Thursday, May 13, 2010
HijackThis: The Ultimate Malware Removal Tool for Nerds
When we suggest that readers download software, we normally pick programs that are known for user friendliness. HijackThis is not user-friendly. In fact, it's downright dangerous in the wrong hands. Yet, its power for locating and removing malware is unrivaled, thanks to its catch-all approach that doesn't bother to determine what is good or bad, but merely tells you what is on your PC.
What we like:
Rather than exclusively looking for known baddies, HijackThis scans your browser, registry and other settings, and returns a complete log of everything it finds. From here, users can manually remove settings and other spyware components that might be missed by traditional anti-malware tools. This is all done from the HijackThis window, simplifying what would otherwise require digging through the registry and several other settings dialogs, and could ultimately take hours.
There is also a process manager that looks at all the programs and other files that are currently running on your PC, thus allowing you to quickly disable any offending processes.
Despite its intimidating interface, which returns confusing text-only results following a scan, HijackThis is relatively simple to use. Its no-frills approach means there are few options, buttons, or dialogs with which to contend. Simply launch the program, generate a log, and check off the boxes of the entries you want to remove. Thankfully, if you do remove something you shouldn't have, HijackThis offers a 'Backup and Restore' option under the 'Misc Tools' section.
What we don't like:
This isn't really a complaint, since HijackThis never pretends to be something it's not, but you should know that -- unless you're familiar with some of the more obscure settings of your PC -- you could do permanent damage to your OS with this program. It's strongly suggested that novice users post the generated log file to one of the many forums where more experienced nerds will gladly parse the results to find entries that should be removed. You can do this relatively easily by clicking "Analyze This."
There is an "Info on Selected Item" button, but the data it spits back at you is practically worthless.
Bottom line:
When other malware removal tools fail, HijackThis can step in and clear out stubborn infections. It's not for beginners, or for the faint of heart, but it certainly deserves a home in any geek's toolbox.
Source: Terrence O'Brien
What we like:
Rather than exclusively looking for known baddies, HijackThis scans your browser, registry and other settings, and returns a complete log of everything it finds. From here, users can manually remove settings and other spyware components that might be missed by traditional anti-malware tools. This is all done from the HijackThis window, simplifying what would otherwise require digging through the registry and several other settings dialogs, and could ultimately take hours.
There is also a process manager that looks at all the programs and other files that are currently running on your PC, thus allowing you to quickly disable any offending processes.
Despite its intimidating interface, which returns confusing text-only results following a scan, HijackThis is relatively simple to use. Its no-frills approach means there are few options, buttons, or dialogs with which to contend. Simply launch the program, generate a log, and check off the boxes of the entries you want to remove. Thankfully, if you do remove something you shouldn't have, HijackThis offers a 'Backup and Restore' option under the 'Misc Tools' section.
What we don't like:
This isn't really a complaint, since HijackThis never pretends to be something it's not, but you should know that -- unless you're familiar with some of the more obscure settings of your PC -- you could do permanent damage to your OS with this program. It's strongly suggested that novice users post the generated log file to one of the many forums where more experienced nerds will gladly parse the results to find entries that should be removed. You can do this relatively easily by clicking "Analyze This."
There is an "Info on Selected Item" button, but the data it spits back at you is practically worthless.
Bottom line:
When other malware removal tools fail, HijackThis can step in and clear out stubborn infections. It's not for beginners, or for the faint of heart, but it certainly deserves a home in any geek's toolbox.
Source: Terrence O'Brien
Labels: HijackThis, malware removal, removal tool
Tuesday, May 11, 2010
New Windows malware bypasses most current antivirus apps
KHOBE could infect any Windows XP system
Researchers at Matousec have found malware that could potentially compromise nearly every Windows XP system using current antivirus software. KHOBE (Kernel Hook Bypassing Engine) takes advantage of the vulnerable System Service Descriptor Table to trick Microsoft's OS into accepting rogue code. It allows a safe code thread to be scanned by antivirus apps but immediately swaps in a thread containing a virus or other attack, giving the malware free rein.
Few antivirus programs today can protect against an attempt since they can't stop the switch after they've already examined what was believed to be the original code. Tools can screen for the content before it reaches the system and can block known malware, but any unknown viruses will automatically get access. Administrator rights also aren't necessary and could expose even limited Windows accounts to the threat.
The attacks won't work properly on Windows Vista or 7 systems, but as these are still in the minority, most computers worldwide are susceptible to a KHOBE virus. Modern, multi-core processors are actually more vulnerable since the hostile thread can be more readily kept separate from any inspection by antivirus tools.
Software developers like F-Secure and Sophos have pledged themselves to identifying the attacks and minimizing the risk, but the new vulnerability is currently a blow to the Windows environment, especially in developing countries where Windows 7 is still rare or unfeasible for the systems users can afford. Linux and Mac OS X systems aren't known to be vulnerable to this kind of attempt. [via ZDNet]
By Electronista Staff
Researchers at Matousec have found malware that could potentially compromise nearly every Windows XP system using current antivirus software. KHOBE (Kernel Hook Bypassing Engine) takes advantage of the vulnerable System Service Descriptor Table to trick Microsoft's OS into accepting rogue code. It allows a safe code thread to be scanned by antivirus apps but immediately swaps in a thread containing a virus or other attack, giving the malware free rein.
