Worse, when the user suspected the Virus because of a specific Pop-Up and then because of how the system was behaving, or rather misbehaving, they did a manual update, which is the right thing to do, and did a full system scan, again the right thing to do, and nothing was found! No Virus. They used the system for a few more days until their system would no longer boot. That was when they called me instead of their usual IT person.
As the machine would not boot, I removed the drive and did a full image of it, making sure we had a full data backup in case of the worst case scenario. Then from another PC I scanned the drive with an updated ESET Nod32 Anti-Virus program. Several Viruses were found, four actually, and removed. I also did a quick ScanDisk to check the drive file structure and all was OK.
I put the drive back into the machine and it booted. Great! I then went on and found further traces of the Viruses and some Malware using other tools.
The first thing I always do when I can launch a Virus infected computer is to check the installed Anti-Virus software. In this case it was the newest Symantec home product, Norton Internet Security 2011 and it was indeed updated. But how could that be? Why would it have not found the Viruses on the system?
I must say at this point that I specialize in Virus issues and I do Virus removal work for other IT companies when they run into problems and cannot remove the Viruses from their client?s computers.
The two Anti-Virus programs that I have seen on 'infected' systems the most in the last year and a half, are Norton Internet Security, the last two versions, and AVG Free. Now, granted, these are both popular products, but here is why I mention all this in a blog.
Usually, if a system boots and I do not have to remove the drive, I usually run MalwareBytes and SuperAntiSpyware as the first pass to remove the Viruses and inevitably, both these free* products find several Viruses and other Malware on the infected systems that Norton and AVG did not find and worse actually allowed onto the systems.
The second thing I usually do is to remove the installed Norton or AVG, and sometimes another AV program and I install Avira Free. This usually then picks up a few remaining Malware Items. Again, why would this free program find Malware when Norton or AVG is installed and running?
The last thing I do depending on if it?s a corporate computer or home computer, it to do a manual inspection of the computer using several tools that look at startup items, running services, used resources, registry entries, boot up sectors and I will usually also do a specific Rootkit scan. I will also often leave the computer on overnight, again running specific software, to monitor system activity and IP traffic while the system should actually be idle.
Removing Viruses can be a time consuming thing on home based PC's and on Laptops. In corporate environments it is usually easier and cheaper re-imaging the systems.
In the next few blog posts I will discuss Viruses and Malware and will mention the top Anti-Virus Programs for both personal use and for corporate use as rated by valid independent reviewers and based on my personal insights.
*MalwareBytes is now free to try for 30 days.
Note & Disclaimer: Any products that I do recommend are highlighted in Green and have direct links to the manufactures sites. ALLWAYS do backups before running any software. Use any recommended software and tools at your own risk.
No comments:
Post a Comment