Malware, viruses, spyware

Malware is a general term including viruses, spyware, scareware, and in general any unwanted visitor to your computer that may be difficult to get rid of. This category includes discussion of malware prevention and removal.

Mar 012012

In late February, someone attempted to deface the Port Townsend Sangha web site.  The attempt was only partly successful–the site lost its formatting but the hacker’s graphic message was not displayed.  Since the damage was relatively minor, I spent a day investigating exactly what changes they made and tried to determine how they gained access to the site.

Continue reading »

Aug 182011

I rely greatly on image backups of my computer hard drive. They have saved me uncounted hours of work by allowing me to simply restore something rather than fix it.

A recent backup could have saved my clients money–restores are often quicker and cheaper than repairs.  They could have restored their computer to a previous state themselves and not needed my help to remove a virus or fix a problem.

Here are some of the ways I have used backups recently:

I had three Firefox 5 windows open, with lots of tabs.  Firefox crashed.  On restart, the Firefox window was messed up in ways I had never seen–odd separators, unusual things on the toolbar, etc.  I could have spent an hour or more researching the problem and determining how to fix it.  Instead, within five minutes I had restored my Firefox profile to the backup made at 5:30 pm the previous night.

My wife’s system became infected with spyware.  I spent about 15 minutes using the usual spyware removal techniques, but this infection was particularly resistant to the usual tools.  So I said to myself “Why bother with going through all this?” and restored the C: drive to the previous night’s backup.  Fifteen minutes later, the restore was done and the computer operating smoothly.

Patch Tuesday arrived and I installed all 16 Windows updates.  Afterwards, several programs no longer functioned correctly.  Rather than researching to see if I could find which update caused the problem, I just restored the C: drive.

I test lots of applications, so install and uninstall programs regularly.  That can lead to problems such as programs that interfere with others and programs that cannot easily be removed.  I find that I restore my C: drive once every month or so to recover from some unusual or suspect situation.

Finally, backups can save you if your hard drive crashes.  But I notice that I use backups primarily to recover from software problems.  Needing to recover the system after a hard drive failure is a much rarer event (but it still happens and can be quite disastrous if you don’t have a good backup).

Being able to restore the C: drive freely requires some planning.  Primarily it means that I keep important and changing information on another drive or partition.  Our email files, Firefox configuration, etc. are all on our E: drive.  Almost all programs can be persuaded to store their useful data on other than the C: drive.  For those few that can’t, I back up their data files regularly to another location.

Image backups are the only viable means of backing up and restoring an operating system drive (the C: drive).  File backup and synchronization programs are useful for data drives.  In my case, I make an image backup of the C: and a relatively small E: drives nightly.  I use a file backup program, SyncBack Pro, to back up data on a nearly full 1 TB data drive.

For the type of restore described here, you need an image backup program.  These programs make an “image” of the entire hard drive and write it to a file, which should be located on another hard drive (the “backup drive”).  I use an internal hard drive for a backup drive, but you can also use external drives.  The advantage of an internal hard drive for backups is that restoring the C:\ drive is much faster from it than from most external hard drives.  (External USB 3.0 or eSATA hard drives are equally fast, but few have computers that support USB 3.0 or eSATA.)

Both free and commercial image backup programs are available.  Every one of them has quirks and a learning curve; many have poor support.  I cannot unreservedly recommend any one product.  I use Acronis True Image Home 2010 (commercial) as my image backup program.  It has worked reliably for me for years.  I stick to the basic features and don’t use the whiz-bang tools added in each new release, as they seem more problematic.  Norton Ghost and Paragon are two other well-known commercial products.  Prices vary and discounts are frequently available.  Macrium Reflect Free, Paragon Backup & Recovery 2011 (Advanced) Free, and Easus ToDo Backup Free are all free for personal use.  The free versions of these products lack features present in their commercial versions.  For example, some may not run backups automatically or manage the backup images so they don’t multiply and fill your backup drive.

For businesses with servers and networks, many vendors offer image backup products–Acronis, Easus, Macrium, Paragon, StorageCraft, and Symantec are just some of the vendors.  You need to examine your needs closely to determine the most suitable and affordable solution.  A consultant should be able to help you select a product.  (I’ll be reviewing Symantec System Recovery 2011 here at a future date.)

Aug 142011

Have you wondered why people would write viruses and spyware that infect your computer? The answer is simple: they are trying to rob you.

There’s a good article about the history and current trends of hacking titled Why hackers write computer viruses on

The most common infections I have seen recently are fake anti-virus and anti-spyware products. Their goal is to extort cash from you by frightening you about many viruses on your computer and asking you to pay for their anti-virus program to remove themselves.  These programs lie–they report infections that are not present and may block running programs claiming they are infected.  These programs are sometimes called “scareware.”

The best defense against getting infected with any kind of “malware” (spyware, virus, scareware) is to have both an anti-virus program and a malware blocking program. For anti-virus, I generally recommend Microsoft Security Essentials. It’s free and well-integrated into Windows.

For malware, I use Malwarebytes Anti-Malware PRO.  The Pro version offers real-time protection whose goal is to prevent your computer from being infected in the first place.  This product costs $24.95, but search the internet for “malwarebytes coupon” and try different coupons for the best discount.  (I used 5MU-NBU-DFR to get the cost down to less than $20 earlier this year.)

If you do get infected, what should you do?  I will write an article on that later but, in summary, boot into safe mode (press F8 before Windows starts) and run anti-virus and anti-spyware scans.  Be sure the programs are current and have the most recent virus and spyware definitions.  Microsoft Safety Scanner can be useful when run in safe mode.  If you maintain a nightly image backup of your C: drive, and you trust your backups, you can restore the drive to the night before the computer became infected (with possible loss of some data like recent emails).  Finally, if your efforts fail or you need help, call a consultant (such as myself).