How to protect from virus Infection
FIRST AND FOREMOST: BACK UP YOUR CRITICAL DATA! External hard drives are dirt CHEAP! Windows 7 has a built in "create system image" feature that makes it easy to create a backup of everything. Go to Control Panel, then Backup and Restore, then look for "create system image" on the left side. Another alternative is Easus Todo, a free imaging software. Then once your computer becomes infected you can restore your computer to its old state (at the time that you created the image backup).
1 ) Always use a firewall (which comes standard on Windows XP, Vista and Windows 7) to block hackers and malicious software. Routers offer a second line of defense firewall. How do you know if Windows firewall is on?
START > Control Panel > Security Center > Manage settings for: Windows firewall > General tab > ON
2 ) Keep the Windows operating system current because Microsoft is constantly making fixes to protect from hackers and viruses. If your machine has all of the latest updates then the latest version of Internet Explorer would have been included. I have personally tested Internet Explorer 7 and it is extremely vulnerable to being "hijacked". Only use the newest Internet Explorer version or Firefox.
(Windows XP) My Computer > right click "properties" > "Automatic Updates" tab > Automatic [recommended]
(note: Windows 2000 does not offer automatic updates. For Windows 2000 visit update.microsoft.com and manually download and install updates OR from the Internet Explorer browser click Tools tab > Windows Update)
3 ) Install and run real-time antivirus software and keep it current (not expired).
Constantly look to download the latest antivirus definitions if the software doesn't do this automatically. Run a SHORT scan of your computer as often as you can (hopefully once a month or so). Keep in mind that a virus may get onto your computer BEFORE a fix is written, then it's up to you to scan your computer to get it off soon before it invites more viruses onto your computer or does more damage! Microsoft Security Essentials notifies you in the "notification area" (bottom right hand corner) as the little tent icon turns from green to yellow.
Real-Time anti-virus software protects your computer AS you surf the internet, and AS you download emails. You don't need to PAY for anti-virus software to fight "malware". There is trusted freeware that will keep your computer protected real-time. PCR recommends using Microsoft Security Essentials.
Microsoft Security Essentials - This FREE real-time anti-virus software was released in late 2009. It doesn't have to be "registered" and no pop-ups will try to sell you a "subscription renewal". I have personally tested Security Essentials and it has identified viruses that other AV software missed.
Avast is another popular alternative that is FREE, although DO NOT EVER be tricked into paying for this software, even after their 1-year "trial".
Caution: Do NOT run more than one real-time anti-virus software program at the same time, as this can cause both programs to "fight" with each other. For example if you still have an old expired version of McAfee or Norton anti-virus running on your computer then you would uninstall it and then run Security Essentials. Note: it's OK to run additional NON real-time software programs on your computer, such as Malwarebytes' free version.
Warning: No antivirus software is guaranteed to be 100% perfect. Most antivirus software is about 90% to 97% effective at identifying viruses. This is why it is important to do MORE than just use antivirus software. You need to know what to look out for. Follow the steps listed below.
4 ) Beware of peer to peer programs like LimeWire, uTorrent, Bittorrent, Morpheus, etc. which are major vehicles for transmitting malware.
5 ) Install "Sandboxie". It adds extra protection against viruses. Once installed, a new shortcut to your Firefox browser will be placed on your desktop. Always use THIS NEW shortcut to surf the Internet. It should look like this....
Then if your computer ever becomes infected with a virus (such as a "fake alert" scanner virus) you simply launch the Sandboxie control panel and delete the contents of sandbox and start over. This sure beats reinstalling Windows or spending hours removing the virus! The only downside to SandBoxie is that it is confusing for most users. That's why you should watch a few YouTube videos about SandBoxie first.
