Malware: types, protection, prevention,

detection and removal

This article provides important information about the types, symptoms,
protection, prevention, detection, and removal of malware (computer virus,
ransomware, spyware, adware, rootkits, trojan horse, worms, etc.).

What is malware?
Malware short for malicious software is software that is specifically designed
to damage or disrupt a system, steal information (spy on you), or destroy data.
(1)

Malware is a broad term used to describe many different types of malicious

programs.

Malware types
Common Malware types are:

 Computer Virus - is capable of copying itself and spreading to other

computers. Viruses can perform harmful activities on an infected PC
such as corrupting the system or destroying data.

 Spyware (2) - secretly monitors your activities and gathers your

information through your Internet connection without you knowing about
it.

 Adware (3) - shows unwanted advertisements on your computer and

generate revenue for its creator. These advertisements are often in the
form of annoying pop-ups (windows).

 Rootkit (4) - is a collection of tools (programs) that are designed to

remotely access or control a computer or network without being
detected. Rootkits are difficult to detect because they are activated
before your system's Operating System has completely booted up.

 Trojan Horse (5) - (also known as a Trojan) disguises itself as a normal

file or program to trick users into downloading and installing malware.
 Worm (6) - is capable of copying itself and spreading to other
computers. It uses networks to spread itself and causes harm by using
a lot of bandwidth (this makes your internet slow) or possibly deleting
files or sending documents via email. Worms can also install backdoors
on computers. The difference between a worm and a computer virus is
the way they spread – worms spread across networks and viruses
attach themselves to various programs and executable codes. (7)

 Ransomware (8) - prevents or limits users from accessing their system

or data. It forces its victims to pay the ransom through certain online
payment methods to grant access to their system or to get their data
back.

 Keylogger (9) - runs in the background and records every keystroke

you make (everything you type on your keyboard). These keystrokes
can include usernames, passwords, credit card numbers, and other
sensitive and personal data. The keylogger will share this information
with its creator.

 Botnet (10) - (also known as a zombie army) is a network of malware-

infected computers which are controlled by the creator of the botnet
(cybercriminal). Each computer functions as a bot because it's infected
with a specific type of malware. A botnet can be used to send spam
emails, transmit malware, perform DDoS attacks and perform other
malicious tasks.

 Rogueware - often pretends to be security software such as antivirus

and anti-malware software, but can also pretend to be other software
such as system cleaners. This type of malware is simply misleading
(fake) software that asks users to pay money for removing fake
problems and threats. When a PC is infected with Rogueware, the
Rogueware will give warnings in an aggressive (annoying) way and if
you want to try to remove these so-called problems or threats (found by
the rogueware), you will probably be redirected to the payment page
where you will need to purchase the so-called software to remove the
(fake) problems and/or threats.
Malware symptoms (signs)
Some Malware symptoms (signs)(11) are:

 Computer, programs and internet connection run slower than usual

 Your web browser often freezes (hangs or unresponsive)

 Annoying unwanted pop-up windows and ads appear

 System or programs regularly crash

 Hard drive continues to have excessive activity — even when you don't
use it

 Sudden increase of disk space on your hard drive

 Unusual high network activity when not using your web browser

 Your web browser's homepage has been changed

 A new toolbar is placed at top of your web browser

 You want to open a website, but you are sent (redirected) to another
(different) website

 Unusual messages appear

 Unusual programs start automatically

 Your antivirus program and/or its shields and update function is turned
off (disabled)

 Your friends are receiving strange (weird) messages and/or emails from
you (which you didn't sent)

 You're blocked from getting access to your system and get forced to pay
money (ransom) to regain access again

 You are unable to access the Windows Control Panel, Task Manager,
Registry Editor or Command Prompt
  Your computer automatically plays music

 There are new unknown icons on your desktop

 Your computer restarts (reboots) by itself (turns automatically off and

on)

Malware protection tips

You can have the best malware protection on your computer, but even the
best anti-malware (antivirus) software can fail to detect new malware. (12)

Malware threats have grown significantly in the past decade. These threats
grow so fast, that antivirus programs take too long to catch up with malware
(even the best programs). (13)

Therefore, the best protection is yourself.

You might be wondering:

What does he exactly mean?

Well, if you do any of the following:

 Use illegally downloaded software on your computer

 Install free software without checking it out first (reviews).

 Click on OK, Yes, Continue or Run when a pop-up window appears and
asks you to install unknown software.

 Click on links in emails you don't trust.

