IT Security

Dealing with Viruses and Malware

Is your computer infected or “hacked”?  Here are some signs that your machine may be compromised.

  • Check to make sure your Virus Scan is running and up to date.  Many malware packages will prevent your virus scan from updating or running so your machine will be unable to disinfect itself.
  • Run Windows Update.  Microsoft provides tools to clean off some infections and installs patches to prevent future infections via Windows Updates.  If the updater does not run or the updates do not install you may have malware.
  • Determine if your computer is running at its usual speed.  If you computer has recently slowed down and you haven’t made any changes (including installing software) it may be infected.  Malware often runs in the background and hogs your computer’s resources.
  • Try to do a web search and see if you are redirected to a site that you did not intent to visit.  Often malware will redirect your web searches to advertising sites.  Sometimes even if you manually type in the correct url or use a bookmark for a site you will be redirected.
  • Open a new browser window and verify that your normal home page comes up.  Malware will often change your home page to a different site.  It can even prevent you from switching it back to your normal page.
  • The web browser gets lots of pop ups.  You may even see ads even if you are not connected to the internet.  Malware writers often make their money by forcing you to look at ads.  If it seems like you are seeing more ads then normal your machine may be infected.

If you believe your work computer is showing any of these signs contact the IT group.

What do you do if you think your home computer is compromised?

Install or update your antivirus.

If you do not have antivirus installed on your system, or if the antivirus you have is a paid product that the subscription has run out install the University’s version.  U of M provides free antivirus software for all full time faculty and staff members on their personal computers.

  • If you have a Windows computer go to:
    http://virusbusters.itcs.umich.edu/ and download the McAffe Antivirus.
  • If you have a Macintosh go to:
    http://www.itcs.umich.edu/bluedisc/ and download the Sophos Antivirus.
    Generally you can tell your antivirus product to check for updates by right clicking on its icon in the menu or task bar.  Make sure it is fully updated.

Once you are certain that you are running the newest version of the antivirus with all the updates have it run a full system scan.  This may take some time so run the scan when you can leave the computer for a few hours.  The antivirus software should automatically scan your computer, but the automatic scanning may not be occurring if your computer is turned off or asleep at the time of the scan.

Visit the University of Michigan’s Safe Computing Website. 

http://safecomputing.umich.edu

Once you navigate to the Safe Computing Website click on Faculty and Staff.  This page is a good reference on what is currently affecting computers.  It can help you figure out if you are infected with the newest threats and if you are infected it will give you the steps you need in order to correct the problem.

Install a free Anti-malware product and run it.

If you believe your machine may be infected by malware install a free anti-malware product.  There are several excellent free products you can use to clean your computer.  These companies provide a free demo in order to encourage you to purchase their premium product.  The free version cleans up malware and the paid version attempts to prevent future infections.

Currently our preferred anti-malware products are Malwarebytes Anti-Malware and Spybot Search & Destroy.  To download these go to CNET’s download.com and search for either product.  Try Malwarebytes first as it is one of the few products that work on some of the most difficult malware products to remove.

I did all the steps above and it didn’t seem to fix my problem.

Sometimes malware or viruses can only be removed from Windows Safe Mode.  In order to boot into safe mode hold down the F8 key while booting.  If your software is fully updated choose the Safe Mode option.  If you will need your network connection to update the antivirus or anti-malware choose the Safe Mode with networking option.  Rerun both the virus scan and the malware scan.

From a non-infected machine search the web for the symptoms you machine is exhibiting.  Some malware will prevent you from finding the sites that would let you know how to remove it.  Doing these searches from an uninfected machine may give you better results.

If your machine is running slow, but otherwise seems to be acting normally you may be having an issue with Microsoft Indexing.  Indexing allows you to search for information such as text within documents or properties.  Indexing sometimes can slow your machine down so much it seems like it is infected.  If this is your problem you should see the speed of your machine return to normal as soon as you turn it off.  You can always turn the feature back on if you need it later.

In order to turn off indexing follow these steps:
  1. Left click on My Computer
  2. Right click on your hard drive
  3. Left click on Properties
  4. Click on the general tab if it is not already selected
  5. Click on the check box next to “Allow Indexing Service to index this disk for fast file searching” which should disable the service.
  6. You may need to repeat this if you have additional hard drives.