Resources

Earlier free AVG found numerous viruses and Trojans. Is it possible there are fragments left on laptop? The online scan at ESET showed about then variants of the Trojan “Viruits.” My home page has been replaced with a URL for Guarddog 2009 which is listed under AVG’s vault as dl.guarddog.generic13.ASQV.bm8 tem. In addition, my USB keyboard no longer works properly and my cursor acts up. Would you advise me to install a fresh copy of Windows or do full restore to factory setting to solve these problems? Is it safe to delete User Data found under Documents & Settings in C:/? Is it too late to use the Windows recovery disc?

Looks like you still have quite a few problems on your laptop, including remaining malware. Perhaps I should caution you to back up any data that you want to keep on the computer. Since it appears as if not all of the virus and malware infections have been removed from your computer, you will need to make sure that all of these malware entities have been removed before you reinstall, repair, or reformat the computer. If you don’t get rid of these infections first, then they will remain on the laptop, continuing to mess it up. After you get rid of all of the bad stuff, then you can take care of your Windows operating system. However, drastic measures such as reinstalling the operating system may not be needed once you remove these infections.

Scanning for Malware

One of the biggest problems with malware is that some of it slips by one anti-virus/anti-spyware application. This is why running two separate applications to remove the infections is a good idea. 

1. First, print these directions so you will have them to refer to. Then, close out all applications before running your anti-spyware/anti-virus applications. Hit the CTRL + ALT + DEL keys together to bring up the Windows Task Manager. It will show you if anything is still running on your computer. Simply select “Applications” in the upper left and close any programs that remain running.
2. Run AVG again and see what it comes up with on the laptop. It is important to note that this application doesn’t always catch things like tracking cookies which are also know to disrupt mice, keyboards, web browsing, etc.
3. Run a second application such as Anti-Virus PLUS, Ad-Aware, or PCTools to remove any remaining remnants of Trojans, spyware, or viruses. Anti-Virus PLUS offers a free scan and you can use this to see what type of infections remain on the computer. In particular, I’ve come across a lot of people who suggest that Malwarebytes does a good job of removing the KRYPTIK Trojan which you had listed in your original question. This should also remove guarddog2009.
4. Reboot and run your anti-spyware/anti-virus applications again to ensure that all malware has been removed.

Repairing Windows

Before making the decision that you need to completely repair of restore the computer’s operating system, why not try cleaning the registry and checking the hard disk to repair important files? You can use a registry cleaner such as RegCure and the chkdsk utility that comes with Windows.

To use chkdsk, click Start→ click Run→ Type cmd→ press Enter. Type in chkdsk volume:/r in order to locate bad sectors, repair errors, and recover readable information.

Of course, you can always use the installation disks to complete a recovery. If you follow these directions, your documents and files will be saved, but you will have to reinstall any programs and modify your personal settings:

1. Insert the installation disk into the CD drive while the laptop is on.
2. Turn the laptop off.
3. Wait a minute and turn the power on. The laptop should be able to boot up. If it doesn’t, press a keyboard key to get it to work/ follow prompts that appear/ try pressing “ESC” and “F1.”
4. Don’t press the “R” option for the “Recovery Console.” Press the “R” to “Repair” your system when the prompt appears.
5. Follow remaining prompts as they appear until finished.

Deleting User Data

User Data is created by Windows. It defines your User Profile and should not be tampered with unless you can identify it as data unnecessary for maintaining the profile.

Click here for our recommended free virus, trojan and worm scanner.

The term ‘virus’ has come to stand in for any dangerous or destructive computer programs but is technically only one of three main types of malicious software, or malware that can penetrate and damage your computer system and/or perform unwanted or unauthorized functions.

Each form of malware is essentially a software program designed to run specific applications on a computer. Some are programmed to damage or delete files, others to take over bandwidth and allow third party access to personal information or to send and receive information via the victim’s IP address.

All viruses are code written to perform or fulfill a specific task. Some are merely annoying and might do no more than put a silly message on your screen. Others are destructive and programmed to delete information or destroy the hard disk.

