Is your system really clean just because your antivirus program says so?

AVG Antivirus

As a long time user of your Windows computer you know what normal behavior looks like.  You already have a sense for the general feeling of the machine when it’s working well.

But now something has definitely gone awry.

Perhaps your PC doesn’t feel as nimble as it once did.  Or maybe it’s not executing your commands with the same spirit it did the day you first purchased it.

Sure, there are lots of things you can do to improve the performance of your browser and the operating system and even your network connection; however, all your efforts will be futile if you fail to address the root cause.

Intro

In this article I’m going to show you how to tell with confidence whether your machine, or a friends machine, is really beleaguered by malware or not.

By the end of this guide you’ll know:

  • The signs of a malware infection
  • How to get rid of an infection
  • Smart tips to avoid future infections

You’re a busy person and time is precious so I’m just going to get right to the meat and potatoes here…

My point…

Here’s the bottom line:

Once you know for sure that your computer is infected, don’t even bother trying to clean it with an antivirus program, instead the quickest and most effective solution to cure an ailing PC is to completely reformat the computer.

That’s my thesis and it isn’t very exciting but allow me to support my assertion:

My rationale

No program, not Malwarebytes, not AVG, not Kaspersky, not Combofix, not TDSS killer, not GMER, not SuperAntiSpyware, not Spybot Search and Destroy not Avira, Avast, Symantec or even McAfee can expunge your system from malware.

By “expunge” I mean absolutely eradicate all vestiges of Malware.

Even if you run a full scan and the security program indicates that the system is clean in bright bold green that only means that the program didn’t detect the threat.  

A no threats found message doesn’t mean that clandestine malware isn’t still lurking on your system somewhere.

An undetected threat isn’t the same thing as a nonexistant threat.

The virus could rest in a inert state until a specific date or action is accomplished or maybe it’s not so nefarious because it just changes a few links in your browser; however, the reality is that millions of people have personally identifiable information like social security numbers, credit cards and passwords that are susceptible to being compromised by pernicious Hackers motivated by pride and profit.

The dichotomy is that Antivirus can protect your system but also unwittingly provide an artificial sense of safety.

Think about it: you update your virus signatures, run a full scan and check the log and say to yourself: “All is good, I’m protected, my antivirus software did all the dirty work for me”

But have you ever wondered why your system is still acting weird even after running comprehensive scans?

I’m not saying that anti-malware tools don’t have merit all I’m espousing is that you shouldn’t rely on them to heal your system from all threats.

Even if you use a few anti-malware products in tandem, all it takes is one bit of cloaked malware to cause bedlam on your machine (and your life).

Trends of terror

There are two concurrent trends I see in the security landscape today:

Malware is becoming both more sophisticated (see Crypolocker which encrypts your hard drive then threatens to destroy the secret key unless you pay an exorbitant sum of money in bitcoins) and malware is becoming more insidious.  

Gone are the days of the benign, prank, viruses that added an Ad to your toolbar or installed a silly pop-up.  Today, in 2013, people are motivated by money and are looking for something they can steal and sell.

Just think about the enormities that the five men in Europe committed.  This past summer the FBI discovered they stole more than 160 million credit cards over a period of seven years!

I mean, that’s a prodigious number.  How do we know for sure that our credit cards weren’t included in that bounty?

My point is that there is too much at stake on your computer to trust threat removal to a collection of antivirus programs (even though that have top ratings, raving reviews, and intelligent developers backing them).

A motivated attacker can potentially ruin your life with the private information residing on your computer.  All the years of hard work building a top credit score can vanish or you could have your identity stolen because the hacker found your social security number stored in an unencrypted Excel sheet sitting in My Documents.

How to beat the bad guys

I’m not trying to scare you as much as I want to bring you face-to-face with reality.

Also I want you realize something: what makes you think that running a virus scan on an infected machine is the best idea?  If the system is already compromised then the anti-malware software could be compromised too.

In order to beat the bad guys we need to be smart.  We need to think of a better approach because all it takes is one virulent file to weaken your system and provide entry to digital thieves.

First let me show you how to ascertain whether you’re infected…

I’m infected right?

