Malicious software: how to recognize, remove, and prevent malware

Malware comes in many forms: the unwanted programs can surface as pathogens, spies, or remote controls in computers. Whether it’s a virus, spyware, or a Trojan horse, this harmful software should be kept well away from your computer. What are the different types of malware? We show you how to protect yourself from them and what steps to take if your computer or webspace are affected.

Programs that intend to cause damage are known as ‘malware’. Most users refer to these programs as viruses, but this doesn’t show the full extent of these harmful programs: a computer virus is actually a type of malware and can differ from many other types.

Computer worm

Worms reproduce too, spread more actively than viruses, and don’t depend on other files. Computer worms use networks or removable media to gain access to other systems and usually need a program to aid them in this task. Worms that spread through e-mails use the user’s e-mail program to send themselves to all contacts in the address book. Worms, just like viruses, can damage the system and are often used to gain secret control over the computer. They are the most common types of malicious software.

Trojan horse

A Trojan horse, or simply ‘Trojan’, pretends to be a useful and safe application at first so that it can access a computer’s system (just like in ancient mythology when the Greeks used the wooden horse to enter the city of Troy). They perform functions that are mostly hidden from users. Trojan horses can carry out lots of harmful actions such as monitoring a computer’s data traffic. Some of them copy information or files and send them on while others execute specific tasks on the computer and change or install new software (mostly other malicious software such as spyware or adware). Trojan horses can even be controlled remotely (through a backdoor function), which gives other users the chance to hijack the computer for cybercriminal purposes.

Adware

The word ‘adware’ is a contraction of ‘advertisement’ and ‘software’ and it works by inserting advertising into programs. It is often included in free software and is mostly legitimate, but can be dangerous if it makes any changes on the system or to the browser settings without permission, or shows pop-ups or fake websites.

Spyware

This software is used to uncover user data and send it to the creator or a third party with the user completely unaware that their behavior is being recorded. The information obtained by the spyware is often evaluated for commercial purposes so that tailored ads can be shown, for example.

Since spyware and adware don’t cause any direct damage, these kind of programs fall into the ‘greyware’ category. Greyware can also affect the performance and security of your computer.

Scareware

These aim to scare and unsettle the user by displaying fake warnings about malware detected on the computer. If, at the same time, a fee-based software is advertised claiming to be able to remove the alleged malware, this is known as rogueware or rogue security software. If the user then buys this supposed useful application and installs it, even more malware will usually appear on the computer.

Ransomware

This extortionate software goes one step further than scareware: ransomware blocks access to a computer’s operating system or blocks important files. In order to have the block lifted, the program demands a ransom payment.

Backdoor (also known as trapdoor)

This is more a function rather than an independent program. Part of a software is known as backdoor when an external user gets access to a computer. This happens without the rightful user knowing.

Remote access is often exploited in order to carry out denial-of-service attacks, which is when internet services are paralyzed, or send spam e-mails. Backdoors may be installed by Trojan horses, worms, or viruses.

Certain software helps to protect your computer, but it’s your responsibility to make sure your computer doesn’t become infected with malicious software. There may be software-based protection measures, but you need to make sure you’re aware of the proper guidelines on internet use.

Software-based prevention

To make sure that your system is basically immune from malicious software, the following software should be present on your computer:

• A current and tested antivirus program: an antivirus software (also shortened to ‘AV’) runs constantly in the background and helps protect your computer against any known malware. It needs to be updated regularly so that it can recognize as many different types of malware as possible. Windows operating systems include an AV program: Microsoft Security Essentials (Windows, Vista, Windows 7) or Windows Defender (Windows 8 and above). There are many tested antivirus programs available for free such as software from Avast, Avira, and 360 Total Security. The program are available in different versions; for Windows as well as Mac and Android operating systems. Another well-known and free antivirus solution for Windows is the Panda Free Antivirus.
  
