[X]Assistant

[KOT-BE3DEXOD]

FAQ on PC antivirus protection

FAQ | Antivirus пїЅ | Problems with BB пїЅ | Viruses carried on flash drives. How to fight? пїЅ

Post has been editedGloomy - 03.07.11, 16:02

[KOT-BE3DEXOD]

• What is an antivirus program?
  
• Target anti-virus software platforms
  
• Classification of antivirus products
  
• Antivirus databases
  
• What you need to know about modern computer threats?
  
• Fake anti-viruses
  
• Ways to penetrate the computer.
  
• Why would attackers have information about users and access to their computer?
  
• General recommendations for protection.
  
• Lock the computer.
  
• Abduction of accounts.
  
• Phishing
  
• Keyloggers.
  
• Social engineering.
  
• Little known attacks.
  
• In which case should I put an antivirus on my computer?
  
• How to choose antivirus?
  
• What to consider when choosing an antivirus program?
  
• How to choose a free antivirus?
  
• What is it - heuristic analysis?
  
• The main signs of computer infection
  
• Priority actions when a computer is infected with a virus.
  
• Useful utilities and services to combat viruses
  
• 5 basic steps of virus removal
  
• How to reduce the likelihood of viruses in the system?
  

Post has been editedGloomy - 14.07.11, 09:54

[KOT-BE3DEXOD]

What you need to know about modern computer threats?

Modern viruses are not as scary as their predecessors. Improved
protection mechanisms of operating systems often do not allow them to create the same chaos as before (for example, formatting the hard drive). Viruses and fraud attacks are now mainly aimed at obtaining financial benefits or managing the user's computer, but not at destroying data. At the same time, to perform the above tasks, a virus is not always required, and quite often a well-formed letter or SMS is sufficient for the recipient to send credit card information or other confidential information to attackers. The signature database of most antiviruses contains several million entries about various viruses, but no more than 10 different types of attacks are a serious threat.

Post has been editedGloomy - 05.07.11, 16:08

[KOT-BE3DEXOD]

Ways to penetrate a computer

First, we will dwell on the mechanism of the attack. When it comes to phishing or social engineering, then the messages usually come on the chat in social networks, e-mail or on forums. In some cases, attackers may post them with a link to their resource directly in the comments of other sites. If the moderators in time did not have time to remove them, then some users will click on the link and fall for the scam.
When hackers try to install a virus on someone’s computer, in most cases they need the user to launch the program personally. To convince the owner of the PC to do this, the virus is usually given out as some kind of useful software. For example, a critical update for Windows, antivirus, a codec needed to view videos on a site, etc. Viruses also spread in cracks and key generators, but the danger of these files is somewhat exaggerated. Triggering antivirus protection upon their launch does not always mean that they are really infected, since antiviruses can react to their main purpose in this way — changing the code of other programs in order to hack them. On the other hand, with this behavior of antiviruses, the user can never be completely sure that such utilities are harmless, because he cannot distinguish a false positive from the actual detection of a virus in a crack.
The most common virus for a long time is Conficker and its modifications, which occupy several places in the TOP 10 threats, including the first one. They are distributed using the Autorun function, which launches the executable file that is written in the Autorun.inf file when an external drive is connected to the computer. Conficker copies itself to the system, and then to other flash drives and hard drives connected to the PC. Most often, the virus itself is used to organize botnet networks. Probably due to its epidemic, Microsoft recently disabled the Autorun feature in Windows XP / Vista using an update released in early February of this year. In Windows 7, autorun is inactive by default.

[KOT-BE3DEXOD]

Why would cybercriminals have information about users and access to their computer?

The main goals are only two. They are achieved in different ways, but fraudsters are interested in either receiving money from (amounts can vary widely) or using a computer or its owner’s accounts to send spam.
Control over someone else's PC allows you to create a botnet network, which sometimes include hundreds of thousands of computers. Such virtual armies are formed to send spam or DDOS attacks on sites. Users often do not even suspect that their PC is controlled by someone else.

