So You Have a Virus …. Now What? – An End User’s Guide

December 13, 2016 | Views: 8085

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

The intention of this document is to help the end user (normal non IT professionals) with how to deal with a computer virus. While this is intended for the end user. IT professionals may find it useful for some tips or help with dealing with the everyday user that finds themselves in a bad situation.

So you have a virus, now it may have come from going to a site that you shouldn’t have been at, or opening an email link, maybe you downloaded some software that you shouldn’t have, it really doesn’t matter at this point other than 1) Avoid doing that in the future and 2) You have a virus and need to deal with it now. The worst thing you can do about it is not deal with it or tell someone so they can help you with it. Doing nothing puts not only yourself, but others at risk. As with a human virus a computer one will attempt to spread through the host and to others that I can come into contact with. If you are embarrassed, don’t be, people from all different industries and skill levels run into this at one point or another. The important thing is we deal with it now.

What kinds of viruses are out there? Common ones:

Malware: This is the type of nasty virus’ that typically affect user’s. Malware can do any number of things to your computer such as steal your passwords, change your browser home page, cause your computer to have advertisement popups, grant remote access to your computer, or any other number of terrible things. Questionable websites, illegal downloads, and emails with attachments (from people that you don’t know) tend to carry these types of files.

Ransomware: This is quickly gaining popularity. Ransomware will hold your computer and sometimes network ransom by encrypting your data making it unreadable until you pay up. Some particularly nasty variants will even have a countdown timer, deleting data until the ransom is payed off. The worst part of this is, that even if you pay the ransom, there is still no guarantee that your data will be unlocked and usable. The most common delivery method of ransomware is by attachments in emails. These emails tend to entice users to open the attachments, such as your credit card company supposedly sending you a bill.

Spam (phishing): (Pronounced fishing) is when the bad guys send out emails to various targets. These targets are not directly targeted. An example would be if a spammer harvested all of the emails from a forum or a Facebook group then decided to send an advertisement or an email that contains a virus. They may or may not be disguised as ecards, bank statements, a friend or co-worker, etc. Once phished however, you may have opened yourself to more spam, identity theft, computer hijacking, ransomware, etc. More information can be found here: https://www.cybrary.it/0p3n/anatomy-of-the-hack/

Spear Phishing: This technique is similar to the above, however the targets are picked out specifically. An example would be an attacker is trying to gain access to company “X”s payroll database so they research who the payroll staff are, what bank that the company uses, etc. They then spoof an email from that particular bank asking a member of the payroll staff by name to look over the new terms of service that has to be read and accepted before the next payroll date adding in a pdf file that contains a malicious file or even doing something as simple as to ask the person to verify their login and password for the bank, because they have recently updated their servers.

Scareware: Scareware is one of the nastier types of things to get if you are somewhat non technical since it’s designed to prey on people’s fears. The easiest example to give of this type of virus would be the image below:

new_fbi_greendot_moneypak_virus

Here you were surfing the web, then all of a sudden you see this message! You aren’t able to close it, it has the FBI’s seal on the page and it states that you have violated federal laws, going so far as to cite exactly which one you violated. In fact they even logged your IP address and cited that you were viewing child pornography! Of course you are innocent, but this notice says that they have the evidence against you and you can face 4 to 12 years in prison!  Worse yet, you only have 72 to pay the $200 fine. Pay $200 or face 4 to 12 years in a federal prison with child pornography charges? Where do I send the check to? As you can see below on the image they conveniently outline several places that you can get a MoneyPak to conveniently pay your fine quickly and easily.

While the above may seem sort of funny, this was a very big scam that hit a couple years ago big, and still makes the rounds. People were getting legitimately worried seeing this. Also keep in mind, if you broke the law the FBI or the police are not going to send you a notification on your computer asking for a MoneyPak, Western Union or other similar methods of payment. They simply will showup at your doorstep, send a fine though mail, or send a subpoena for you to show up in court.

The other scareware that is common is anti-virus scams/scares telling users that they are infected.

fake_virus_warning_message

But why do people make viruses?

Viruses are created for a variety of reasons, mainly dealing with personal gain. A person can potentially steal your bank account information,  identity, files, sometimes they are just looking to be malicious.

Typical methods of infection:

Email: A popular method of infection is right through your email. Spam, phishing, “Happy birthday” emails, emails with attachments and links can contain malicious code.

Downloading illegal software/movies: Often times downloading illegal software or movies people will package a virus in the file(s).

Questionable sites:  Adult sites, hacking sites, and other questionable sites with popups can contain malicious code. Sometimes simply trying to close those aggressive popups or even clicking an image on the site can deliver a virus to your computer.

Add-on software: Add-on software are programs that attach themselves to a program that you are trying to install. The program in itself may be legitimate, however often times, you will see additional programs, toolbars, etc that want to install themselves when you install your main program. Sometimes these programs themselves can contain malicious code or even poor code leading to viruses.