 Download and open email attachments you don't trust.

 Ignore security warnings from Windows or your antivirus program

 Never update your operating system (Windows) and software

 Don't use antivirus software

 Use an insecure web browser

Then there's a big chance that your computer will get infected with malware.

There's no better malware protection than yourself, so pay attention to

everything you do, online and offline.

And now:

Antivirus software (free and paid)

You should always use antivirus software on your computer – even when
antivirus programs can't protect you 100% against all malware.

But:

It's better to have some protection than no protection at all.

And:

Good antivirus software can protect you against most known malware.

You should always install and use only one (1) antivirus program on your
computer.

Using multiple antivirus programs on a PC is a very bad idea! (14) Why?

 They might attack each other: because one of them might think that
the other one malware is because it's monitoring your system (same like
spyware or other malware) and then it will attempt to block and remove
it.

 They will fight over malware: when one of them detects, removes and
places malware in quarantine, then the other program might also detect
the same malware (even when the other program already has it in
quarantine) and then it will also try to remove the malware and place it
in quarantine. Then you will keep getting the same notifications about
this malware over and over again.

 They will make your system slow: antivirus programs use a lot of your
system memory to perform system scans and other related tasks. So
your system will become slower when using two antivirus programs.
There are so many free and paid antivirus programs out there that it's difficult
to choose one.

The free antivirus programs I recommend are:

 Bitdefender Antivirus Free

 Kaspersky Free Antivirus

 Kaspersky Security Cloud Free

If you need more functions (e.g., multi-layer ransomware protection) and

settings, then you can try a paid antivirus program.

Most antivirus companies offer the option to download and try their paid
antivirus programs for free for 30 days.

The paid antivirus programs I recommend are:

 Bitdefender Antivirus

 Kaspersky Antivirus

Bitdefender and Kaspersky always have top results in antivirus tests, like AV-
TEST and AV-Comparatives.

Free second opinion malware scanners

It's also recommended to use second opinion malware scanners to get more
complete detection coverage, because some programs may detect malware
that others might miss.

The free second opinion malware scanners I recommend are:

 Malwarebytes (note: to download the free version, you will have to

scroll down to the bottom of the page and then click on DOWNLOAD 14
DAY TRIAL. You will get the Premium version for the first 14 days and
after the 14 days it will turn into the free version – which is an on-
demand malware scanner)

 Kaspersky Virus Removal Tool

  Kaspersky TDSSKiller

 ESET Online Scanner

You can use these scanners to scan your PC periodically (e.g once a week)
or when you think your PC is infected.

You can use malware scanners alongside your current antivirus software.
Which means you get the chance to use other antivirus software on your PC
without any problems.

Malware prevention tips

You can prevent malware by following these tips:

 Keep your operating system and software always up-to-date

 Use a firewall (Windows firewall is enough).

 Always take security warnings from Windows or your antivirus program

seriously. Never ever ignore security warnings!

 Don't download and use pirated software.

 Never click on OK, Yes or Run when a pop-up window appears and
asks you to download and install unknown software.

 Never click to fast on Next, Install, OK, etc. when installing software,
because you might install extra unwanted third-party software (like
toolbars). If you see extra offers, then uncheck all their checkboxes.

 Always download software from the official link or from a trusted

website.

 Don't click on links in emails from unknown senders.

 Don't download and open email attachments – unless you can verify the
source.

 Check free software before downloading and installing it on your

computer. Just Google the software first and look for reviews or forums.
 Use a secure and safe web browser like Google Chrome, Mozilla
Firefox, Microsoft Edge, and Opera and keep it updated.

 Disable or uninstall Java if you don't need it.

 Disable or uninstall Adobe Flash Player if you don't need it. You can
also disable Flash Player in your web browser.

 Don't click on links you don't trust, but first, check the link. When you go
with your mouse cursor on the link, then you can see at the bottom left
corner of your browser window the REAL location the link is pointing to.
You can also check the link using VirusTotal.com.

 Never download codecs or players to watch videos online. If you can't

play the video online in your secure web browser then there's something
wrong with the video or website.

 When you insert a USB flash drive or external hard drive from someone
else into your PC, then scan it first with your antivirus program before
opening or copying anything.

 If you want to take risks, then at least install VirtualBox on your PC, then
install an operating system, like Linux (Linux Mint or Ubuntu) as a virtual
machine in VirtualBox and do your risky things in there. But remember
that also this is NOT 100% safe.