  The terms 'antivirus' and 'antivirus program' are quite misleading: of course, you can protect your computer from viruses and remove almost every kind of virus (or at least get tips on how to go about removing it). This also applies to worms, Trojans, and other forms of malware. This means therefore that antivirus software protects your system from further malicious programs and not just computer viruses as well as helping to remove various malware. This is why ‘anti-malware software’ is often mentioned in this context.

• Active firewall: your firewall needs to be turned on in order to protect your computer from undesired network access. A firewall is an integral part of many operating systems, including Windows.

• The current version of your operating system: malware often takes advantage of gaps in security to access your computer, but regular updates will ensure any gaps are closed. Make sure that your operating system is always up to date; you can even set your system to carry out updates automatically.

• Current versions of your programs: continuously update your software, especially ones that connect to the internet. Outdated versions of web browsers, Java, Flash, and other applications often have security gaps where malicious programs can gain access to your system.

Often, it’s just a careless browsing mistake that leads to malware ending up on your computer. Just by following a few guidelines, you can reduce your chances of becoming infected:

• Only accept programs and files from trusted sources. Software and updates should always be downloaded from official websites or, in the case of freeware or software, from reputable and well-known download portals.

• When installing new programs, make sure that you don’t accidentally install any unwanted programs.

• Don’t open e-mail attachments and links from unknown senders or click on any messages with dubious subject lines.

• Don’t click on any old advertisement, banner, or pop-up. Especially avoid links advertising special offers, coupons, or any other questionable deals.

• Be cautious with sensitive data such as bank details, login information, and passwords.

• Save backup copies of all your important data externally in case your computer does become infected with malware, and this can only be rectified through formatting the system.

If you suspect that malware has found its way onto your computer, you need to take appropriate action immediately. There isn’t a general procedure you can carry out to eliminate malicious programs, but with a little online research you can find out about the symptoms of an infection and find a tried and tested solution. This research shouldn’t, of course, be carried out on the infected computer – take it offline immediately and shut it down before the malware causes even more damage.

Remove malicious software from your computer with the help of an antivirus program

If you suspect that there’s malware on your computer, you should proceed as follows:

• Start your computer in safe mode (malicious programs aren’t loaded in this mode). In Windows, press the F8 key repeatedly when booting the PC to access the boot menu. Here select ‘Safe Mode with Networking’ because you need internet access to carry out the following actions.

• The next step is getting your antivirus program to check the whole computer system. Make sure that you have the newest version and update it if necessary. Antivirus software can only recognize and remove known malware, which is why an antivirus program never provides complete protection. Certain infections are able to hide from antivirus software.

• In addition to the antivirus software that you’ve already used, you should now re-examine the whole computer with a more specific anti-malware software. There are many free programs and trial versions of fee-based software that are specialized in the removal of malware e.g. Malwarebytes Anti-Malware and SUPERAntiSpyware Free Edition. A reliable malware detection program is the Microsoft Safety Scanner. With the ESET Online Scanner and the Bitdefender Quick Scan, you have various tools at your disposal that don’t require installation. If you have unwanted adware programs or toolbars in the browser on your Windows PC, the AdwCleaner can help.
  
  Some antivirus programs offer various extensive malware scans – a quick scan usually takes about 20 minutes with a complete inspection taking around one hour. Any malware found  can be removed at the end. After restarting the computer, the program should show that your system is fully protected.

Remove malicious software from your computer using an emergency system or formatting

A more expensive, but foolproof solution is emergency software like the Kaspersky Rescue Disk, the F-Secure Rescue CD, or KNOPPIX. The programs can be downloaded for free and copied as a bootable ISO format on a removable storage device. Before your computer starts up, the emergency software performs a malware check and removes anything dangerous. If your computer is very badly affected by malware, it won’t even start so these emergency systems are the only solution to get your computer back up and running.

If the computer is still experiencing problems that can be traced back to malware, you have two options: you can either contact an expert for their help, or you can continue to tackle the problem yourself by backing up your personal files, formatting all hard drives, and re-installing the operating system. Formatting is definitely the most complex approach in combatting malware, but it’s also the most secure method since some viruses plant themselves deep in the system or install other malware which might not have been picked up during the scan.

