FAQ on PC antivirus protection

FAQ | Antivirus пїЅ | Problems with BB пїЅ | Viruses carried on flash drives. How to fight? пїЅ

Post has been editedGloomy - 03.07.11, 16:02

What you need to know about modern computer threats?

Modern viruses are not as scary as their predecessors. Improved
protection mechanisms of operating systems often do not allow them to create the same mess as before (for example, formatting a hard drive). Viruses and scam attacks are now mainly aimed at obtaining financial gain or controlling a user's computer, but not at destroying data. At the same time, a virus is not always required to complete the above tasks, often a correctly composed letter or SMS is enough for its recipient to send credit card information or other confidential information to attackers. The signature database of most antiviruses contains several million entries about various viruses, but no more than 10 different types of attacks constitute a serious threat.

Post has been editedGloomy - 05.07.11, 16:08

Ways to penetrate a computer

First, we will dwell on the mechanism of the attack. When it comes to phishing or social engineering, then the messages usually come on the chat in social networks, e-mail or on forums. In some cases, attackers may post them with a link to their resource directly in the comments of other sites. If the moderators in time did not have time to remove them, then some users will click on the link and fall for the scam.
When hackers try to install a virus on someone’s computer, in most cases they need the user to personally run the program. To convince the PC owner to do this, the virus is usually passed off as some kind of useful software. For example, a critical update for Windows, an antivirus, a codec needed to watch videos on a site, etc. Viruses also spread in crack and key generators, but the danger of these files is somewhat exaggerated. Triggering antivirus protection when they start does not always mean that they are really infected, since antiviruses can react in this way to their main purpose - changing the code of other programs with the aim of breaking them. On the other hand, with this behavior of antiviruses, the user can never be completely sure of the harmlessness of utilities of this kind, because he cannot distinguish false positives from actual virus detection in crack.
The most common virus for a long time is Conficker and its modifications, which occupy several places in the TOP 10 threats at once, including the first. They are distributed using the Autorun function, which launches the executable file specified in the Autorun.inf file when an external drive is connected to the computer. Conficker copies itself to the system, and then to other flash drives and hard drives connected to the PC. Most often, the virus itself is used to organize botnet networks. It was probably due to its epidemic that Microsoft recently turned off the Autorun feature in Windows XP / Vista using an update released in early February this year. On Windows 7, autorun is inactive by default.

Why would cybercriminals have information about users and access to their computer?

The main goals are only two. They are achieved in different ways, but fraudsters are interested in either receiving money from (amounts can vary widely) or using a computer or its owner’s accounts to send spam.
Control over someone else's PC allows you to create a botnet network, which sometimes include hundreds of thousands of computers. Such virtual armies are formed to send spam or DDOS attacks on sites. Users often do not even suspect that their PC is controlled by someone else.

General protection recommendations

• Be sure to install an antivirus (freeAvg, avast!, Avira, ComodoorMicrosoft Security Essentialswill be quite enough). If desired, add protection with a firewall.
  
• Update your browser to the latest version.
  
• Do not run unfamiliar programs without antivirus or with protection turned off.
  
• Do not agree to install the accompanying software offered by the site, if you are not 100% sure of its necessity.
  
• Check the name of the resource before entering data on it.
  
• To pay online, it is better to issue an additional card and transfer money to it from the main one before the purchase.
  

Post has been editedGloomy - 03.07.11, 15:08

Computer lock

A very common and at the same time rather unpleasant is an attack, in which attackers block a computer, demanding to send an SMS to get an unlock code. And the owner of the PC is not always told how much money will be withdrawn from the account. As we found out, at least in some cases we are talking about ~ $ 30.
Such viruses most often end up on PCs of inexperienced users who install programs on it (for example, video codecs) offered when visiting scam sites.