 Don't use a Windows administrator account for daily use, but use a
standard account instead. If malware or a hacker gets access to your
system, then the malware or hacker has the same rights to whatever
account you're using. So if you use an administrator account and
malware or a hacker takes control of your system, then the malware or
hacker can do anything he, she or it wants and have full control of your
system, but if you use a standard account then they can only do things
that don't require administrator permission, so he or she can't change
important system settings or install malware, and malware can't install
itself unless you enter the administrator password.

 Microsoft recommends that you disable SMB1 on Windows for security

reasons. (15) (16)

 If you are curious about a file or link, then you can also analyze it
on www.virustotal.com.
Malware detection and removal
I will show you step by step how to detect and remove (get rid of)
malwarefrom your infected PC in a few different ways using free second
opinion malware scanners (malware removal tools).

The good thing about second opinion malware scanners is, that you can use
them alongside your current antivirus software.

Important tips!

1. Create a system restore point. If something goes wrong you can restore
the mistake with a system restore point.

2. Always scan your PC with multiple second opinion malware scanners to

get more complete detection coverage, because some programs may
detect malware that others might miss.

3. Always double check the results of each scan and make sure that
nothing important is selected for removal. Even malware scanners can
make mistakes and sometimes see something harmless as a threat.

4. If you are having problems installing and/or opening second opinion

malware scanners, then start Windows in "Safe Mode with Networking"
and try again. Jump to: How to start Windows in "Safe Mode with
Networking" (located on this page).
Recommended solution

If your computer is infected with malware (computer virus, spyware, rootkit,

trojan horse, worm, etc.), and you want to be 100% sure that your system will
be clean, then the best solution is to reinstall Windows or restore a system
image backup that's 100% clean.

Why?

Well, if your antivirus (anti-malware) software detected malware, then you will
never know for sure if that's the only piece of malware that has infected your
system.

Malware can nestle itself deeper into your system and hide so that it can't be
discovered by your security software and it can also open doors to other
malware.

Now:

I know that most people don't want to reinstall Windows or don't have a
system image backup, so that's why I will show you step by step how to
remove malware from your infected PC in a few different ways.

Step 1: Delete temporary files

Deleting your temporary files can speed up the scanning process and also
free up disk space.

You don't need to install any extra software, because Windows has a built-in
tool called Disk Cleanup.

1. Open Windows Disk Cleanup.

Three ways to open this tool:

 Go to the Windows search bar and search for cleanup and click
on Disk Cleanup.

 Press the [Windows] + [R] key on your keyboard, enter cleanmgr.exe,

and click on OK or press Enter.
  Open Windows Explorer or File Explorer (Windows 10), right-click on
the (C:) drive, choose Properties and click on Disk Cleanup(General
tab).

2. Select the Windows drive (when asked for and if not already selected).

(C:) is the default installation location for Windows.

3. Click on OK.

The tool will now calculate how much disk space you will be able to free on
your system drive.

4. Select the type of files you want to delete.

I always select everything.

5. Click on OK.

6. Click on Delete Files.

This may take a while. The time it takes depends on how many files need to
be deleted. When it's finished the tool will close by itself.

Step 2: Full system scan with your antivirus software

Look:

Your antivirus program may have missed the malware that has infected your
PC the first time.

But:

Antivirus companies update their virus definitions hourly, daily or weekly, so

it's possible that the malware that has infected your PC has been added in the
last update.

First, you update your antivirus software and then run a full system scan with
the program.

Step 3: Kaspersky TDSSKiller

Kaspersky TDSSKiller detects and removes rootkits:

You can download the latest official version of Kaspersky TDSSKiller here.

1. Start TDSSKiller.

2. Accept the End User License Agreement.

3. Accept the KSN Statement.

4. Click on Change parameters.

5. Select Detect TDLFS file system.

6. Click on OK.

7. Click on Start scan.

TDSSKiller will now scan your computer for rootkits. This process can take up
to 30 seconds.

When the scan is completed it will show you the results of the scan.

8. If malware is detected, you click on Continue to remove the malware.

Step 4: Malwarebytes

You can download Malwarebytes here (note: to download the free version,
you will have to scroll down to the bottom of the page and then click
on DOWNLOAD 14 DAY TRIAL. You will get the Premium version for the first
14 days and after the 14 days, it will turn into the free version – which is an
on-demand malware scanner).

When you install Malwarebytes it will automatically enable a two-week trial

version of the premium version, but if you don't want the two-week trial, then
you can easily disable it in the settings.

