Operating and managing a remote server located in a data centre is often carried out by using a secure network connection provided by the SSH protocol. The necessary registration on the server is preceded by an authentication process. Usually this occurs in the form of the username and password. Alternative methods such as the public key authentication used by SSH, do have their advantages. But [...]
Malware removal: how to recognise, remove, and prevent malware
Malware comes in many forms: the unwanted programmes can surface as pathogens, spies, or remote controls in computers. Whether it’s a virus, spyware, or a Trojan horse, this harmful software should be kept well away from your computer. What are the different types of malware? We show you how to protect yourself from them and what steps to take if your computer or web space are affected.
- What exactly is malware and what are the different types?
- Who is affected by malware and how do you recognise an attack?
- Preventative measures against malware
- Use internet applications wisely
- How to remove spyware, Trojans, viruses, etc.
- Malware on websites
- Never underestimate the dangers of malicious software
What exactly is malware and what are the different types?
Programmes that intend to cause damage are known as ‘malware’. Most users refer to these programmes as viruses, but this doesn’t show the full extent of these harmful programmes: a computer virus is actually a type of malware and can differ from many other types.
Viruses are programmes that are able to spread independently by making copies of themselves and infiltrating other computer programmes. This is the oldest and best known type of malware. When a virus programme is started, it multiplies, and can then interfere with a computer’s functions, destroy data, spy on the user, or even cause damage to the hardware.
Worms reproduce too, spread more actively than viruses, and don’t depend on other files. Computer worms use networks or removable media to gain access to other systems and usually need a programme to aid them in this task. Worms that spread through e-mails use the user’s e-mail programme to send themselves to all contacts in the address book. Worms, just like viruses, can damage the system and are often used to gain secret control over the computer. They are the most common types of malicious software.
A Trojan horse, or simply ‘Trojan’, pretends to be a useful and safe application at first so that it can access a computer’s system (just like in ancient mythology when the Greeks used the wooden horse to enter the city of Troy). They perform functions that are mostly hidden from users. Trojan horses can carry out lots of harmful actions such as monitoring a computer’s data traffic. Some of them copy information or files and send them on while others execute specific tasks on the computer and change or install new software (mostly other malicious software such as spyware or adware). Trojan horses can even be controlled remotely (through a backdoor function), which gives other users the chance to hijack the computer for cybercriminal purposes.
The word ‘adware’ is a contraction of ‘advertisement’ and ‘software’ and it works by inserting advertising into programmes. It is often included in free software and is mostly legitimate, but can be dangerous if it makes any changes on the system or to the browser settings without permission, or shows pop-ups or fake websites.
This software is used to uncover user data and send it to the creator or a third party with the user completely unaware that their behaviour is being recorded. The information obtained by the spyware is often evaluated for commercial purposes so that tailored ads can be shown, for example.
Since spyware and adware don’t cause any direct damage, these kind of programmes fall into the ‘greyware’ category. Greyware can also affect the performance and security of your computer.
These aim to scare and unsettle the user by displaying fake warnings about malware detected on the computer. If, at the same time, a fee-based software is advertised claiming to be able to remove the alleged malware, this is known as rogueware or rogue security software. If the user then buys this supposed useful application and installs it, even more malware will usually appear on the computer.
This extortionate software goes one step further than scareware: ransomware blocks access to a computer’s operating system or blocks important files. In order to have the block lifted, the programme demands a ransom payment.
Backdoor (also known as trapdoor)
This is more a function rather than an independent programme. Part of a software is known as backdoor when an external user gets access to a computer. This happens without the rightful user knowing.
Remote access is often exploited in order to carry out denial-of-service attacks, which is when internet services are paralysed, or sent spam e-mails. Backdoors may be installed by Trojan horses, worms, or viruses.
Who is affected by malware and how do you recognise an attack?
Both individuals and companies can fall victim to malware. The above list demonstrates how many different types of malicious programmes there actually are as well as how diverse their purposes are: they are rarely just digital vandalism. It’s much more common for malware to be targeted – to expose data and use it to gain profit, to place ads and bids, to sabotage certain computer systems, or to take control of an external computer.
Malware remains undetected for as long as possible so that it can use the infected computer for its own aims. However, certain symptoms reveal that a computer has been infected with malicious software:
- The computer randomly shuts down, won’t start up, or the system suddenly crashes.
- The computer runs much slower than usual (due to increased processor load).
- The internet speed is slower than usual (due to increased data traffic).
- There is an increase in unwanted internet content such as promotional pop-ups, automatic redirecting to undesired sites, or the sudden appearance of a new home page, search machine, or new tool bars in the browser.
- Programmes are faulty or crash. Some viruses can even deactivate anti-virus programmes and firewalls, which can be another indication that malware has infiltrated the system.