How to fight
Depending on the degree of blocking of the computer, it is worth trying several different scenarios.
If you have access to the Internet, we recommend using the servicesDr.WebandKasperskyto get unlock codes. In their databases, you can find out which virus has penetrated the computer, by mobile number or screenshot of the program.
If the virus has not yet been added to the database, the codes should be searched on the Internet independently by phone number or message. The main thing in this case - do not get to another scam of the bait and not pick up another virus, issued as a utility to combat blockers.
If you can start the Task Manager, you need to find the virus in the list of processes and terminate it. The program most likely has some typical name, for example plugin.exe, which attackers choose to disguise their application as a system process. After that, you need to remove it from startup. To do this, you can use the standard msconfig.exe utility (to start it, click the "Start" button and enter msconfig in the search field). The Startup tab lists the programs that are launched from the Startup folder, as well as through registry keys. Uncheck the box next to the virus so that it no longer loads when you turn on the PC. After that, it is advisable to check the computer with antivirus software to completely remove the malicious program from the system and make sure that there are no other copies left on the PC.
When the Task Manager is not available, you need to restart the computer to safe mode (to do this, press the F8 key a few seconds before the Windows logo appears on the black screen), and then repeat the same procedure with msconfig and antivirus. To download the latter, you will need an active Internet connection, so you need to select Safe Mode with Networking.
If for some reason the safe mode cannot be used, boot the PC using antivirus live-CD. In this case, you need another working computer where you can burn a disc. Some antiviruses are recorded on a USB flash drive, so a netbook and a laptop without an optical drive are suitable as a replacement PC.
Unfortunately, if all of these actions did not help or are not available, you will have to reinstall the OS. It is important to perform a clean installation of the system, rather than updating it - if you do it over the old copy, then the virus will not go anywhere.
How to deal with Trojan.Winlock

Post has been editedGloomy - 02.09.12, 23:15

Account abduction

The next common nuisance for users is account stealing. In most cases, they are not even blocked, and a person can work on the site without noticing any changes, but at the same time other people will receive advertising messages on his behalf. Such a threat is especially relevant for social networks, although the virus can also send spam in instant messaging services (ICQ, Skype, etc.).
Fraudsters have the benefit from the use of someone else's computer, so in this case do not require monetary compensation from its owner.

How to fight
If you are informed that spam is being sent on your behalf, you should check your computer with antivirus with fresh databases, and then change the password to your account.

Phishing

Larger catch swindlers often try to get, using the technique of phishing. In many cases, the user is required to follow the link to the fake website and enter their credentials there, which are then used to send spam. However, sometimes the user is trying to steal not his account, but credit card information.
As a rule, a letter comes to the mailbox with a message about hacking the site’s security system. To secure your account, you supposedly need to change the password, for which it is suggested that you click on the link to a fake resource, which externally is a complete copy of the original. A domain name usually differs by just one letter, and it is not immediately apparent (for example, facedook.com instead of facebook.com). The user registers and receives a message about a successful password change, and sometimes an inscription that the service is undergoing technical work and should be retried later. In fact, the credentials have already been sent to the hackers computer. In cases where the user is required to enter information about their credit card, accordingly, fraudsters get their number and code cvv2.
Sometimes accounts are also stolen from popular online games for selling a hero or inventory contents.

How to fight
First of all, it is necessary to check the domain name of the site to which it is proposed to go in the letter. It is important to pay attention to the second level domain (what is located to the left of .com). For example, the address checkpass.visa.com is directly related to the Visa site, while the address visa.checkpass.com already has a second-level domain name checkpass, and this resource belongs to completely different people.
In some cases, the email address of the sender will help you quickly. If the letter was allegedly sent on behalf of one company, and the specified address does not correspond to this at all (for example, a message from Facebook comes from the @ yahoo.com mailbox), then the message can be safely ignored.
You should also look not at the link in the text of the letter (anything can be written there), but at where it really leads. This information is displayed in the status bar of the browser when you hover over a link. If the message uses abbreviated links, then this is an additional signal that they want to hide the real address.
This type of threat has recently become increasingly rare, since it is necessary to use email or social networks to distribute letters, and spam filters in these services do a good job with such correspondence. For example, in addition to automatically placing such messages in spam, Gmail also adds a red text to the body of a letter warning that it is likely to be phishing or spam. In addition, all links are blocked in the text.
When following links to frequently visited sites, also pay attention to authorization requests. If you are sure that you recently entered your username and password here, and you are again required to do this, check the address in the browser bar. There is a possibility that you went to a fake resource by the wrong link. So, a common phishing attack is a message like "Are you in the photo?" with a link to a fake site (e.g. vkontavkte.ru). Having opened an incorrect link to an album with photos, the user gets to a copy of the site, where his name and password will be stolen after an authorization attempt.

Keyloggers

To obtain information about your credit card, attackers can use keyloggers to read keystrokes and send this information to fraudsters. Without antivirus, keyloggers are almost impossible to detect, since they do not manifest themselves in any way.