[KOT-BE3DEXOD]

General protection recommendations

• Be sure to install an antivirus (freeAvg, avast!, Avira, ComodoorMicrosoft Security Essentialswill be quite enough). If desired, add protection with a firewall.
  
• Update your browser to the latest version.
  
• Do not run unfamiliar programs without antivirus or with protection turned off.
  
• Do not agree to install the accompanying software offered by the site, if you are not 100% sure of its necessity.
  
• Check the name of the resource before entering data on it.
  
• To pay online, it is better to issue an additional card and transfer money to it from the main one before the purchase.
  

Post has been editedGloomy - 03.07.11, 15:08

[KOT-BE3DEXOD]

Computer lock

A very common and at the same time rather unpleasant is an attack, in which attackers block a computer, demanding to send an SMS to get an unlock code. And the owner of the PC is not always told how much money will be withdrawn from the account. As we found out, at least in some cases we are talking about ~ $ 30.
Such viruses most often end up on PCs of inexperienced users who install programs on it (for example, video codecs) offered when visiting scam sites.

How to fight
Depending on the degree of blocking of the computer, it is worth trying several different scenarios.
If you have access to the Internet, we recommend using the servicesDr.WebandKasperskyto get unlock codes. In their databases, you can find out which virus has penetrated the computer, by mobile number or screenshot of the program.
If the virus has not yet been added to the database, the codes should be searched on the Internet independently by phone number or message. The main thing in this case - do not get to another scam of the bait and not pick up another virus, issued as a utility to combat blockers.
If you manage to launch Task Manager, you need to find a virus in the process list and terminate it. The program most likely has some typical name, for example plugin.exe, which attackers choose to disguise their application under the system process. After that, you need to remove it from startup. To do this, you can use the standard utility msconfig.exe (to start it, click the "Start" button and type msconfig in the search field). The Startup tab lists programs launched from the Startup folder, as well as through registry keys. You should uncheck the box next to the virus so that it no longer loads when you turn on the PC. After this, it is advisable to check the computer with an antivirus to completely remove the malware from the system and make sure that no other copies of it remain on the PC.
When the Task Manager is not available, you need to restart the computer to safe mode (to do this, press the F8 key a few seconds before the Windows logo appears on the black screen), and then repeat the same procedure with msconfig and antivirus. To download the latter, you will need an active Internet connection, so you need to select Safe Mode with Networking.
If for some reason the safe mode cannot be used, boot the PC using antivirus live-CD. In this case, you need another working computer where you can burn a disc. Some antiviruses are recorded on a USB flash drive, so a netbook and a laptop without an optical drive are suitable as a replacement PC.
Unfortunately, if all of these actions did not help or are not available, you will have to reinstall the OS. It is important to perform a clean installation of the system, rather than updating it - if you do it over the old copy, then the virus will not go anywhere.
How to deal with Trojan.Winlock

Post has been editedGloomy - 02.09.12, 23:15

[KOT-BE3DEXOD]

Account abduction

The next common nuisance for users is account stealing. In most cases, they are not even blocked, and a person can work on the site without noticing any changes, but at the same time other people will receive advertising messages on his behalf. Such a threat is especially relevant for social networks, although the virus can also send spam in instant messaging services (ICQ, Skype, etc.).
Fraudsters have the benefit from the use of someone else's computer, so in this case do not require monetary compensation from its owner.

How to fight
If you are informed that spam is being sent on your behalf, you should check your computer with antivirus with fresh databases, and then change the password to your account.

[KOT-BE3DEXOD]

Phishing

Larger catch swindlers often try to get, using the technique of phishing. In many cases, the user is required to follow the link to the fake website and enter their credentials there, which are then used to send spam. However, sometimes the user is trying to steal not his account, but credit card information.
As a rule, a letter arrives to the mailbox with a message about the hacking of the site protection system. To secure your account, you supposedly need to change your password, for which you are invited to click on the link to a dummy resource, which apparently is a complete copy of the original. A domain name usually differs by just one letter, and this is not immediately apparent (for example, facedook.com instead of facebook.com). The user registers and receives a message about a successful password change, and sometimes an inscription that the service is undergoing technical work and should be retried later. In fact, the credentials have already been sent to the computer hackers. In those cases when the user is required to enter information about his credit card, respectively, fraudsters get its number and cvv2 code.
Sometimes accounts are also stolen from popular online games for selling a hero or inventory contents.