- Unwanted programmes have been installed. Sometimes these open by themselves.
- Changes on the computer are evident (e.g. new files or folders that you don’t recognise, the mouse cursor being remotely controlled, e-mails or social media messages being sent by ‘you’).
Preventative measures against malware
Certain software helps to protect your computer, but it’s your responsibility to make sure your computer doesn’t become infected with malicious software. There may be software-based protection measures, but you need to make sure you’re aware of the proper guidelines on internet use.
To make sure that your system is basically immune from malicious software, the following software should be present on your computer:
- A current and tested antivirus programme: an antivirus software (also shortened to ‘AV’) runs constantly in the background and helps protect your computer against any known malware. It needs to be updated regularly so that it can recognise as many different types of malware as possible. Windows operating systems include an AV programme: Microsoft Security Essentials (Windows, Vista, Windows 7) or Windows Defender (Windows 8 and above). There are many tested antivirus programmes available for free such as software from Avast, Avira, and 360 Total Security. The programme are available in different versions; for Windows as well as Mac and Android operating systems. Another well-known and free antivirus solution for Windows is the Panda Free Antivirus.
The terms 'antivirus' and 'antivirus program' are quite misleading: of course, you can protect your computer from viruses and remove almost every kind of virus (or at least get tips on how to go about removing it). This also applies to worms, Trojans, and other forms of malware. This means therefore that antivirus software protects your system from further malicious programmes and not just computer viruses as well as helping to remove various malware. This is why ‘anti-malware software’ is often mentioned in this context.
- Active firewall: your firewall needs to be turned on in order to protect your computer from undesired network access. A firewall is an integral part of many operating systems, including Windows.
- The current version of your operating system: malware often takes advantage of gaps in security to access your computer, but regular updates will ensure any gaps are closed. Make sure that your operating system is always up to date; you can even set your system to carry out updates automatically.
- Current versions of your programmes: continuously update your software, especially ones that connect to the internet. Outdated versions of web browsers, Java, Flash, and other applications often have security gaps where malicious programmes can gain access to your system.
Use internet applications wisely
Often, it’s just a careless browsing mistake that leads to malware ending up on your computer. Just by following a few guidelines, you can reduce your chances of becoming infected:
- Only accept programmes and files from trusted sources. Software and updates should always be downloaded from official websites or, in the case of freeware or software, from reputable and well-known download portals.
- When installing new programmes, make sure that you don’t accidentally install any unwanted programmes.
- Don’t open e-mail attachments and links from unknown senders or click on any messages with dubious subject lines.
- Don’t click on any old advertisement, banner, or pop-up. Especially avoid links advertising special offers, coupons, or any other questionable deals.
- Be cautious with sensitive data such as bank details, login information, and passwords.
- Save backup copies of all your important data externally in case your computer does become infected with malware, and this can only be rectified through formatting the system.
How to remove spyware, Trojans, viruses, etc.
If you suspect that malware has found its way onto your computer, you need to take appropriate action immediately. There isn’t a general procedure you can carry out to eliminate malicious programmes, but with a little online research you can find out about the symptoms of an infection and find a tried and tested solution. This research shouldn’t, of course, be carried out on the infected computer – take it offline immediately and shut it down before the malware causes even more damage.
Remove malicious software from your computer with the help of an antivirus programme
If you suspect that there’s malware on your computer, you should proceed as follows:
- Start your computer in safe mode (malicious programmes aren’t loaded in this mode). In Windows, press the F8 key repeatedly when booting the PC to access the boot menu. Here select ‘Safe Mode with Networking’ because you need internet access to carry out the following actions.
- The next step is getting your antivirus programme to check the whole computer system. Make sure that you have the newest version and update it if necessary. Antivirus software can only recognise and remove known malware, which is why an antivirus programme never provides complete protection. Certain infections are able to hide from antivirus software.
- In addition to the antivirus software that you’ve already used, you should now re-examine the whole computer with a more specific anti-malware software. There are many free programmes and trial versions of fee-based software that are specialised in the removal of malware e.g. Malwarebytes Anti-Malware and SUPERAntiSpyware Free Edition. A reliable malware detection programme is the Microsoft Safety Scanner. With the ESET Online Scanner and the Bitdefender Quick Scan, you have various tools at your disposal that don’t require installation. If you have unwanted adware programmes or toolbars in the browser on your Windows PC, the AdwCleaner can help.
Some antivirus programmes offer various extensive malware scans – a quick scan usually takes about 20 minutes with a complete inspection taking around one hour. Any malware found can be removed at the end. After restarting the computer, the programme should show that your system is fully protected.