Here are five questions to ask starting with the most obvious:

  1. Do you have arbitrary advertisements popping up on your computer?
  2. Has your homepage been hijacked? Check your hosts file.
  3. Do you see random virus warnings showing up from antivirus programs that you never installed?
  4. Does your computer take longer to start up?
  5. Is your CPU revving high even when your machine is idle? Check the task manager.

So what do I do now?

If you answered yes or maybe to any of those questions then we need to scan your computer for Malware.

There isn’t a single program that will disinfect all viruses; therefore, you should marshal an entourage of virus killers and launch a coup against your system from all angles.

Make sure your Antivirus signatures are current then disconnect yourself the internet to preclude the possibility of new infections.

Incidentally, it might seem ironic that I’m asking you to scan your system considering I just finished a long diatribe about why formatting your computer and starting fresh is best.

But I see no contradiction here.

Our goal is NOT to clean the computer with scanners but just to detect them because we realize that viruses are so sophisticated that no program can categorically remove them all.  Remember all it takes is one virus, or part of a virus, foment a riot.

We’re only using Malwarebytes, AVG and other scanning tools to confirm our suspicions that something is wrong.

Now remember, we don’t want to scan from within the potentially infected OS because we can’t trust the integrity of any pre-installed virus scanners; after all, they could be compromised too.

This is why I suggest using a Live CD.

Get a Live CD

Also known as a Rescue disk, a Live CD is a CD that boots your computer before the operating system loads.

All Live CD come with specialized operating systems that let you scan your hard drives for virus junk.  Assuming the Live CD itself is free from any viruses, it almost guarantees that you’re scanning the hard drive from within a safe environment.

KM, from techmixer.com, has a list of Live CD images from some of the biggest names in the industry.  You’ll find ISO images for Kaspersky, Avira, AVG and others.

Just burn the ISO to a CD and reboot to use.

Once you scan your system, you’ll probably see a few anomalies.

If so, you know for sure you’re infected and you should immediately do three things:

  1. Make sure your computer is disconnected from the internet.
  2. Check your bank and credit accounts for aberrant activity.  In fact, I would even call them and tell them you were recently infected with a virus and are concerned about unauthorized purchases or having your identity stolen.  Most of the time they’ll work with you protect your information.  In addition, I recommend following these identity reparation suggestions from the US Federal Trade Commission.
  3. Find the original CD for your OS or download the Windows 7 or Windows 8 ISOs from a clean PC.  Or better yet, copy the OS image to a USB stick and boot to it that way.  In either case, you’ll need to start from scratch.

Beware of backing up

You might feel inclined to backup all your data first; however, that’s not a good idea.

How do you know which files are infected?  In other words, if your operating system was compromised the files on your operating system are probably compromised too so backing up your files could also store another copy of the viruses.

This sucks

This sucks I know.

It really sucks because some jackass tricked you into downloading something that you thought was harmless.  Sometimes attachments will come from your Facebook friends or family members in your contact list; however, don’t trust it!

Just because you trust the sender doesn’t mean you need to trust the attachment!

How do you know your friend’s computer doesn’t have a virus that sends itself to everyone he or she ever emailed?

That’s the thing, and here’s the other thing…

Say no to Pirates maytee.

This is obvious but don’t download pirated software from torrent sites.

There’s a practice called torrent poisoning where the software cracker smuggles a Trojan that steals your information and then the cracker sells it to a third party. The cracker gets a cut of the profits and therefore has an incentive to adulterate your files.  Don’t fall for it.

You can read about the illicit practice on Wikipedia, but the bottom line is that you should stay clear from pirated software.  I know it’s tempting to download (no, let’s call it what it is: steal) free copies expensive software; however, you really put your system at risk when you do this.

Be smart and say no to the Pirates.

Be wary of social engineering

Here’s my definition: Social engineering is when a duplicitous person artfully gets you to do something that will completely goober your computer.

Yes, it’s the greatest act of guile known to computer users but it happens a lot.  We need to be vigilant of the many machinations that unscrupulous hackers use to hose your system.

Snapshot your clean box

After you format your computer, install all your programs and get your life together (which honestly will probably take a full business week), it’s absolutely imperative that you create a snapshot of your computer.

That way, if you get infected again all you need to do is restore the partition image.  No formatting will be necessary.