Few antivirus programs today can protect against an attempt since they can't stop the switch after they've already examined what was believed to be the original code. Tools can screen for the content before it reaches the system and can block known malware, but any unknown viruses will automatically get access. Administrator rights also aren't necessary and could expose even limited Windows accounts to the threat.
The attacks won't work properly on Windows Vista or 7 systems, but as these are still in the minority, most computers worldwide are susceptible to a KHOBE virus. Modern, multi-core processors are actually more vulnerable since the hostile thread can be more readily kept separate from any inspection by antivirus tools.
Software developers like F-Secure and Sophos have pledged themselves to identifying the attacks and minimizing the risk, but the new vulnerability is currently a blow to the Windows environment, especially in developing countries where Windows 7 is still rare or unfeasible for the systems users can afford. Linux and Mac OS X systems aren't known to be vulnerable to this kind of attempt. [via ZDNet]
By Electronista Staff
Labels: F-Secure, industry, Matousec, Microsoft, Security, software, Sophos
Wednesday, May 5, 2010
Improve malware removal routines with the help of this checklist
Eliminating malware requires a systematic process with no missed steps. This checklist will make it easier to do an effective, thorough job.
Malware removal is among the more frustrating tasks that support desks, network administrators, and IT consultants undertake. You must typically clean multiple machines simultaneously. Performed in a vacuum with no interruptions via e-mail, telephone, cell phone, and in-person contact, the process might prove manageable. Faced with endless distractions in the real world, however, the process often proves disjointed and inefficient.
A single simple form can help bring order to the chaos. Our free Virus & Spyware Removal Checklist will help you methodically isolate and remove virus, spyware, and rootkit infections.
The checklist begins by ensuring that you don’t forget to create image backups prior to troubleshooting. With an image backup stored on a secondary hard disk, you can work with a safety net. Since image backups duplicate user settings, configuration information, download files, email, and all user data, you can remove infections without fear of rendering a system unusable. In worst case scenarios, you can restore the image backup and continue attempting repairs, should a specific malware removal step smoke a system. Further, image backups safely store all user data and information on a secondary disk, which you can use to recover critical data and settings if a Windows reinstallation proves necessary.
Next, the checklist covers some critical steps that are easily overlooked — like verifying that the most current antivirus, anti-spyware, and anti-rootkit platforms are not only installed but have the most current signature updates.
If you tend to forget whether problematic entries revealed by Microsoft Autoruns for Windows were already reviewed and disabled, you’ll be able to tell at a glance. In addition, the checklist reminds you to delete problematic Windows System Restore Points, remove temporary files, and uninstall unnecessary and/or rogue programs. It also reminds you to create new Windows System Restore Points once repairs are complete.
If repair attempts fail to identify and remove malware infections natively (running removal efforts within the infected Windows environment), you can follow the steps for strategy escalation. Badly infected systems, or computers plagued with a particularly problematic infection, may require physically removing the hard disk from the offending system and connecting it to a test system specifically configured to isolate and sanitize slaved hard disks. Or you may prefer to clean stubborn infections using preboot environment or Linux boot disks that leverage BartPE, Knoppix, or similar recovery technologies.
Source: TechRepublic
Malware removal is among the more frustrating tasks that support desks, network administrators, and IT consultants undertake. You must typically clean multiple machines simultaneously. Performed in a vacuum with no interruptions via e-mail, telephone, cell phone, and in-person contact, the process might prove manageable. Faced with endless distractions in the real world, however, the process often proves disjointed and inefficient.
A single simple form can help bring order to the chaos. Our free Virus & Spyware Removal Checklist will help you methodically isolate and remove virus, spyware, and rootkit infections.
The checklist begins by ensuring that you don’t forget to create image backups prior to troubleshooting. With an image backup stored on a secondary hard disk, you can work with a safety net. Since image backups duplicate user settings, configuration information, download files, email, and all user data, you can remove infections without fear of rendering a system unusable. In worst case scenarios, you can restore the image backup and continue attempting repairs, should a specific malware removal step smoke a system. Further, image backups safely store all user data and information on a secondary disk, which you can use to recover critical data and settings if a Windows reinstallation proves necessary.
Next, the checklist covers some critical steps that are easily overlooked — like verifying that the most current antivirus, anti-spyware, and anti-rootkit platforms are not only installed but have the most current signature updates.
If you tend to forget whether problematic entries revealed by Microsoft Autoruns for Windows were already reviewed and disabled, you’ll be able to tell at a glance. In addition, the checklist reminds you to delete problematic Windows System Restore Points, remove temporary files, and uninstall unnecessary and/or rogue programs. It also reminds you to create new Windows System Restore Points once repairs are complete.
If repair attempts fail to identify and remove malware infections natively (running removal efforts within the infected Windows environment), you can follow the steps for strategy escalation. Badly infected systems, or computers plagued with a particularly problematic infection, may require physically removing the hard disk from the offending system and connecting it to a test system specifically configured to isolate and sanitize slaved hard disks. Or you may prefer to clean stubborn infections using preboot environment or Linux boot disks that leverage BartPE, Knoppix, or similar recovery technologies.
Source: TechRepublic
Labels: Adware Malware, Backups, Checklist, Cyberthreats, Infection, Malware, Microsoft Windows, Operating Systems, Security, Spyware, Viruses And Worms
Subscribe to Posts [Atom]