Remove malicious software from your computer using an emergency system or formatting
A more expensive, but fool proof solution is emergency software like the Kaspersky Rescue Disk, the F-Secure Rescue CD, or KNOPPIX. The programmes can be downloaded for free and copied as a bootable ISO format on a removable storage device. Before your computer starts up, the emergency software performs a malware check and removes anything dangerous. If your computer is very badly affected by malware, it won’t even start so these emergency systems are the only solution to get your computer back up and running.
If the computer is still experiencing problems that can be traced back to malware, you have two options: you can either contact an expert for their help, or you can continue to tackle the problem yourself by backing up your personal files, formatting all hard drives, and re-installing the operating system. Formatting is definitely the most complex approach in combating malware, but it’s also the most secure method since some viruses plant themselves deep in the system or install other malware which might not have been picked up during the scan.
Malware on websites
It’s not just computers that fall victim to malicious software; websites and their associated web space can also be attacked. Administrators will normally receive a message from the internet provider or from the search engine to say that their website has been infected. Web hosting providers as well as companies like Google regularly analyse websites for malicious code. They often already have some preventative measures in place to make sure malware can’t find its way onto your site.
Safety measures for web hosting
With the following precautionary measures, you can protect your website against malware:
- Encrypted web space access: instead of using normal FTP access, use FTP over SSL (FTPS) or SSH File Transfer Protocol (SFTP). Your online storage space will be better protected if it’s encrypted.
- Secure usernames and passwords: ensure you choose unique passwords and make them as complex as possible (it should ideally be made up of more than eight characters and contain upper and lower case letters as well as numbers and/or special characters). Your username should also be unique; don’t just stick with generic usernames like ‘admin’.
- Two-factor authentication: a two-factor authentication for the registration process can be added to many content management systems and other programmes. This is possible with WordPress and Joomla! using the Google Authenticator. In addition to username and password, a further password is required, which is similar to the mTAN generation process in online banking. You usually receive this code via a smartphone app. This extra step in the log in process increases the security of your login.
- Up-to-date CMS and additional software: security gaps in old versions of content management systems can be an access point for malicious software to infiltrate. You should, therefore, always make sure to use the most stable and secure version of your software – this also applies to plugins, themes, and other extensions and programmes that you use for your website.
- Backup copy: regularly create backups of your entire website, including the database, and save it on a local hard disk. If your website becomes infected by malicious software, you can restore everything using the backup. It’s not recommended to leave the backup solely on the web space since everything placed there is at risk of being infiltrated.
Removing malicious software from your website or web space
If your website has been hacked and is now infected with malware, you should take it offline; an infected website often serves as a transmitter of malicious software and infiltrates the computers of those visiting the website.
If you haven’t been informed about the infection by your website provider, you should tell them yourself. Hosts can often help you with the removal of malware. You can also take these few steps by yourself to ensure that your web server is secure again:
- Check your computer for malicious software: you need to rule out that your computer is causing the problem. To do this, examine your computer as described above and make sure it’s cleaned of any problems. Do this with all computers connected to the web server via FTP.
- Change all passwords: it’s likely that at least one of your passwords was cracked. Therefore, you should change all access codes associated with your server and the hacked website. This includes passwords for FTP access and the administration area as well as passwords for the site’s database, for all website users, and for SSH access (if available).
- Find the damage and repair it: Google Search Console (originally known as Google Webmaster Tools) is a well-known tool that can detect when a website has a malware infection. For this, you need a Google account (available for free). This service scans websites for any malicious software and then provides assistance to help solve the problem. You can alternatively locate the website’s infected files yourself, but this needs some know-how.
- Use the backup: once you’ve located the infected files, replace them with uninfected copies from a previous backup. To ensure that malware has been removed, you must delete the entire page, carry out a reinstallation, and insert all website files from the clean backup. If you don’t have a backup copy or the one you do have is infected as well, your host can possibly provide you with an old version of your files.
- Remove your website from blacklists: search engines like Google and Bing put websites on a blacklist if they’re infected with malware. Sites found on Google’s blacklist either drop in the search results or are removed completely. When you’ve got rid of all the malicious programmes, you should contact the major search engines as soon as possible and ask for your site to be reconsidered. For Google, you can again use the Search Console and for Bing, the Bing Webmaster Tools.
If you’re unsure whether you can fix the damage independently, you should contact an expert. To ensure both your visitors and search engines like Google are satisfied, you first need to have a completely secure site.
Never underestimate the dangers of malicious software
Malicious programmes lurk in many corners of the internet. Malware can potentially affect anyone and cause considerable damage, which is why it’s of the utmost importance to ensure you have adequate prevention measures. Besides using special programmes and keeping the software up to date, you also need to be wise and use the internet and related applications carefully. Take care when surfing, using web applications, downloading files, and opening e-mail attachments. There is no entirely fool proof method of protection and even the most vigilant of users can fall victim to malware. Removing malicious software is well worth the effort: only a malware-free system can offer you the security and performance that you’re entitled to.