6 ) Install the Firefox add-on NoScript. You must use Firefox to be protected by NoScript. Once installed, when you visit a webpage that has scripts (when may or may not launch viruses) you can decide whether to allow or disallow them. Keep in mind that even every day sites like Facebook use scripts. Blocking certain scripts will very often block legitimate web page content. If and when you visit a suspicious web site that you think may contain a dangerous script (which may install a virus on your machine) NoScript blocks that script so that you can simply navigate away from the page. Antivirus software is only about 95% effective, so NoScript is an added line of defense against viruses that picks up when antivirus software might fail. The downside is that NoScript is dependent on you the user knowing what web page or script to say no to.
Once installed, each time you visit a new web page that detects scripts, you will see an options bar appear below your Firefox browser,
with an "Options" button located in the bottom right hand corner. The "Options" bar will continue to appear until you click "Options" to allow or disallow each script. For example when I tested visiting www.NFL.com I had to click the "Options" button 4 times to accept 4 different scripts before the "Options" bar finally went away. The important thing to remember is that you do NOT have to click to accept or deny each script when the "options" button appears. If you see all of the web page content that you need to see then just ignore the "options" button.
If you are still having trouble figuring out how NoScripts works, there are several YouTube videos about it that various people have posted. Give NoScripts a chance for a few weeks and you'll get used to it.
NoScripts in not a program. It is a browser add-on, which means that you will not find it under XP's "Add Remove Programs" or Vista / 7's "Programs and Features". If you decide that you don't like NoScripts you can disable or uninstall it by going to TOOLS > ADD-ON'S
BEWARE OF ANY FILE THAT ENDS IN .exe
7 ) Beware of emails that lure you into opening an attached executable file or link to an executable file. Executable files have the .exe or .js or .jse or .vbe or .vbs or .wsf file extension. Example: "Blaster.exe"
For example you may click a link that says "Remove Me" thinking that you will be removed from the email spam list. However, clicking the link may spread a virus or worm or install adware on your computer.
Beware of links to sites that appear legitimate such as a link to a familiar site such as "www.Microsoft.com" when in fact clicking the link executes a script that is embedded in the email message.
How do you know where a link leads to without clicking it? Hold the mouse arrow over the link (without clicking it) to view the true destination of the link.
For example I can post a link on a web page that says www.microsoft.com (it's OK to click the link) that in actuality goes to a completely different web page (it goes to the NBA's official site).
If someone wanted to they could make www.microsoft.com link to anything including to download a .exe virus file. Fortunately Windows will first ask you if you want to install the .exe file.
Anything that you click could be a link to download a virus. For example I could say "Click the button to play the music"....
Instead I have create a link to a .exe file. Don't worry it's just a link to download C Cleaner, a legitimate program.
The same thing is possible with emailed links. In this second example (using Mozilla Thunderbird) the true location of a link that I have merely held my mouse over (without clicking) is displayed in the bottom left hand corner...
Don't be fooled: An attached file sent via email may be disguised with a file name of "CutePicture.jpg". In reality such a file may NOT be a jpg image file at all, but rather a virus titled "CutePicture.jpg.exe". The only way to actually display the FULL .exe file extension is to set your Windows "folder options" so that script file extensions are displayed by default...
My Computer > Tools tab > Folder Options > View > uncheck "hide extensions for known file types"
Then beware of files with the .exe or .js or .jse or .vbe or .vbs or .wsf file extension. In particular beware of .exe files. These are "executable" files that run programs that could launch viruses.
IMPORTANT TIP: Set your computer to display "file extensions". This will help you identify executable files so that you don't accidentally install a virus on your computer. Examples of "file extensions" are highlighted in purple: mypicture.jpg webpage.html evilvirusprogram.exe
START > Control Panel > Folder Options > "View" tab > "Advanced settings" > check the "show hidden files folders and drives" radio button
Here's an actual example of an emailed virus that has been disguised as some sort of attached UPS tracking information document. The sender shows an @ups.com email address, but in reality this email was NOT sent from UPS. The bad person who sent this email simply entered infoad22@ups.com in their email account settings. Also note the grammatical errors, a sure sign of a hoax.
