Resources

Click here for our recommended free pc worm and virus scanner.

Like a computer virus, computer worms are self replicating and destructive to computer networks. Yet, unlike viruses, worms are not attached to particular files, do not require a host program and, rather than focus on infecting and damaging the particular computer that it is running on, a worm is almost always designed to target the network of which the computer is a part. Whereas computer viruses are most often designed to target computer files, worms are created to disrupt networks. Unlike viruses that require a user to open and execute a file to activate and spread, a worm is self-propagating, completely self-contained and do not require execution once downloaded the way a virus file has to be opened to activate.

Like Trojans, worms are often programmed to open backdoors to the system allowing the writer remote control of the infected system. Once the system has been accessed the hacker can utilize its hardware, stored data, IP address and bandwidth for its own ventures that often include credit and identity theft.

Remote access of computer networks means that the worm developers gain access to large numbers of computers. It is common for developers to sell lists of IP addresses to spammers, similar to selling a mailing list to a telephone solicitor. Worms are also designed to deliver advertising software, or adware, that issues pop-up ads and spyware, which exports your personal information and browsing history to an external location.

Like other forms of malware, worms are spread by email attachments or other similar media files. It is important that users are careful when opening attachments: if you do not recognize the sender of the email then opening unknown attachments is best avoided. And, even if the sender is one of your contacts, worms are able to steal email addresses from infected computers and send email that appears legitimate but actually contain infected attachments.

More recently worms are being spread through instant messaging programs such as MSN Messenger or AOL Aim. Users will receive a message that appears to be from a contact but is actually the worm spreading itself and, once opened by the user, contaminates the new system. Sometimes worms do not require attachments at all. In this case the email contains a link that appears benign but, when clicked, hijacks the user taking them to a website where the worm is automatically downloaded.

There are ways to protect your self against worms, and other forms of malicious software. Similar to the way that you would not carelessly open the door to let a stranger into your house in the middle of the night, or follow an unknown person down a dark alley, by being aware and exercising some diligence computer infections can be avoided.

First, don’t open unexpected or unknown attachments. This way you can limit your system’s exposure has to potential damage. If you get an email from someone you know with a strange subject heading or incomprehensible content it is a good idea to be wary and check with him or her before opening any attachments. It is a good idea to run up-to-date anti-virus software on your computer. Many of these programs increase your security, automatically scan attachments and offer warnings about suspicious looking files.

Click here for our recommended free trojan and virus scanner.

Trojans are impostor files that take their name from the infamous penetration of Troy by the Greek army. Hiding inside a giant wooden horse, the Greek army was brought within the walls of Troy by its own inhabitants while disguised inside a peace offering. Similarly, Trojan files often appear to be desirable but are actually dangerous and destructive. Like the infamous Trojan horse of Greece, many computer Trojans seem benign, or even useful, hidden inside protective anti-virus software.

Unlike viruses and worms, Trojans do not self-replicate. Whereas viruses can be spread unknowingly through the exchange of files on disks or other portable data devices, in order for Trojans to spread they have to be opened or downloaded and executed by a specific user command, most often an email attachment or similar data file.

While most viruses execute malicious code that infects and destroys the system, Trojans establish what is known as a ‘backdoor” or a “trapdoor” through which the Trojan can send personal information extracted from your computer to a third party system.

Trojans generally have two parts, a client and a server: the client refers to the system used by the hacker, and the server to the victim’s system. Once opened, the client connects to the server and is then able to run programs or extract data. The server sends its IP address to the client allowing it access to the system. Once this connection is established the client can issue commands to the server that are executed on the victim’s computer.

Once the connection is made between the server and the client the hacker is able to run tasks secretly on the victim’s computer and enable total remote access of the computer by the third party known as RAT (remote access Trojan). In this way server computers are used to transmit illegal data or malicious code through the IP address of the unsuspecting victim.

Rather than simply run destructive code like a virus, a Trojan enables a hacker complete access to your computer and its contents. The more sophisticated the hacker the more serious the risks become, and the more difficult it may be to recognize the infiltration. An immature hacker might take remote control of your system for nothing more than a joyride.

The hacker will not be stealth and will make his or her presence known by opening and closing your CDROM drawer, inverting or flipping your computer screen, changing your screen saver or desktop, or playing media files from your computer. When the hacker is in control of the system there is no way to stop such events. More dangerously, even the immature hacker can access personal data saved on your system and make it generally available, release it through mass emails and chat functions.

Still, the more sophisticated hacker is not interested in wreaking havoc for the victim and prefers to remain undetected. Controlling the system remotely the hacker can access private and sensitive information stored on your system, run programs and scans through your system without your knowledge, your computer might turn itself on and dial up the modem by itself allowing the hacker full control of the system. By saving your credit card information the hacker may begin making charges to your account and establishing additional accounts based on your information.

There is antivirus software that specifically looks for and eradicates Trojans.

Click here to scan your computer for viruses.

If your system is infected with a virus or other malicious software you will likely have noticed some of the following symptoms: exceedingly slow response times, pop-up ads even when not connected to the internet, mysterious crashes, error messages, freezes or changes to your preferences on both your operating system and Internet browser like new tool bars that you didn’t install or a new home page.