How to fight
First of all, it is necessary to check the domain name of the site to which it is proposed to go in the letter. It is important to pay attention to the second level domain (what is located to the left of .com). For example, the address checkpass.visa.com is directly related to the Visa site, while the address visa.checkpass.com already has a second-level domain name checkpass, and this resource belongs to completely different people.
In some cases, the email address of the sender will help you quickly. If the letter was allegedly sent on behalf of one company, and the specified address does not correspond to this at all (for example, a message from Facebook comes from the @ yahoo.com mailbox), then the message can be safely ignored.
You should also look not at the link in the text of the letter (anything can be written there), but at where it really leads. This information is displayed in the status bar of the browser when you hover over a link. If the message uses abbreviated links, then this is an additional signal that they want to hide the real address.
This type of threat has recently become increasingly rare, since it is necessary to use email or social networks to distribute letters, and spam filters in these services do a good job with such correspondence. For example, in addition to automatically placing such messages in spam, Gmail also adds a red text to the body of a letter warning that it is likely to be phishing or spam. In addition, all links are blocked in the text.
Referring to the links to frequently visited sites, also pay attention to requests for authorization. If you are sure that you have recently entered your username and password here, and they demand that you do it again, check the address in the browser line. There is a possibility that you entered a fake resource via the wrong link. So, a common phishing attack is a message like "Is that you on the photo?" with reference to a dummy site (for example, vkontavkte.ru). Having opened an incorrect link to an album with photos, the user is taken to a copy of the site, where his name and password will be stolen after an authorization attempt.

[KOT-BE3DEXOD]

Keyloggers

To obtain information about your credit card, attackers can use keyloggers to read keystrokes and send this information to fraudsters. Without antivirus, keyloggers are almost impossible to detect, since they do not manifest themselves in any way.

How to fight
In order not to catch such a virus, it is advisable not to install programs offered by unknown sites. It is also recommended to have an antivirus and, if possible, a firewall. Here, the firewall will be able to help out even if the antivirus is not installed, since the keylogger needs to send the collected data to the remote computer. At this point, the firewall and block it, and you can determine the presence of a virus.
To avoid intercepting keystrokes, you often use a virtual numeric keypad when entering credit card information, in which
numbers are placed in other places each time. If possible, you should always use it instead of the physical.
By reading keystrokes, viruses can also steal accounts. LastPass will help prevent such incidents (recently, this add-on is available for all popular browsers). It can automatically insert the user name and password on the site, as well as fill out forms and even enter credit card information. Since the physical keyboard is not activated, keyloggers will not be able to recognize keystrokes. LastPass can generate complex passwords and store them in its database, so you don’t have to memorize them. Finally, LastPass can not be fooled by a fake address, and the plugin will never enter the user information on the fake website.

Post has been editedGloomy - 03.07.11, 15:23

[KOT-BE3DEXOD]

Social engineering

A special type of attacks that do not require the use of technical means. Simply put, instead of searching for vulnerabilities and writing viruses, attackers, using letters or conversations, are pushing users to take a certain action that disables computer protection or in any other way opens access to the necessary information.

