tECh Fr34k

We all ways hear about some malicious programs which finds its way into our machine and hell breaks loose. They literally create havoc leading to stolen passwords, infected executables and a lot more.There are so many of these malicious programs that these aint layman's terms, but will enlighten people so that they can do the necessary to prevent countermeasures.

Malware:
Malware is programming or files that are developed for the purpose of doing harm. Thus, malware includes computer viruses, worms, Trojan horses, spyware, hijackers, and certain type of adware.

But before we continue i would like to give a panoramical view of all its allotropic forms and their mode of action.his article will focus on those malware that are considered viruses, trojans, worms, and viruses, though this information can be used to remove the other types of malware as well.

General Nomenclature:

Adware:
A program that generates popups on your computer or displays advertisements. It is important to note that not all adware programs are necessarily considered malware. There are many legitimate programs that are given for free that display ads in their programs in order to generate revenue. As long as this information is provided up front then they are generally not considered malware.

Backdoor:
A program that allows a remote user to execute commands and tasks on your computer without your permission. These types of programs are typically used to launch attacks on other computers, distribute copyrighted software or media, or hack other computers.

Dialer:
A program that typically dials a premium rate number that has per minute charges over and above the typical call charge. These calls are with the intent of gaining access to pornographic material.

Hijackers:
A program that attempts to hijack certain Internet functions like redirecting your start page to the hijacker's own start page, redirecting search queries to a undesired search engine, or replace search results from popular search engines with their own information.

Spyware:
A program that monitors your activity or information on your computer and sends that information to a remote computer without your knowledge.

Trojan:
A program that has been designed to appear innocent but has been intentionally designed to cause some malicious activity or to provide a backdoor to your system.

Virus:
A program that when run, has the ability to self-replicate by infecting other programs and files on your computer. These programs can have many effects ranging from wiping your hard drive, displaying a joke in a small box, or doing nothing at all except to replicate itself. These types of infections tend to be localized to your computer and not have the ability to spread to another computer on their own. The word virus has incorrectly become a general term that encompasses trojans, worms, and viruses.

Worm:
A program that when run, has the ability to spread to other computers on its own using either mass-mailing techniques to email addresses found on your computer or by using the Internet to infect a remote computer using known security holes.

Phase I: The Infiltration:
There are umpteen number of ways by which they can enter your system.They can come via the internet, via sofwares downloaded by you, torrents,from dvd or cd etc. But the main thing is it is of no use unless it gets started just like a normal exe program. They reside themselves under the enormous windows registry by adding a configuration key( looks like a genuine program sometimes) and tries to replicate existing windows processes or creates new threads there by slowing your applications or making your machine crash. Unless and until they get added in the registry they cannot start along with your computer. So their first line of attack is

"Edit the entry and Start with Machine."

Now there are good news and bad news here. The bad news is in windows operating system there are different ways to make a program start which can make it difficult for the average computer user to find manually. Luckily,to aid us in this fiasco there are applications which allows us to cut right through them and recon the programs that get started automatically with windows.One such free and easily docile program is Autoruns by Sysinternals.
When you run this program it will list all the various programs that start when your computer is booted into Windows. For the most part, the majority of these programs are safe and should be left alone unless you know what you are doing or know you do not need them to run at startup.
You should download Autoruns and give a shot.Just run the Autoruns.exe and look at all the programs that start automatically. Don't uncheck or delete anything at this point. Just examine the information to see an overview of the amount of programs that are starting automatically. When you feel comfortable with what you are seeing, move on to the next section.

Phase II: Eradication phase:
This is the place for you to kick the ass of the malware and if you are having an trouble finding the odd man for you try googling it or by looking here
Once you have downloaded the culprit, do the following to eliminate it once and for all:

1.Download and extract the Autoruns program by Sysinternals to C:\Autoruns
2.Reboot into Safe Mode so that the malware is not started when you are doing these steps. Many malware monitor the keys that allow them to start and if they notice they have been removed, will automatically replace that startup key. For this reason booting into safe mode allows us to get past that defense in most cases.\
3.Navigate to the C:\Autoruns folder you created in Step 1 and double-click on autoruns.exe.
4.When the program starts, click on the Options menu and enable the following options by clicking on them. This will place a checkmark next to each of these options.

a)Include empty locations

b)Verify Code Signatures

c)Hide Signed Microsoft Entries
Do make sure you made these selections,else chances are high that the malware may not get terminated.

5.Then press the F5 key on your keyboard to refresh the startups list using these new settings.
6.The program shows information about your startup entries in 8 different tabs. For the most part, the filename you are looking for will be found under the Logon or the Services tabs, but you should check all the other tabs to make sure they are not loading elsewhere as well. Click on each tab and look through the list for the filename that you want to remove. The filename will be found under the Image Path column. There may be more than one entry associated with the same file as it is common for malware to create multiple startup entries. It is important to note that many malware programs disguise themselves by using the same filenames as valid Microsoft files. it is therefore important to know exactly which file, and the folder they are in, that you want to remove. You can check Startup Database for that information.
7.Once you have pin-pointed the malware you can delete the registry entry so that it will not get booted up on the machine start-up anymore.For that all you gotta do is right click on the trouble-making entry and select delete. That should kick it from your registry.
8.Now that its erased from registry, log into ur windows in normal mode and remove it completely by searching for it in the windows explorer. if you are unable to find it, then it may be hidden.Follow these steps for your operating system:
Finding hidden files
9. When you are finished removing the malware entries from the Registry and deleting the files, reboot into normal mode as you will now be clean from the infection.
Guess thats that. if you have anymore problems or issues kindly let me know and i will be obliged to be of some use for you.And if you like this post please add a word of thanks for the effort i did to write this blog all by myself .