How to fight
In order not to catch such a virus, it is advisable not to install programs offered by unknown sites. It is also recommended to have an antivirus and, if possible, a firewall. Here, the firewall will be able to help out even if the antivirus is not installed, since the keylogger needs to send the collected data to the remote computer. At this point, the firewall and block it, and you can determine the presence of a virus.
To avoid intercepting keystrokes, you often use a virtual numeric keypad when entering credit card information, in which
numbers are placed in other places each time. If possible, you should always use it instead of the physical.
By reading keystrokes, viruses can also steal accounts. LastPass will help prevent such cases (recently, this add-on is available for all popular browsers). It can automatically insert the user name and password on the site, as well as fill out forms and even enter credit card information. Since the physical keyboard is not used in this case, keyloggers will not be able to recognize the pressed keys. LastPass can generate complex passwords and store them in its database, so you don’t have to remember them. Lastly, LastPass cannot be fooled by a fake address, and the plugin will never enter user information on a fake site.

Post has been editedGloomy - 03.07.11, 15:23

Social engineering

A special type of attacks that do not require the use of technical means. Simply put, instead of searching for vulnerabilities and writing viruses, attackers, using letters or conversations, are pushing users to take a certain action that disables computer protection or in any other way opens access to the necessary information.

In the arsenal of detractors are the following tricks:

• using social engineering, fraudsters are asked to transfer money to a certain account. For this, the SMS is composed in such a way that it would seem as if it was sent by a relative. In some cases, the attackers also push the victim to make a call to a mobile number, and then try to prolong the time, because a special fee is charged for the conversation at a higher rate;
  
• the program is proposed "SMS-spy", supposedly able to establish the location of a person by his mobile phone number. To use the service, subscribers are naturally advised to register using SMS. After that, the user receives a link to a site with publicly available information about whether a particular code belongs to a particular telecom operator or to interactive map services (Google maps or Yandex.Maps). Formally, such actions are not even a crime, since somewhere on the site information is provided about what services will be provided to the user;
  
• for a small fee, a program is offered that supposedly can read SMS on any phone after entering the number you need;
  
• an SMS arrives with a description of a little-known way to replenish an account without financial expenses, for which you need to send a message to a number.
  

Lesser known attacks

In addition to common types of attacks, there are also little-known ones, which you should also know about, because the lack of user readiness is the key to the success of hackers.

• Smishing (SMS Phishing)- Mobile version of phishing. A message with a link to a fake website comes by SMS. By running the resource in a mobile browser, the user opens the path to the device for the virus.
  
• Bluebugging- A special technique for accessing the phone via Bluetooth. At the same time, its owner does not receive any notice that a wireless connection has been established with his device. An attacker can watch received calls, address book, read messages, make and send SMS, as well as delete data.
  If the user somehow guessed that he was the victim of bluebugging, then getting rid of the fraudster is quite simple: just turn off the phone, turn off Bluetooth or go to another place (the Bluetooth radius is only 10 meters).
  
• Sidejacking- access to accounts by session ID. Most often, a special link with a large number of characters is used as the ID, which allows you to open the site without authorization. In some cases, a long set of characters in cookies is also used instead. If the attacker has learned the session ID, he will be able to access the user's sites without authorization and, for example, read his email.
  

As you can see, the two threats listed above apply on phones. Mobile viruses should really reveal all their capabilities in the near future. For example, McAfee warns in a recent report that their number has increased by almost 50% over the past year. At the end of 2010, the lowest level of spam was recorded in the last 3 years (80% of the total number of emails). It seems that this is due to the fact that attackers are beginning to switch to mobile platforms.

How to choose antivirus?

Any computer connected to the Internet is at risk of being infected with malware. Manifestations of infection with a malicious program - a virus can be different - from small failures in work to the complete failure of the device and further loss of all data.
The anti-virus program should occupy one of the leading positions in authoritative international ratings and be optimal for a particular PC. Today, there are a huge number of antivirus programs, paid and free. The most popular antiviruses in the post-Soviet space are: Kaspersky Anti-Virus, ESET NOD32 and Dr.Web. , Norton Antivirus, Avast, McAfee, Panda. What to choose? How to choose the best solution for a particular computer?
This topic is discussed in numerous forums, but users often give conflicting advice, an antivirus program that is reliable in the opinion of one person is the most unreliable in the opinion of another. From which it can be concluded that it is difficult to find objective information on the forum.
Today, there are companies that test antiviruses and, based on the results, compile antivirus ratings, but the results of these ratings are often very different from each other. This can be explained by the use of various techniques when comparing antiviruses.
You can trust the ratings of independent international experts, but you have to spend time comparing them. But if the quality of protection is difficult to assess, then the slowdown of the operating system and the installed software is noticeable immediately, and anti-virus software ratings are compiled, the data of which do not contradict each other.
So, having studied the ratings of antiviruses, you need to compare the necessary system requirements for the optimal operation of the selected antiviruses with the available technical resources. If you install a powerful anti-virus program on a “weak” machine, there will be little effect from it. The computer will hang, and the antivirus will not be able to perform its functions in full due to a lack of RAM or a low-frequency processor.

