PCTechBytes Roundtable: Viruses and Malware

virus and malwareThis week’s PCTechBytes Roundtable deals with Malware.

I am joined by PCS, who owns a computer repair shop in Boston and Bucksfanjimj–our forums moderator. Both have a lot of experience dealing with malware.

The purpose of this roundtable was to discuss how people get infected, what types of programs we use on a daily basis to protect our computers, and general philosophy around the topic of malware prevention.

Dave@Bytes: So I think we can start by asking what everybody chooses for their antivirus. Personally, I use Microsoft Security Essentials on pretty much everything. On my Mac I use the commercial solution NOD32 by Eset.

bucksfanjimj: MSE and Malwarebytes mostly. I use to use Spybot Search and Destroy. Not sure why I stopped using it.

PCS: I just use MSE, it’s not very effective as of late but being me I don’t worry about infection. If I was ever to get one which is pretty rare I’d just get rid of it in ten minutes.

Dave@Bytes: So when you get a virus, what steps do you take to get rid of it?

PCS: My removal process changes a couple times a year.

Dave@Bytes: I believe in the philosophy of reformatting and reinstalling after an infection. I know it’s a bit extreme, but I bank and do taxes on my home computer. I feel safer wiping the drive.

PCS: Right now most can be had with TSDD killer, hitmanpro, MBAM, MSE, CCleaner, BoostSpeed. All automated.

bucksfanjimj: There is that. A lot of legit sites are now getting unknowingly infected so that legit users get these “drive by” downloads.

PCS: Drive by is where most of my customers get infected, then I’d say social media, religious sites, and then though email.

Dave@Bytes: I have a clean image I use, and just reinstall in minutes.

bucksfanjimj: It’s going to take a lot more than just staying away from questionable sites and bad habits.

PCS: Well I mean you do have to keep your software updated.

PCS: An image is handy, especially if you have your user folders on another drive–but than you have to think about files on that other drive.

bucksfanjimj: An image is something I should do. I need to do a clean install before I can do that though.

Dave@Bytes: Part of my philosophy is to make regualr backups and make it as quick and easy to reinstall as possible.

PCS: Which most average users don’t really do or don’t do often.

PCS: That’s a good habit.

bucksfanjimj: Guilty.

PCS: Back in the days of Win 95, 98, and ME a reinstall is all I would do.

Dave@Bytes: So of those programs you listed, PCS, which is your go-to application for removing viruses?

PCS: Hitmanpro right now. It’s fast and catch’s almost everything, it can’t always remove everything but it usually finds it.

Dave@Bytes: Is that something an average user would be able to handle? That’s a post-infection application?

PCS: http://www.surfright.nl/en/hitmanpro/

PCS: Yes and yes.

PCS: You have to be able to get into safe mode, so sometimes there is offline work to do first.

PCS: You also need an internet connection so it’s not going to work for every infection. Considering the infections are about stealing things, mostly it usually is just fine.

Dave@Bytes: Right. With that said, I like the idea of using a program like Windows Defender Offline. It scans the drive BEFORE Windows loads.

PCS: Windows Defender Offline is actually really good, but you have to make a boot disc or usb. Each time it’s updated you need a new one.

Dave@Bytes: I don’t promote that enough. I did an article on it a while back.

bucksfanjimj: I have used that myself. It does work. Need to keep it updated before each use. Want to get a flash drive to do that.

Dave@Bytes: Your best bet is to make it from a work computer or a friend’s PC if your home PC gets infected.

bucksfanjimj: Plus you need to have both 32 bit and 64 bit versions handy.

PCS: Most of the time provided it’s not the FBI virus, and the machine has an internet connection it’s a pass or 2 with hitmanpro, one or two with MBAM, one with MSE, TSDD killer and a quick look over in the registry and the tricky spots and I’m done.

Dave@Bytes: …but are you SURE it’s gone?

PCS: Yep.

bucksfanjimj: Has anyone run into the new Crypto Locker virus yet?

Dave@Bytes: I have not, but I have been reading up on it.

PCS: Haven’t seen it myself yet but have seen alot of it on forums.

bucksfanjimj: I haven’t yet either but it sure seems like a nasty little bugger.

Dave@Bytes: For those that don’t know, that virus encrypts your data and holds it for ransom.

Dave@Bytes: This type of virus is classified as Ransomware–similar to the FBI viruses that lock you out of your data.

PCS: You could always do a repair install after removal, and of course you want to do a clean up with CCleaner and boostSpeed to clear your temp files cookies all the little stuff but the scan usually catch files in there anyhow.

bucksfanjimj: From what I’ve read you really do need to pay or lose all of your data. That goes back to what you were saying Dave about keeping good backups.

Dave@Bytes: Yes, the bad guys hold the key for 72 hours and then it gets erased.

PCS: I don’t know that there will ever be a substitute for backups–of personal data anyhow.

bucksfanjimj: Agreed.

Dave@Bytes: The sad fact is, if it isn’t automated and easy, people won’t do it.

PCS: Most virus removal isn’t for the average user. Unfortunately, the average user just isn’t knowledgeable enough to know it’s gone, and just doesn’t know what and where to look.

Dave@Bytes: Services like Carbonite are good. Set it up and forget it.

Dave@Bytes: PCS, so the readers know, what do you think a fair price for professional virus removal is?

PCS: I do $100, some in my area charge $125 some do $75. I do a full tune up and defrag, removal of toolbar and junkware with it.

Dave@Bytes: That’s reasonable. It’s complicated work.

PCS: It can be. Most are automated and a little peeking around depending on what showed up. But there are the ones that you just can’t get with anything automated.

Dave@Bytes: So what do you guys think the number one cause is for people getting a virus?

PCS: Drive by, and then social medai, and then email or religious sites.

Dave@Bytes: Drive by, meaning?

Dave@Bytes: Just visiting a website with malware on it?

PCS: Yes. Drive by is taking advantage of zero day exploits like java and flash. Take MSN.com for example. It loads videos and ads from lots of different sites, many that use flash. All it takes is to have a version of flash that is exploitable and that one of those sites has a zero day exploit on it.

bucksfanjimj: I say lack of knowledge. Not knowing what to look for that could be suspicious and what’s legit.

Dave@Bytes: So having out of date software on their system?

Dave@Bytes: Not running Windows Update? Not updating Adobe and Java?

PCS: Yes updating java and flash is important and could help prevent a drive by attack.

Dave@Bytes: People should remove flash and Java …at least from their browsers.

bucksfanjimj: Keeping Windows updated is important, but most people that I run to have it set to do automatically. If not I will set it for them.

PCS: But a lot of java and flash updates are exploitable.

PCS: So many things use flash and java the average user wouldn’t know when to enable it and disable it.

PCS: IE isn’t so great at stopping infection either. Chrome is much better. Chrome runs in a sandbox so it’s files can’t really be changed not so for IE.

Dave@Bytes: I was going to mention Sandbox software.

Dave@Bytes: Have you guys ever heard of Sandboxie?

PCS: Yes.

Dave@Bytes: What are your thoughts on that?

PCS: For the average user, dunno. for people like us sure.

Dave@Bytes: I like the idea of not allowing a virus to make changes to your install in the first place.

bucksfanjimj: I’m familiar with the idea of sandboxing, but like PCS, not sure the average joe is.

PCS: Sorta like a Virtual Machine. If you could VM all the time all you’d have to do is reboot.

Dave@Bytes: So to wrap up, what golden nuggets of advice do you have for users when it comes to protecting their systems from malware?

PCS: hmmm…. education really.

bucksfanjimj: Update update update. It can be time consuming but not keeping your system updated is just begging for trouble.

PCS: Yes, and update. And the more you know how windows works and how virus’ work the better off you are.

Dave@Bytes: Here’s mine: Don’t click links in emails, don’t open email attachments, keep Windows up to date and always have up to data backups.

Conclusion:

PCS wrote a follow-up article on how to use Hitman Pro. Hopefully, you’ve enjoyed this PCTechBytes roundtable.If you have any comments or suggestions about malware, be sure to add your comments below or feel free to post in our forums.

Also, be sure to join us in live chat, anytime. The chat room is located in our forums sections and is available to all of our members.