Paragon Hard Disk Manager Suite ($50) is a great buy because it does all this for you.  I highly suggest you look into this because it will keep you from losing your mind or feeling suicidal the next time your computer gets infected.

The Bottom Line

Malware is the cancer of the internet.

Malware is an abomination.

The very term, malware, perturbs me because it can actually ruin your life. It’s not a joke.  There are neophyte losers in the world who use your ignorance as fodder for their next attack.

Don’t let it happen to you.

Now you know how to protect yourself and your friends from threats and what to do if your happen to be a hapless victim of malware.

Summary

In summary, we learned that given the convoluted nature of malware, cleaning your computer with antivirus software isn’t adequate and only a full hard drive format will suffice.

We learned how to detect if your system is infected, how to create a Live CD, and postmortem steps to prevent a future attack.

To be honest with you, the best line of defense against viruses is…

YOU.

You’re the best defense.  Stay educated on the latest trends and never ever download an attachment from anyone, including people you trust, without verifying that they meant to send it to you.  I would text, call, or walk over and ask if they intended to send you the attachment before you open it.

This might feel like paranoia; however, I think it is better called prudence. Being judicious about what you download will save you hours and sometimes weeks worth of pain.

Did you benefit from anything in my article?  Please share your experience in the comments below!  It actually keeps me motivated as I write and I welcome negative commentary.

About

Connect with Vonnie on Twitter

Posted in How To, Security, Windows 7, Windows 8, Windows 8.1, Windows Vista Tagged with:
  • Format. Period. I agree 100%

  • Short Little Rebel

    Thank you. I truly appreciate your article and the time it took to write it. Being a blogger myself, I understand how you need feedback to support your will to write. I say, ‘kudos’ to your public service. I believe I have the worst of the worst of malware. Last year in September, I got slamdunked by some sysWOW64 virus which seemed coupled with some advertising virus. Malwarebytes detected it but couldn’t get rid of it. Nothing could get rid of it. I wrote into all kinds of forums and found that lots of people were losing their minds over it. Then, suddenly, the ‘symptoms’ stopped. Every time Malwarebytes ran a scan since then, it reports that there are ZERO threats. Zero threats since 9/2014. Impossible. I have never had a month with zero threats. There is always something. Even if it is small. But nope. Nothing. And I have had all kinds of problems. Extremely slow start ups, whole folders of data that appear to have disappeared, then reappear, email that jumps all over the place, processes that take forever but don’t show up in my Task Manager, Task Manager that won’t pop up with Ctl-Alt-Dlt, complete lockup when trying to access Task Manager to kill a window that is going haywire, etc. And yet, every scan says, ‘zero threats.’ Impossible. I know that I have a nasty virus that has disabled Malwarebytes. I have called Malwarebytes who gave me a useless tech who walked me through a process- didn’t work. I decided to buy a new antivirus- rated the very best by PC Magazine: Webroot Secure Anywhere 2015. Again, same results- my computer has zero threats for the last four scans- all while the same kinds of misbehavior are going on. I feel that my computer has been hacked for use by the most nefarious kinds of crime. These are clever hackers who want me to believe nothing is wrong. I can’t help that they want my computer to appear to be functioning on some level so that I don’t properly investigate it. Your method is the last step before I completely wipe the whole thing and reload all the software from disks. My problem? I don’t know if my data (ie, photos) have been infected. Thanks for your advice. I will definitely try it. Susan

  • Lady_Hiroko

    I respectfully disagree as there is really no bases upon this “thesis” or “theory”. Your free antivirus is just a scanner. You have to fork over money to get the actual protection. No I’m not saying it’s fool proof but it’s better than what this guy is telling you. Don’t format unless it’s an absolute all-else-failed solution. Because even formating doesn’t always fix things and can make things even worse especially if doing such a thing isn’t your forte. So if you are going to format it, I suggest you take it to a specialist like the Geek Squad. Instead of scaring people, I suggest you give them actual real information like teaching people ways to spot a fake links and fake websites.

    Guys, my bottom line. Don’t let this guy freak you out. He’s just a guy who’s working on a college paper. Why you should listen to me? Because I fix this type of stuff for a living and had the real training. Not some info scoured from other websites.

  • Karl Titan Fielding

    Thank you I was a victim of such attacks and will have to format my pc now. Thanks again