Post has been editedGloomy - 03.07.11, 15:51

What to consider when choosing an antivirus program?

Basic requirements for antivirus software:

• manufacturer (whether it is a reputable global brand in its field);
  
• the composition of the software package (a good antivirus, at least, includes:
  one). anti-virus monitor that constantly “monitors” RAM and all files, folders and disks that the user is accessing;
  module that monitors the integrity of the program code of the antivirus;
  2). on-demand anti-virus scanner;
  3). regularly updated set of anti-virus databases;
  four). anti-virus database update module;
  five). a module for creating emergency boot disks, which allows, if necessary, to check the system in the so-called "clean" environment;
  6). a firewall (also called a firewall, or firewall);
  
• work efficiency (the antivirus should provide the highest possible protection and at the same time not “slow down” the system);
  
• regular updates of anti-virus databases;
  
• the number of viruses and other malicious software that can identify and block antivirus;
  
• regular program updates;
  
• the ability to block unknown threats (genetic heuristic verification of suspicious program code and analysis of program behavior);
  
• accessible interface and easy setup;
  
• availability of a localized version of the program (for Russia - Russified);
  
• product price.
  

Post has been editedGloomy - 19.10.11, 21:31

What is an antivirus program?

Anti-virus program (antivirus) - any program for detecting computer viruses, as well as unwanted (considered malicious) programs in general and repairing infected (modified) files by such programs, as well as for preventing - preventing infection (modification) of files or the operating system with malicious code.

Target anti-virus software platforms

At the moment, anti-virus software is developed mainly for Microsoft's Windows operating systems, which is caused by a large number of malicious programs specifically for this platform (and this is caused by the great popularity of this OS, as well as a large number of development tools, including free and even "virus writing instructions"). However, products for other desktop platforms, such as Linux and Mac OS X, are currently entering the market, this is caused by the beginning of the spread of malware for these platforms, although usually Unix-like systems have always been known for their reliability.
In addition to operating systems for desktops and laptops, there are also platforms for mobile devices, such as Windows Mobile, Symbian, iOS, BlackBerry, Android, and others. Users of devices on OS data are also at risk of being infected with malware, therefore some anti-virus software developers release products and for such devices.

Classification of antivirus products

Antivirus products can be classified according to several criteria at once, such as: the antivirus protection technologies used, product functionality, target platforms.
According to the anti-virus protection technologies used:

• Classic antivirus products (products that use only signature-based detection)
  
• Products of proactive anti-virus protection (products using only proactive anti-virus protection technologies);
  
• Combined products (products that use both classic, signature-based protection and proactive)
  

By product functionality:

• Antivirus products (products that provide only antivirus protection)
  
• Combined products (products that provide not only anti-malware protection, but also spam filtering, encryption and data backup and other functions)
  

By target platforms:

• Antivirus products for OS Windows family
  
• Antivirus products for OS family * UNIX (this family includes OS BSD, Linux, Mac OS X, etc.)
  
• Antivirus products for mobile platforms (Windows Mobile, Symbian, iOS, BlackBerry, Android, etc.)
  

Antivirus products for corporate users can also be classified by protection:

• Antivirus products to protect workstations
  
• Antivirus products to protect file and terminal servers
  
• Antivirus products to protect email and Internet gateways
  
• Anti-virus products to protect virtualization servers
  

Post has been editedGloomy - 19.10.11, 21:36

Fake anti-viruses

In 2009, the active distribution of pseudo-antivirus programs began - software that is not antivirus software (that is, does not have any real functionality to counteract malware), but impersonates itself. In essence, pseudo-antivirus programs can be both programs for deceiving users and making a profit in the form of payments for “treating the system from viruses”, as well as common malicious software.