The first thing you should do is run a virus scan. In addition to viruses or malware, there are other causes of computer problems. If your system is running slow it is possible that you have too many applications running at once or if your system is slow to respond or freezing it is possible that it is running too hot and that you need to ensure that your fans are working. Viruses attack files and folders, not hardware, so your computer components should still operate even with a virus.

If you have done some troubleshooting, tried rebooting your system or restarting your modem to check the Internet connection and are still having problems than it might be a corrupted file. If you recently downloaded a software program and the problem could be a program execution error try uninstalling the program and see if that takes care of your problem.

If you still have problems then its possible you have a virus or other malware infection. If you frequently download files through peer to peer sharing sites like KaZaA and Limewire, click unknown links in emails or IM messages, download software from free sites, share USB sticks or other removable file devices or run questionable or .exe file extensions that you receive by email then you have significantly increased your chances of infection.

Your next step is to check which programs are currently running by launching Task Manager. However, it is an even better idea to run the free ProcessScanner service, available online that is certified by Microsoft since many viruses can get around Task Manager. Checking the programs your system is running and assessing the risks will help determine if there is anything unusual being performed.

The next step is to check the list of programs that your computer is set to launch automatically when it starts up. Many malware programs are designed to hide in this list and boot automatically when your system does. For this process click on the Run command in the Start menu and type msconfig.

In addition to these programs that are included with your computer’s operating system there are also a number of online virus scan software programs and commercial products available on the market. Installing a virus scan on your computer is a good way to secure your system. Antivirus software can detect, isolate and delete infected files, usually before they do too much damage. Even with the latest virus protection it is important to check frequently for updates as hackers and virus writers are producing as many as 200 new viruses each month!

If these steps fail to solve your problem the last resort is to format the hard disk, deleting the entire system and reinstalling the operating system. In this case you will lose your data saved to the hard disk so keeping back up files of important or irreplaceable data is a great idea.

Click here to scan your system for viruses and other potential threats

Like a biological virus, a computer virus infects its host and spreads throughout the body. In this case an infected file accesses a computer and spreads throughout the system to other files and folders.

The term ‘computer virus’ is commonly used to refer to any malicious or destructive programs including worms, Trojans, spyware and adware. While all malicious software does, in a sense, ‘infect’ a computer, a virus is a specific type of software that has specific patterns of behaviour.

Computer viruses are transmitted from system to system through the exchange of infected files or folders. Infected files are downloaded, either from a website or as an email attachment, in the guise of harmless files. Once the file is opened the virus is programmed to self-execute and infect the system. Viruses also spread through the exchange of infected files in external devices like floppy disks, cds and USB ports.

Once a virus is unleashed in a computer it takes over, self-replicating, spreading its code, taking over files and folders, and gradually destroying the system. Computer viruses result in damaged files, inaccessible data or programs, sporadic and unpredictable computer function and eventually inoperable systems.

In addition to spreading throughout the system and contaminating files, some computer viruses have an additional ‘destructive payload’, executed when the user unwittingly issues a preset command.

Some viruses infect computer systems corrupting code and causing a wide range of symptoms including slow response times, failure to open programs, freezing during commands, and eventually failure to boot up at all. Some viruses can damage programs, delete files and even reformat the hard disk.

There are a few reasons why people might write computer viruses. Like vandalism or arson, creating public mayhem through viruses may seem very exciting. Maybe it’s a thrill or an ego boost to design a virus that holds large numbers of people, as well as powerful corporations and government agencies in your control.

Some programmers might perceive writing viruses as a technological challenge in a war against the computer establishment. If people adept at programming are excluded from or at odds with conventional computer software design, or feel threatened by the power of major computer corporations, without a productive outlet this angry or thrill-seeking energy can result in programming viruses. As long as people write viruses corporations like Microsoft have to devote time and money to combating them. Or maybe people write them just to see if they can.

Antivirus software can help you secure your system against potential threats. Scanning your system and checking new files, the software identifies and isolates or deletes infected files. Often operating systems are equipped with built in virus scans that monitor and check files before they are opened. The antivirus software works by comparing the code content of the attached file against a registry of known virus codes so it is important to update your security software frequently. Scans can either be preset to run at periodic interval or be initiated manually as commanded by the user.

Click here to scan your system for malware protector 2008, viruses and other potential threats

MalwareProtector2008 is classified as a medium risk. It affects most, if not all, Windows operating systems and reports false or exaggerated system security threats in order to confuse the user and infect the system.

MalwareProtector2008 is a computer virus. The virus works by telling the user that their system is at risk from malware; spyware and adware, and prompts the user to buy the software program clone that it uses as a decoy. The application then threatens to re-infect the system if the user attempts to uninstall the application.

When the program is executed it creates files on the system and then deletes the application installer. Next, the virus creates a registry entry to program it to execute whenever Windows starts.

There are four straight forward steps to remove this virus from your computer.

