Adobe Acrobat – Make sure to upgrade to Adobe Acrobat X – Adobe finally built a sandbox into their product in version X and this alone makes the product an extremely compelling upgrade. Please uninstall all old versions first using add/remove programs (if you are using the standard or professional version this will not be a free upgrade – please contact us for a quote). If you are running Adobe Acrobat Reader only, then this will be a free download (please make sure to un-check the McAfee box on that page before downloading). Once Acrobat is installed go to help/check for updates and continue updating it until it is fully patched. Whenever it prompts you for patching, please make sure to run that update as it often revolves around a 0 day exploit for Acrobat.
For Adobe Flash - you will see your version information in a small box on the right. Down beneath that it will list the current version of Acrobat, if those number do not match then update your flash player. Whenever you reboot your system after this Adobe Flash will notify you if it senses an update is available, again this is generally due to a security issue and please update it immediately.
At many client sites we have put inline Malware and packet scanning devices in place either built into your firewall or as a stand-alone device. If you have any questions regarding how these technologies can assist in protecting your network please let us know and we’ll be happy to review your current solution for you. You will also want to make sure your licensing for your antivirus product is up to date and centrally installed and managed.
One thing to remember regarding cleanup is every infection is different and there is no magic bullet for removing them all. I’ll outline three tools here that will generally do a quite good job of cleaning up most infections, however the rule of thumb is; if in doubt call for technical assistance.
Step 1 – Run Microsoft Security Scanner
You need to download a fresh copy each time you run it as it will expire 10 days after being downloaded. This product is fully self-contained and does not need to be installed, simply download it, double click it and run a full scan. This may take a very long time depending on how many files you have.
Step 2 – Run Combofix
Please read the entire article on this page prior to downloading and running the application as it will disconnect you from the internet while you use it and it isn’t the most user friendly application.
Step 3 – Run Malwarebytes
Again you will want to download and install the application, once inside update the definitions and then run a full scan with this product removing all infected items.
Finally – don’t panic even if you are infected – G Squared can assist with removal of the infections often with a simple remote session and if that isn’t possible we can generally have a technician onsite assisting you on the same day.