In the arsenal of detractors are the following tricks:

• using social engineering, fraudsters are asked to transfer money to a certain account. For this, the SMS is composed in such a way that it would seem as if it was sent by a relative. In some cases, the attackers also push the victim to make a call to a mobile number, and then try to prolong the time, because a special fee is charged for the conversation at a higher rate;
  
• the program "SMS-spy" is proposed, which is supposedly able to determine a person’s location by his mobile phone number. To use the service, subscribers are naturally advised to register via SMS. After that, the user receives a link to the site with publicly available information about the ownership of a particular code by a particular telecom operator or to interactive map services (Google maps or Yandex.Maps). Formally, such actions are not even a crime, because somewhere on the site there is information about what services will be provided to the user;
  
• for a small fee, a program is offered that supposedly can read SMS on any phone after entering the number you need;
  
• an SMS arrives with a description of a little-known way to replenish an account without financial expenses, for which you need to send a message to a number.
  

[KOT-BE3DEXOD]

Lesser known attacks

In addition to common types of attacks, there are also little-known ones, which you should also know about, because the lack of user readiness is the key to the success of hackers.

• Smishing (SMS Phishing)- Mobile version of phishing. A message with a link to a fake website comes by SMS. By running the resource in a mobile browser, the user opens the path to the device for the virus.
  
• Bluebugging- A special technique for accessing the phone via Bluetooth. At the same time, its owner does not receive any notice that a wireless connection has been established with his device. An attacker can watch received calls, address book, read messages, make and send SMS, as well as delete data.
  If the user somehow guessed that he was the victim of bluebugging, then getting rid of the fraudster is quite simple: just turn off the phone, turn off Bluetooth or go to another place (the Bluetooth radius is only 10 meters).
  
• Sidejacking- access to accounts by session ID. Most often, a special link with a large number of characters is used as the ID, which allows you to open the site without authorization. In some cases, a long set of characters in cookies is also used instead. If the attacker has learned the session ID, he will be able to access the user's sites without authorization and, for example, read his email.
  

As you can see, the two threats listed above apply on phones. Mobile viruses should really reveal all their capabilities in the near future. For example, McAfee warns in a recent report that their number has increased by almost 50% over the past year. At the end of 2010, the lowest level of spam was recorded in the last 3 years (80% of the total number of emails). It seems that this is due to the fact that attackers are beginning to switch to mobile platforms.

[KOT-BE3DEXOD]

How to choose antivirus?

Any computer connected to the Internet is at risk of being infected with malware. Manifestations of infection with a malicious program - a virus can be different - from small failures in work to the complete failure of the device and further loss of all data.
The anti-virus program should occupy one of the leading positions in authoritative international ratings and be optimally suited for a particular PC. To date, there are a huge number of anti-virus programs, paid and free. The most popular antiviruses in the post-Soviet space are: Kaspersky Anti-Virus, ESET NOD32 and Dr.Web. , Norton Antivirus, Avast, McAfee, Panda. What is the choice? How to choose the best solution for a particular computer?
This topic is discussed in numerous forums, but users often give conflicting advice, an antivirus program that is reliable in the opinion of one person is the most unreliable in the opinion of another. From which it can be concluded that it is difficult to find objective information on the forum.
Today, there are companies that test antiviruses and, based on the results, compile antivirus ratings, but the results of these ratings are often very different from each other. This can be explained by the use of various techniques when comparing antiviruses.
You can trust the ratings of independent international experts, but you have to spend time comparing them. But if the quality of protection is difficult to assess, then the slowdown of the operating system and the installed software is noticeable immediately, and anti-virus software ratings are compiled, the data of which do not contradict each other.
So, having studied the ratings of antiviruses, you need to compare the necessary system requirements for the optimal operation of the selected antiviruses with the available technical resources. If you install a powerful anti-virus program on a “weak” machine, there will be little effect from it. The computer will hang, and the antivirus will not be able to perform its functions in full due to a lack of RAM or a low-frequency processor.

Post has been editedGloomy - 03.07.11, 15:51

[KOT-BE3DEXOD]

What to consider when choosing an antivirus program?