First, disable System Restore (Windows Me/XP) Since the MalwareProtector2008 virus spreads every time Windows is launched, and System Restore is enabled by default to restore destroyed files if they are damaged, if the virus has infected files System Restore may repair and relaunch the infected files, spreading the virus.

Windows is programmed to protect System Restore from outside sources so antivirus software can’t remove threats that are already in the System Restore folder. So it is important that System Restore is free of infected files or they may be restored and the virus could be re-launched even after the rest of the computer has been cleaned.

Once you have turned off System Restore the next step is to update your virus definitions. MalwareProtector2008 has been added to the Symantec and Norton virus dictionaries.

Depending on the antivirus security program you run on your computer you can either access updates daily or weekly by running LiveUpdate or you can download the definitions using the Intelligent Updater where updates are posted daily. The Intelligent Updater is available through the Symantec Security Response Web site.

Next, using your updated antivirus software, run a full system scan. Ensure that the program is set to scan all files and, if any infected files are detected, follow the instructions displayed by your antivirus program to remove them.

It is important to note that if you are unable to run your antivirus product or if it reports that it can’t delete an infected file you may need to run the scan in Safe mode. For detailed instructions on how to start your computer in Safe mode use the Microsoft or Symantec Support pages.

After the files are deleted restart the computer in Safe mode. Since the virus isn’t completely removed yet, warning messages may be displayed at this point. They can be ignored and won’t reappear once the process is complete.

Lastly, remove the value from the registry. At this point it is important that you back up the registry before making any changes as they can result in permanent data loss and be sure to only modify the specified subkeys.

If the registry editor fails to open there is a tool to download via Security Response to resolve the problem.

Once in the registry editor:

1. click Start >Run
2. type regedit
3. click OK
4. Navigate to and delete the following registry entries:

* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”SMshcev9j0e1b1″ = “C:\Program Files\shcev9j0e1b1\shcev9j0e1b1.exe”

* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shcev9j0e1b1\”DisplayName” = “MProtector”

* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shcev9j0e1b1\”UninstallString” = “C:\Program Files\shcev9j0e1b1\uninstall.exe”

* HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”RegistrationUrl” = “http://www.malwareprotector2008.com/buy/”

* HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”RegistrationDiscUrl” = “http://www.malwareprotector2008.com/purchase/”

* HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”ADVid” = “”

* HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”" = “C:\Program Files\shcev9j0e1b1″

* HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”InstallDir” = “C:\Program Files\shcev9j0e1b1″

* HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”domain” = “malwareprotector2008.com”

* HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”SoftID” = “MProtector”

* HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”DatabaseVersion” = “2.1″

* HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”ProgramVersion” = “2.1″

* HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”EngineVersion” = “2.1″

* HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”GuiVersion” = “2.1″

* HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”ProxyName” = “”

* HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”ProxyPort” = “0″

* HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”ScanPriority” = “1″

* HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”DaysInterval” = “7″

* HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”ScanDepth” = “2″

* HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”ScanSystemOnStartup” = “1″

* HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”AutomaticallyUpdates” = “1″

* HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”MinimizeOnStart” = “0″

* HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”BackgroundScan” = “1″

* HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”BackgroundScanTimeout” = “1″

* HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”MGuid” = “{0DB56EFC-EE39-447F-94AB-73409F51AC2E}”

* HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”InstallationID” = “{F2D62961-6358-4CCF-B806-7664421D16B2}”

* HKEY_LOCAL_MACHINE\SOFTWARE\shcev9j0e1b1\”LastTimeStamp” = “B8″

* HKEY_USERS\S-1-5-21-1172441840-534431857-1906119351-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\”C:\Program Files\shcev9j0e1b1\shcev9j0e1b1.exe” = “shcev9j0e1b1″

Finally, exit the registry editor. And you should be clean!

Click here to scan your system for viruses and other potential threats

Computer viruses are no fun.  In fact, they can really wreak havoc with our computer systems, causing slow-running or incorrectly functioning computers and even computer crashes.  Here are a few ideas you can use to keep from “catching” one:

Get a good anti-virus program.  Many excellent programs are available today which can help keep your computer safe from viruses. Some even offer basic anti-virus protection free.

Be sure your anti-virus program receives regular updates. This will ensure that all the latest known viruses are covered.

Be sure your internet provider offers online protection. In addition to careless handling of incoming e-mail, surfing the net seriously increases our threat of becoming victims of computer viruses.

Never click a link inside an e-mail-particularly if the e-mail isn’t from someone you know and trust. To see where a link will take you if clicked, lightly pass your cursor over the link and look in the left corner of the status bar at the bottom of your screen. If the URL you see there looks suspicious, it probably leads to an unsafe site.

Never open an e-mail attachment from someone who isn’t 100% credible. Unless you know and trust the person and are absolutely certain the e-mail is from that individual, leave the attachment unopened.

Never download anything from a website you aren’t absolutely sure is trustworthy, and be sure you are really on the site you think you are before initiating the download.  Do this by right-clicking anywhere on the web page and then clicking “Properties.” The window that opens will tell you the real name and URL of the site you’re on.

Taking these precautions can help keep your computer safe from viruses.

Jeanne Dininni