Antivirus databases

To use antiviruses, constant updates of the so-called antivirus databases are required. They represent information about viruses - how to find and neutralize them. Since viruses are often written, constant monitoring of the activity of viruses on the network is necessary. For this, there are special networks that collect relevant information. After collecting this information, an analysis of the harmfulness of the virus is carried out, its code and behavior are analyzed, and after that, ways to combat it are established. Most often, viruses run along with the operating system, and entries appear in the system registry. In this case, you can simply delete the virus launch lines from the registry, and this process usually can end in a simple case. More complex viruses take advantage of file infection. For example, there are cases when even some anti-virus programs, being infected, themselves became the cause of infection of other clean programs and files. Therefore, more modern antiviruses have the ability to protect their files from changes, and check their integrity by a special algorithm. Thus, viruses have become more complicated, as well as ways to combat them have become more complicated. Now you can see on the Internet viruses that no longer occupy tens of kilobytes, but hundreds, and sometimes can be the size of a couple of megabytes. Typically, these viruses are written in higher-level programming languages, so they are easier to stop. But still there is a threat from viruses written on low-level machine codes like assembler. Complex viruses infect the operating system, after which it becomes vulnerable and inoperative. Of particular danger are pirated software, because it implies the presence of malicious code (including harm to intellectual property). Thus, using a pirated antivirus, a person risks losing his earned money and putting his business at risk. Therefore, it is very important to have a licensed (and free) antivirus.

The main signs of computer infection

• output to the monitor of a computer messages or images that are not provided by the actions of the user or the actions of the programs at the moment;
  
• giving of any sound signals;
  
• random launch of programs;
  
• the message of the firewall, if any, about unauthorized access of unknown programs to resources on the network;
  
• friends or acquaintances tell you about receiving letters from you that you did not send;
  
• friends or acquaintances complain that you send them letters with viruses;
  
• many letters come to your mailbox without a return address or a header;
  
• Messages are sent to your mailbox with a report on the non-delivery of the letter to the addressee, since such an address does not exist or the box is full;
  
• the computer often freezes, there are constant failures in the work of programs;
  
• the computer is slow when running some programs;
  
• the computer freezes for a few seconds, then work continues as usual;
  
• the operating system boots for a long time or does not load at all;
  
• files or directories disappear;
  
• distorted information in some files or directories;
  
• files or directories with strange names appear unexpectedly;
  
• the computer often accesses the hard disk, although not what programs have been started and are not functioning at the moment;
  
• Internet browser behaves in a strange way, often freezes, the start page changes on its own, unauthorized pages open spontaneously, offers to download a file from the Internet;
  

These symptoms in most cases indicate infection of your computer with a virus. In this case, you should not panic and act rationally and calmly.

Post has been editedGloomy - 19.10.11, 21:36

Priority actions when a computer is infected with a virus.

First, disconnect the computer from the local or global network, if available.
If the computer starts, try to save important information to removable media, CD, DVD. Do not copy programs and executable files, they may be infected. Boot into safe mode (this will suspend viruses, which are most often activated via autoload, but it is not processed in safe mode) and run a full scan of the contents of all hard drives and remove / disinfect any detected infection.
If the computer does not start, do not try to download it again and again, each download attempt gives the virus time for its malicious activity.
Ideally, it is better to connect the hard drive from the infected computer to another computer and pull out all the necessary information from it. Only in no case, you should not run any programs from an infected hard drive or copy them to a healthy storage medium. If the computer does not boot, it can help.<passive scanning>hard drive i.e. scanning the hard disk for viruses on another computer. To do this, you need to remove the hard drive from the affected computer and connect it to a working computer with pre-installed antivirus protection. Then scan the infected hard drive. Even if anti-virus protection assures that the virus is completely removed and your computer is clean, this does not mean that the virus is completely destroyed. Antiviruses do not see all viruses and not all can correctly remove them. Antivirus does not guarantee one hundred percent that your computer is protected from viruses and malware. Some viruses can permanently damage the system files of the operating system, after which the operating system will not work correctly or will not work at all. In this embodiment, a complete reinstallation of the system may be required. As you can see, the effects of the virus are unpredictable and there is no panacea for this infection, so it is better to prevent the disease than to treat it. Competent behavior of a computer user can prevent infection of the operating system by almost 100%, save important data, money and valuable time.

Post has been editedGloomy - 14.07.11, 10:02