Enable Scan for rootkits

You will only have to change the following setting once.

1. Start Malwarebytes.

2. Click on Settings in the left sidebar.

3. Click on Protection at the top.

4. Go to Scan Options.

5. Turn on Scan for rootkits.

Scan for Malware

1. Open Malwarebytes.

2. Click on Scan Now.

Malwarebytes will now scan your computer for malware. This process can
take up to 15 minutes.

When the scan is completed it will show you the results of the scan.

3. If malware is detected, you click on Remove Selected to remove the

malware.

Malwarebytes may ask you to restart your PC.

Step 5: Zemana Antimalware

You can download Zemana Antimalware here (for the download button of the
free version you will have to scroll down to the comparison table).
1. Start Zemana Antimalware.

2. Click on the Scan button.

Zemana will now scan your computer for malware. This process can take up
to 10 minutes.

When the scan is completed it will show you the results of the scan.

3. If malware is detected, you click on the Next button to remove the malware.

Step 6: Kaspersky Virus Removal Tool

You can download Kaspersky Virus Removal Tool here.

1. Start Kaspersky Virus Removal Tool.

2. Accept the End User License Agreement.

3. Click on Change parameters.

4. Select (check) System drive and click on OK.

5. Click on Start scan.

Kaspersky will now scan your computer for malware. This process can take
up to 40 minutes.

When the scan is completed it will show you the results of the scan.

6. If malware is detected, you click on Continue to remove the malware.

Step 7: ESET Online Scanner

You can download ESET Online Scanner here.

Click on SCAN NOW to download this tool.

1. Start ESET Online Scanner.

2. Accept the Terms of Use.

3. Choose one of the following two options:

  Enable detection of potentially unwanted applications

 Disable detection of potentially unwanted applications

4. Click on Scan.

ESET will now scan your computer for malware. This process can take up to
40 minutes.

When the scan is completed it will show you the results of the scan.

5. If malware is detected, you choose one of the following two options:

 Select the threats you want to delete and click on Clean selected.

 Click on Clean all.

6. Now you will have the following (optional) option Delete application's data
on close.

7. Click on Finish.

Step 8: Emsisoft Emergency Kit

You can download Emsisoft Emergency Kit here.

1. Open Emsisoft Emergency Kit.

2. Click on Malware Scan.

Emsisoft may ask you to detect potentially unwanted programs (PUPs).

Emsisoft will now scan your computer for malware. This process can take up
to 15 minutes.

When the scan is completed it will show you the results of the scan.

3. If malware is detected, you choose one of the following two options to

remove the malware:

 Quarantine selected

 Delete selected
How to start Windows in Safe Mode with Networking
If you are having problems installing and/or opening second opinion malware
scanners, then start Windows in Safe Mode with Networking and try again.

Booting into Safe Mode with Networking will only load the minimum required
programs and services.

This mode may also prevent certain Malware from loading automatically when
Windows starts.

This could help to remove certain Malware easier since it's not running and
active.

How to start Windows in Safe Mode with Networking in Windows XP,

Vista and 7

1. Start your PC and keep tapping on the [F8] key repeatedly until a menu
appears.

2. When the Advanced Boot Options menu appears, you select Safe Mode
with Networking.

3. Press Enter.

How to start Windows in Safe Mode with Networking in Windows 8 and

8.1

Method 1

1. Start your PC and keep tapping on the [F8] key repeatedly until a menu
appears.

2. When the Advanced Boot Options menu appears, you select Safe Mode
with Networking.

3. Press Enter.

Method 2

1. Click on the Start menu button.

2. Click on the power button.

3. Hold the [Shift] key down and click on Restart.

An options menu will appear.

4. Click on Troubleshoot.

5. Click on Advanced options.

6. Click on Startup Settings.

7. Click on Restart to restart your PC.

8. When the Startup settings menu appears, you press the [5] key on your
keyboard for Safe Mode with Networking.

How to start Windows in Safe Mode with Networking in Windows 10

1. Click on the Start menu button.

2. Click on the power button.

3. Hold the [Shift] key down and click on Restart.

An options menu will appear.

4. Click on Troubleshoot.

5. Click on Advanced options.

6. Click on Startup Settings.

7. Click on Restart to restart your PC.

8. When the Startup settings menu appears, you press the [5] key on your
keyboard for Safe Mode with Networking.

That's all. Hopefully, you learned enough about malware to keep your PC
clean and safe. If you want to learn more about computer and Internet security
(cybersecurity), then visit this page.