Safety measures for web hosting

With the following precautionary measures, you can protect your website against malware:

• Encrypted webspace access: instead of using normal FTP access, use FTP over SSL (FTPS) or SSH File Transfer Protocol (SFTP). Your online storage space will be better protected if it’s encrypted.

• Secure usernames and passwords: ensure you choose unique passwords and make them as complex as possible (it should ideally be made up of more than eight characters and contain upper and lower case letters as well as numbers and/or special characters). Your username should also be unique; don’t just stick with generic usernames like ‘admin’.

• Two-factor authentication: a two-factor authentication for the registration process can be added to many content management systems and other programs. This is possible with WordPress and Joomla! using the Google Authenticator. In addition to username and password, a further password is required, which is similar to the mTAN generation process in online banking. You usually receive this code via a smartphone app. This extra step in the log in process increases the security of your login.

• Up-to-date CMS and additional software: security gaps in old versions of content management systems can be an access point for malicious software to infiltrate. You should, therefore, always make sure to use the most stable and secure version of your software – this also applies to plugins, themes, and other extensions and programs that you use for your website.

• Backup copy: regularly create backups of your entire website, including the database, and save it on a local hard disk. If your website becomes infected by malicious software, you can restore everything using the backup. It’s not recommended to leave the backup solely on the webspace since everything placed there is at risk of being infiltrated.

Removing malicious software from your website or webspace

If your website has been hacked and is now infected with malware, you should take it offline; an infected website often serves as a transmitter of malicious software and infiltrates the computers of those visiting the website.

If you haven’t been informed about the infection by your website provider, you should tell them yourself. Hosts can often help you with the removal of malware. You can also take these few steps by yourself to ensure that your web server is secure again:

1. Check your computer for malicious software: you need to rule out that your computer is causing the problem. To do this, examine your computer as described above and make sure it’s cleaned of any problems. Do this with all computers connected to the webserver via FTP.
   
   
2. Change all passwords: it’s likely that at least one of your passwords was cracked. Therefore, you should change all access codes associated with your server and the hacked website. This includes passwords for FTP access and the administration area as well as passwords for the site’s database, for all website users, and for SSH access (if available).
   
   
3. Find the damage and repair it: Google Search Console (originally known as Google Webmaster Tools) is a well-known tool that can detect when a website has a malware infection. For this, you need a Google account (available for free). This service scans websites for any malicious software and then provides assistance to help solve the problem. You can alternatively locate the website’s infected files yourself, but this needs some know-how.
   
   
4. Use the backup: once you’ve located the infected files, replace them with uninfected copies from a previous backup. To ensure that malware has been removed, you must delete the entire page, carry out a reinstallation, and insert all website files from the clean backup. If you don’t have a backup copy or the one you do have is infected as well, your host can possibly provide you with an old version of your files.
   
   
5. Remove your website from blacklists: search engines like Google and Bing put websites on a blacklist if they’re infected with malware. Sites found on Google’s blacklist either drop in the search results or are removed completely. When you’ve got rid of all the malicious programs, you should contact the major search engines as soon as possible and ask for your site to be reconsidered. For Google, you can again use the Search Console and for Bing, the Bing Webmaster Tools.

If you’re unsure whether you can fix the damage independently, you should contact an expert. To ensure both your visitors and search engines like Google are satisfied, you first need to have a completely secure site.

Malicious programs lurk in many corners of the internet. Malware can potentially affect anyone and cause considerable damage, which is why it’s of the utmost importance to ensure you have adequate prevention measures. Besides using special programs and keeping the software up to date, you also need to be wise and use the internet and related applications carefully. Take care when surfing, using web applications, downloading files, and opening e-mail attachments. There is no entirely foolproof method of protection and even the most vigilant of users can fall victim to malware. Removing malicious software is well worth the effort: only a malware-free system can offer you the security and performance that you’re entitled to.