Viruses are mainly spread through emails and are launched when the receiver unknowingly executes the program by opening the attached file. Viruses are predominantly designed to attack and spread throughout the computers on which they have been executed, spreading from file to file throughout the computer, rendering programs delayed or inaccessible.

The virus works by placing itself in the computer’s memory then attaching itself to any programs that are executed. Once infected, every time the program runs the infected file will duplicate itself. Over time a virus that began as very small becomes larger and larger until eventually it is bigger than the original files and the programs are no longer able to run.

Trojans are primordially used to penetrate computers and establish back doors through which hackers can remotely control the system, access personal information and hijack the IP address. Unlike viruses and worms Trojans are not self-replicating and instead run in the background of the computer, avoiding detection and acting as inside guys for the hacker. Once a hacker has gained remote access of the system they can then issue commands, retrieve sensitive and personal information and route illegal data through the victim’s IP address to shield themselves and their actual location from detection.

Worms are similar to viruses in that they are self-replicating and do not require a specific file to spread. Worms reside in active memory and are programmed to spread themselves through networks gaining access to multiple ports and IP addresses rather than infect and immobilize a single host computer. Like Trojans, worms are used to penetrate computers, most often computer networks and establish back doors to provide remote access of networks of computer including the use of bandwidth that will interfere with and slow the functioning of the computer and the network as well as IP addresses that are useful to spammers and credit thieves.

There are many ways to protect your computer or computer network from malicious software. First, install a router or a software firewall to monitor data exchanged over the Internet. Install up to date antivirus software and frequently check for updates to known virus definitions and be vigilant in checking the source and content of data files before downloading and/or opening attachments.

Click here for our recommended free trojan and virus scanner.

Trojans are impostor files that take their name from the infamous penetration of Troy by the Greek army. Hiding inside a giant wooden horse, the Greek army was brought within the walls of Troy by its own inhabitants while disguised inside a peace offering. Similarly, Trojan files often appear to be desirable but are actually dangerous and destructive. Like the infamous Trojan horse of Greece, many computer Trojans seem benign, or even useful, hidden inside protective anti-virus software.

Unlike viruses and worms, Trojans do not self-replicate. Whereas viruses can be spread unknowingly through the exchange of files on disks or other portable data devices, in order for Trojans to spread they have to be opened or downloaded and executed by a specific user command, most often an email attachment or similar data file.

While most viruses execute malicious code that infects and destroys the system, Trojans establish what is known as a ‘backdoor” or a “trapdoor” through which the Trojan can send personal information extracted from your computer to a third party system.

Trojans generally have two parts, a client and a server: the client refers to the system used by the hacker, and the server to the victim’s system. Once opened, the client connects to the server and is then able to run programs or extract data. The server sends its IP address to the client allowing it access to the system. Once this connection is established the client can issue commands to the server that are executed on the victim’s computer.

Once the connection is made between the server and the client the hacker is able to run tasks secretly on the victim’s computer and enable total remote access of the computer by the third party known as RAT (remote access Trojan). In this way server computers are used to transmit illegal data or malicious code through the IP address of the unsuspecting victim.

Rather than simply run destructive code like a virus, a Trojan enables a hacker complete access to your computer and its contents. The more sophisticated the hacker the more serious the risks become, and the more difficult it may be to recognize the infiltration. An immature hacker might take remote control of your system for nothing more than a joyride.

The hacker will not be stealth and will make his or her presence known by opening and closing your CDROM drawer, inverting or flipping your computer screen, changing your screen saver or desktop, or playing media files from your computer. When the hacker is in control of the system there is no way to stop such events. More dangerously, even the immature hacker can access personal data saved on your system and make it generally available, release it through mass emails and chat functions.

Still, the more sophisticated hacker is not interested in wreaking havoc for the victim and prefers to remain undetected. Controlling the system remotely the hacker can access private and sensitive information stored on your system, run programs and scans through your system without your knowledge, your computer might turn itself on and dial up the modem by itself allowing the hacker full control of the system. By saving your credit card information the hacker may begin making charges to your account and establishing additional accounts based on your information.

There is antivirus software that specifically looks for and eradicates Trojans.