Over the last 3 months, I’ve been asked to help several friends and family members recover from viruses. It’s a nightmare. The virus developers are getting more slick and devious every day. The latest slew of viruses are designed to look confusingly similar to the Microsoft System alerts that popup to tell you that you’ve been infected. A popular variant is called “Internet Antivirus Pro”. This is Malware. It’s primary intention is to extort you into purchasing protection from additional viruses and malware. Do not – repeat DO NOT purchase software under these conditions. Don’t click ‘Remove’, Don’t Click OK, Don’t Click anything except the window X to close without taking any action.

If you your computer is infected and you get continuous pop-ups of this nature you have a few options.  First, don’t panic.  If you’re computer is acting funny there’s a chance it may be a hardware or operating system problem and not a virus.  Consider the following options based on your own technical comfort level.

1. Contact a professional. Best-buy has GeekSquad, Circuit city has firedog and there are a number of local professionals that charge a nominal fee to service your personal computer. This is the best route – but can be expensive. Depending on how valuable your data is it may be well worth it.
2. Go it alone. Warning… battling viruses can be extremely frustrating. If you’re not technically inclined or are unfamiliar with some of the following technical terms, you’re probably better off with option one.

Here are some resources to help you. First, you’ll want to visit your computer manufactures web site – if the computer is functional enough to do so. If not, get a usb thumb drive ready and visit the support site with another computer. An alternative is to boot your infected computer into safe mode. Safe mode allows the computer to boot without loading any of the startup-programs and runs with a restricted set of well known, working drivers. To boot into safe mode, turn off the computer, turn it back and and get ready to press the F8 key before you see the windows startup logo… timing is key. You may have to try it several times to get it right.

Once you successfully press the F8 key, you’ll see a list of options. Choose “Safe Mode with Networking”. This mode will enable you to use the internet to download and install some updates and fixes. First, go to your computer manufacturer’s support web site and try to find any critical driver updates. This will vary by manufacturer – but here’s what I did for computers made by Dell.

Visit http://support.dell.com and look for the link for Driver Updates. It should be on the main support.dell.com landing page. Once that page loads, find your Service Tag.

Entering the service tag of your Dell computer or peripheral helps Dell deliver solutions tailored to the products you own. Your Service Tag is a unique five- to seven- digit alphanumeric (letter and number) code, which is found on a white bar-coded label affixed to your Dell computer or peripheral.

Once you enter the service tag, you should see a list of the drivers and updates recommended for your specific model of pc.  Install all of the recommended updates.  It may require several reboots – just remember to keep rebooting and using the F8 key to boot into safe mode.  Then revisit the support site and continue installing the recommended updates.

Here’s a link to some other manufactuer’s support web sites:

• Gateway: http://support.gateway.com/support/default.aspx
• HP: http://support.hp.com
• Lenovo / IBM – http://www-307.ibm.com/pc/support/site.wss/document.do?sitestyle=lenovo&lndocid=MIGR-50574&sitestyle=lenovo
• Acer: http://acer.com/support/index.htm

Now that you’re all up to date from a hardware and driver perspective.  Let’s concentrate on updating the operating system and getting rid of that virus.  Microsoft has created a free tool to help you called Microsoft Windows Defender.  It can be found at the following link.  From the defender web site:

Windows Defender is software that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer. Windows Defender features Real-Time Protection, a monitoring system that recommends actions against spyware when it’s detected, minimizes interruptions, and helps you stay productive.

Make sure that you’re using Microsoft Update and have the latest patches installed.  If you don’t have Microsoft Update configured already, you may be required to install something called the Microsoft Genuine Advantage.  This is a tool created by Microsoft to verify that your version of windows is not counterfit and was not previously installed and registered by another user… that’s right folks – no sharing your Windows XP disks.

Chances are you don’t need to be concerned – but if you’ve borrowed a copy of Windows from someone – or downloaded a copy from some site other than Microsoft, you may run into an issue and not be able to get updates and patches.  Microsoft Update simply won’t work in that case.

To install and begin using Microsoft Update, you should first visit the Microsoft Update web site at http://update.microsoft.com.  There should be an obviously link on the landing page called “Update Now”.  This will walk you through the step by step process to start and continue getting updates.  Again – you need to be in Safe Mode if you’ve been infected.

That’s it for now – I’ll post another article shortly with some additional tips and links to software that will help you get your PC back and keep it safe from viruses and malware.   If you’re having an emergency and are concerned about the safety of your data – many viruses and malware attach themselves to your PC and wait for you to visit banking or financial sites in an attempt to capture your credentials… contact me – or contact one of the professionals listed above.

Here’s a list of the most popular viruses at the time this article was written:

Email-Worm.Win32.Zafi.b

This worm spreads via the Internet as an attachment to infected messages, and also via local and file-sharing networks.
It is written in Assembler, and packed using FSG. It is 12800 bytes in packed form, and 33292 in unpacked form.

Net-Worm.Win32.Kido.bt

This worm spreads via local networks and removable storage media. It is a PE DLL file. The components of the worm are between 155KB and 165KB in size. It is packed using UPX.

Trojan-Downloader.JS.Small.fi

This Trojan downloads other files via the Internet and launches them for execution on the victim machine.  The program is an HTML page which contains Java Script scenarios.  It is 1432 bytes in size.

Email-Worm.Win32.Brontok.q

This worm spreads via the Internet as an attachment to infected messages. It sends itself to email addresses harvested from the victim machine.

Trojan.Win32.Agent.abt

This Trojan has a malicious payload.  It is a Windows PE EXE file.  It is 22016 bytes in size.

Trojan-Spy.HTML.Fraud.gen

This family of Trojans utilises spoofing technology. The Trojans themselves are contained in fake HTML pages. Messages, purportedly from banks, financial institutions, internet stores, software companies etc. are sent to users. These messages contain a link to the fake page

Virus.Win32.Parite.b

This parasitic memory resident virus is functionally identical to Win32.Parite.a. It differs from Parite.a only in the key that it creates in the system registry

Popularity: 7%