Basic requirements for antivirus software:

• manufacturer (whether it is a reputable global brand in its field);
  
• the composition of the software package (a good antivirus, at least, includes:
  one). anti-virus monitor that constantly “monitors” RAM and all files, folders and disks that the user is accessing;
  module that monitors the integrity of the program code of the antivirus;
  2). on-demand anti-virus scanner;
  3). regularly updated set of anti-virus databases;
  four). anti-virus database update module;
  five). a module for creating emergency boot disks, which allows, if necessary, to check the system in the so-called "clean" environment;
  6). a firewall (also called a firewall, or firewall);
  
• work efficiency (the antivirus should provide the highest possible protection and at the same time not “slow down” the system);
  
• regular updates of anti-virus databases;
  
• the number of viruses and other malicious software that can identify and block antivirus;
  
• regular program updates;
  
• the ability to block unknown threats (genetic heuristic verification of suspicious program code and analysis of program behavior);
  
• accessible interface and easy setup;
  
• availability of a localized version of the program (for Russia - Russified);
  
• product price.
  

Post has been editedGloomy - 19.10.11, 21:31

Reason for editing: editing text

[KOT-BE3DEXOD]

What is an antivirus program?

Anti-virus program (antivirus) - any program for detecting computer viruses, as well as unwanted (considered malicious) programs in general and repairing infected (modified) files by such programs, as well as for preventing - preventing infection (modification) of files or the operating system with malicious code.

[KOT-BE3DEXOD]

Target anti-virus software platforms

Currently, anti-virus software is developed mainly for the Windows-based OS from Microsoft, which is caused by a large number of malware specifically for this platform (and this is caused by the popularity of this OS, as well as a large number of development tools, including free and even "instructions for writing viruses"). However, products for other desktop platforms, such as Linux and Mac OS X, are now coming to the market, this is caused by the beginning of the spread of malicious programs and for these platforms, although usually Unix-like systems have always been known for their reliability.
In addition to operating systems for desktops and laptops, there are also platforms for mobile devices, such as Windows Mobile, Symbian, iOS, BlackBerry, Android, and others. Users of devices on OS data are also at risk of being infected with malware, therefore some anti-virus software developers release products and for such devices.

[KOT-BE3DEXOD]

Classification of antivirus products

Antivirus products can be classified according to several criteria at once, such as: the antivirus protection technologies used, product functionality, target platforms.
According to the anti-virus protection technologies used:

• Classic antivirus products (products that use only signature-based detection)
  
• Products of proactive anti-virus protection (products using only proactive anti-virus protection technologies);
  
• Combined products (products that use both classic, signature-based protection and proactive)
  

By product functionality:

• Antivirus products (products that provide only antivirus protection)
  
• Combined products (products that provide not only anti-malware protection, but also spam filtering, encryption and data backup and other functions)
  

By target platforms:

• Antivirus products for OS Windows family
  
• Antivirus products for OS family * UNIX (this family includes OS BSD, Linux, Mac OS X, etc.)
  
• Antivirus products for mobile platforms (Windows Mobile, Symbian, iOS, BlackBerry, Android, etc.)
  

Antivirus products for corporate users can also be classified by protection:

• Antivirus products to protect workstations
  
• Antivirus products to protect file and terminal servers
  
• Antivirus products to protect email and Internet gateways
  
• Anti-virus products to protect virtualization servers
  

Post has been editedGloomy - 19.10.11, 21:36

[KOT-BE3DEXOD]

Fake anti-viruses

In 2009, the active distribution of pseudo-antivirus programs began - software that is not antivirus software (that is, does not have any real functionality to counteract malware), but impersonates itself. In essence, pseudo-antivirus programs can be both programs for deceiving users and making a profit in the form of payments for “treating the system from viruses”, as well as common malicious software.