USB: This is one of my preferred methods of infections when I do pentesting. Plugging in a random USB drive that you find laying around can easily contain a virus. Even though computers typically no longer allow autorun, there is a newer threat that will emulate a keyboard (BadUSB and USB Rubber Ducky for example) and execute commands given by the attacker.

Rogue Wi-Fi hotspots: Wireless hotspots are great for saving your data and potentially giving you a faster connection, unless of course you’re connecting to a rogue hotspot. Say you are at Starbucks for example and you want to connect to their wireless. You look for the hotspots and see Google Starbucks” and Google Starbucks hotspot”, connecting to the wrong one likely means that you are connecting to someone’s rogue access point that they created hoping to get bank account information, login information, etc. Be careful when connecting to open hotspots. Only connect to those that you trust, if you are unsure if a access point is correct, then ask an employee. Also using a VPN can help keep yourself and your internet traffic safe and secure.

Great, I have a virus now what?!

Virus at work:

  • If you have a virus at work and your work place has outlined a protocol for this type of situation follow that first.
  • If no guideline exists, contact your IT department for instructions.

If neither is an option:

Ransomware:

  • Do not attempt to delete the infected file, wipe out your system, or do a system recovery. Some ransomware you can use the infected file to extract the key. Sign out of any logged in programs or sites, disconnect your computer from the network, and power down. Contact your IT department and alert them to the issue. Also let the know how you think you were infected. Sharing this knowledge may help this virus from spreading and being opened by someone else.
  • Your IT department may be able to restore your files and the network files (if they were affected) with a backup if need be.
  • If the ransomware was from an email notify your IT department so they may determine next steps

At home:

  • Log out of any programs and sites
  • Disconnect your computer from your network
  • If you are able to determine what ransomware you were infected with there may be a unlock tool out there to try. From another computer download the unlock tool and try. http://www.majorgeeks.com/mg/sortdate/ransomware_removal.html
  • If you are still unable to remove the virus consider finding a reputable company to remove the virus. If you are able to function without your files do a full restore of your computer.
  • If the ransomware was from an email, notify your email provider and move the email to your spam folder.

Phishing/Spear phishing/Spam:

  • If you are at work, contact your IT department for instructions. They may have a particular procedure that they need to have you follow in order to stay within compliance.
  • As a home user (If you opened the link and/or file in the email):
    • If the email client that you are using supports it, sign out of all devices
    • For Gmail users, run though the security check (available by clicking your profile and viewing your account). Verify the machines that were used to sign in are yours and verify the plugins that are associated with your account.
    • Clear your browser cache
    • Change your password ( tips: https://www.cybrary.it/0p3n/passwords-things-users-tape-monitors/ )
    • Update your anti-virus and perform a full virus scan
    • Contact people on your contact list to be sure to be on the lookout for any odd emails from you and do not open them
    • If the email is posing as a business (like your bank) inform them, along with the email address so they can follow up
    • Move the email to your spam folder

Scareware:

Additional tips:

  • Periodically check https://haveibeenpwned.com/ to make sure your account(s) have not been compromised
  • If you have a URL that you are unsure if it’s safe or not test it at: https://virustotal.com/ (URL tab) the link will be checked against 68 different security sites
  • If you do not currently have an anti-virus solution, there are several free ones out there: AVG, Sophos Home, Avast
  • When browsing the internet always try using a secure connection by replacing http with https. Most browser’s app stores will have free programs that will, by default add this in for you.
  • Be sure to clean out cookies, and browser cache files or brows in private mode
  • Always sign out of browser pages (email, banking, social media, etc). Do not just click the browser closed. Failure to do this can lead to your accounts being hijacked.
  • Be sure to update your browser, plugins (like java), and your operating system (Windows, Apple, Linux)
  • For Google try running the security check
  • Consider enabling 2 factor authentication for your email. 2 factor adds an additional layer of security to your account.
  • Always choose a hard to guess password, try to keep different passwords for different sites. For more tips:
  • https://www.cybrary.it/0p3n/passwords-things-users-tape-monitors/
  • Don’t just protect your computer, smartphones and tablets are just as vulnerable and a highly desired target also. For more tips: https://www.cybrary.it/0p3n/smartphone-apps-what-am-i-downloading-anyways/
  • Don’t open emails from people that you don’t know
  • Don’t open attachments from people if you are not expecting one (verify with them before opening)
  • If you find a spam email, move it to the spam folder
  • Consider using a keyword with friends and co-workers. Telling someone to add in a keyword into the subject line such as “bacon” to signify that  there is an attachment can help ease your mind and increase your email safety. Chances are, a typical or automated spammer wouldn’t know to add a keyword to their spam attempt
  • Do not plug in unknown USB devices into your computer
  • On emails be sure to verify the sender’s identity beyond just the name:

https://www.cybrary.it/0p3n/anatomy-of-the-hack/

  • Need to cleanup your online presence? Try: https://www.deseat.me/
  • Above all, be vigilant. You don’t have to be afraid to be online, just aware.

 

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
8 Comments
  1. Loads of very helpful information, thanks. SAVED.

  2. Awesome! This is very helpful.

  3. thanks this is very helpful

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel