Wednesday, April 22, 2009

Major Wave of Computer Viruses

Be aware! Over the past few weeks we have seen a big increase in viruses. We're seeing rootkits that are doing a lot of damage. A rootkit is a collection of programs that enable administrative access to a computer. A rootkit can consist of spyware that monitors keystrokes or web traffic, and it can also create a "backdoor" for altering log files, and altering existing system tools to escape detection.

If you are running a free version of Antivirus protection on your system, be aware that you may not have rootkit protection.

Things to watch for:
  1. Check your antivirus program. Make sure it has rootkit protection. Also make sure that its up to date - some viruses disable Antivirus software and you may not even notice it.
  2. Take care when you take your work laptop home. Are all the systems on your home network up to date with with patches and Antivirus protection? Typically, people take good care of their "work" systems, but you may be risking your system when you put it on your home network.
  3. Watch for a slow system, or things like web site re-directs. These are signs that you may be infected.

Here are a few tools we've found useful for viruses that aren’t removed by the installed AV software:


Root Kit Revealer – Shows you what is starting up (Saves a lot of time of checking the registry, also scans the hard drive).
HiJackThis – More in depth than rootkit revealer (BHOs). I’ve found it missed rootkits most of the time I’ve encountered them.
ComboFix – Good tool to use after running HiJackThis. Also has some built in rootkit removers for common rootkits. I typically use it just for the rootkit removal.

Another helpful thing for badly damaged systems is to remove the hard drive from the system and then run the tools.

I actually had a virus on my own system for the first time ever a few weeks ago, so I know this problem is bad. I am extremely careful with my systems - up to date patches and regular AV system scans, so don't think you're system is safe! The good news is I noticed a problem immediately and was able to remove the malware in "safe mode". Don't panic, take action immediately to solve the problem. If you catch the problem before a re-boot, you may avoid over-writing system files which would cause a lot of damage.