[KOT-BE3DEXOD]

Antivirus databases

To use antiviruses, constant updates of the so-called anti-virus databases are necessary. They are information about viruses - how to find and neutralize them. Since viruses are written frequently, continuous monitoring of virus activity on the network is necessary. For this there are special networks that collect relevant information. After collecting this information, an analysis of the virus's harmfulness is performed, its code, behavior is analyzed, and then methods for dealing with it are established. Most often, viruses are run with the operating system, and entries appear in the system registry. In this case, you can simply remove the virus startup strings from the registry, and this can usually end the process in a simple case. More complex viruses use the ability to infect files. For example, there are cases where some, even antivirus programs, when infected, themselves became the cause of infection of other clean programs and files. Therefore, more modern antiviruses have the ability to protect their files from being modified, and check them for integrity using a special algorithm. Thus, viruses became more complicated, as well as ways of dealing with them became more complicated. Now you can see on the Internet viruses that do not occupy tens of kilobytes, but hundreds, and sometimes can be as large as a couple of megabytes. Typically, such viruses are written in higher-level programming languages, so they are easier to stop. But there is still a threat from viruses written in low-level machine codes like assembler. Complex viruses infect the operating system, after which it becomes vulnerable and inoperative. Pirated software is particularly dangerous because it implies the presence of malicious code (including damage to intellectual property). Thus, using a pirated antivirus, a person runs the risk of losing the earned money and putting the business at risk. Therefore, it is very important to have a licensed (possible and free) antivirus.

[KOT-BE3DEXOD]

The main signs of computer infection

• output to the monitor of a computer messages or images that are not provided by the actions of the user or the actions of the programs at the moment;
  
• giving of any sound signals;
  
• random launch of programs;
  
• the message of the firewall, if any, about unauthorized access of unknown programs to resources on the network;
  
• friends or acquaintances tell you about receiving letters from you that you did not send;
  
• friends or acquaintances complain that you send them letters with viruses;
  
• many letters come to your mailbox without a return address or a header;
  
• Messages are sent to your mailbox with a report on the non-delivery of the letter to the addressee, since such an address does not exist or the box is full;
  
• the computer often freezes, there are constant failures in the work of programs;
  
• the computer is slow when running some programs;
  
• the computer freezes for a few seconds, then work continues as usual;
  
• the operating system boots for a long time or does not load at all;
  
• files or directories disappear;
  
• distorted information in some files or directories;
  
• files or directories with strange names appear unexpectedly;
  
• the computer often accesses the hard disk, although not what programs have been started and are not functioning at the moment;
  
• Internet browser behaves in a strange way, often freezes, the start page changes on its own, unauthorized pages open spontaneously, offers to download a file from the Internet;
  

These symptoms in most cases indicate infection of your computer with a virus. In this case, you should not panic and act rationally and calmly.

Post has been editedGloomy - 19.10.11, 21:36

[KOT-BE3DEXOD]

Priority actions when a computer is infected with a virus.

First, disconnect the computer from the local or global network, if available.
If the computer starts, try to save important information to removable media, CD, DVD. Do not copy programs and executable files, they may be infected. Boot into safe mode (this will suspend viruses, which are most often activated via autoload, but it is not processed in safe mode) and run a full scan of the contents of all hard drives and remove / disinfect any detected infection.
If the computer does not start, do not try to download it again and again, each download attempt gives the virus time for its malicious activity.
Ideally, it is better to connect the hard drive from the infected computer to another computer and pull out all the necessary information from it. Only in no case, you should not run any programs from an infected hard drive or copy them to a healthy storage medium. If the computer does not boot, it can help.<passive scanning>hard drive, i.e. Scan your hard drive for viruses on another computer. To do this, you will need to remove the hard drive from the affected computer and connect it to the work computer with preinstalled anti-virus protection. Then scan the infected hard drive. Even if the anti-virus protection assures that the virus is completely removed and your computer is clean, this does not mean that the virus has been completely destroyed. Antiviruses do not see all viruses and can not correctly remove all. Antivirus does not guarantee for one hundred percent that your computer is protected from viruses and malware. Some viruses can permanently damage the system files of the operating system, after which the operating system will not work correctly or will not work at all. In this embodiment, you may need to completely reinstall the system. As you can see, the consequences of the virus are unpredictable and there is no panacea for this infection, so it’s better to prevent the disease than to cure it. Proper computer user behavior can prevent almost 100% infection of the operating system, save important data, money and valuable time.

Post has been editedGloomy - 14.07.11, 10:02