8 ) Setting Internet Explorer for optimum security
Pop-Up Blocker - You may or may not wish to block annoying pop-up windows. Just beware that when the pop-up blocker is turned on, it may prevent you from downloading or viewing something, so be prepared to turn pop up blockers on and off as needed if you choose to use it.
To control pop ups using Internet Explorer 6 or later:
"Tools" tab > Pop-up Blocker > then turn on or off.
To control pop ups using Mozilla FireFox:
"Tools" tab > Options > "Content" tab > check or uncheck "block pop up windows"
9 ) What local email program to use?
If you use a local email program (rather than offsite email) the MicroSoft Outlook and Outlook Express email programs are more vulnerable to viruses (simply because authors of viruses target MicroSoft mail programs because they are more widely used). Qualcomm Eudora and Mozilla Thunderbird are less vulnerable email programs simply because they are less used, and therefore they are less attractive targets of hackers who release viruses.
10 ) What Internet browser to use?
The Mozilla Firefox browser is considered by some to be less vulnerable to viruses simply because more hackers are busy writing code to attack Internet Explorer.
As a side note: if your hard drive ever crashes, Firefox's stored passwords are easily recoverable and can be migrated to your new computer. Saved Internet Explorer passwords are encrypted and you must have previously exported a "key", otherwise your Internet passwords will be lost in the event of a permanent hard drive crash.
The downside of Firefox: Beware that some websites don't work well with Firefox. For example if you try to register an account to "join" some websites, you may never get a confirmation email. Simply re-register using Internet Explorer.
11 ) Consider using a restricted Windows "user" log-on account while surfing the Internet.
This can help to keep certain viruses off your computer, as viruses may require administrator level privileges to install themselves and do their damage. For most people this may be just too much of a hassle and too constricting, but this might be a really great idea for when kids surf the Internet or if you are surfing unfamiliar websites.
START > Control Panel > User accounts > Create a new account > [then give the user the least amount of privileges]
Once set up, you would use this user account for surfing the Internet.
12 ) Don't save your credit card number online.
Many reputable sites give you the option to save credit card numbers online to make future purchases easier. However, if the company's database is ever successfully hacked, your information could be exposed. Just re-enter your numbers with each transaction.
BEWARE OF VIRUS ALERT WEB PAGES
13 ) Use the keyboard keys Ctrl + Alt + Delete to close out pop-up windows that won't close and/or to exit website that "can't be exited". Clicking either the "X", the "remove all" button or the "cancel" button will only trigger a virus installation file ( that ends in .exe ) to download.
ABOVE: this is a snap shot image of a hijacked web page that is disguised to look like some sort of built-in function of Windows. It is not. It's a web page that is trying to lure you into unwittingly installing a virus. One of the tell tale signs of these hacked web sites is the bad English. See if you can pick out at least 6 grammatical errors. Additionally there's just plain bizarre language such as "it's creator" and "all that data". Clearly this was not written by Microsoft.
When you come across these hijacked web sites, understand that your computer is NOT YET infected with a virus. It's just a web page. The bad guys want you to click either the "X", the "Remove all" or the "Cancel" button. It doesn't matter which one you click. Either one will ask you if you want to download a .exe file to your computer. Clicking the "X" to close out your browser or clicking the "go back one page" arrow on your browser won't get you away from this web page either.
So how do you exit this hijacked webpage?
I recommend physically unplugging your Ethernet cable from your computer, then pressing the Ctrl, Alt, and Delete keys simultaneously, then under the "applications" tab click "end task" (in this example below my browser is FireFox)...
Beware of a new breed of phishing sites that sell DIRT CHEAP downloadable software
I've seen some new sites popping up with ridiculously low prices on software that is downloaded. The vast majority of the software sold at these sites is not even supposed to be available for download ANYWHERE! Two of them I've identified have the .ws (Western Samoa) domain extension and are actually hosted in places like Moscow and Latvia. Sometimes they try to trick you into thinking that they are based in the US by having mention of a customer service team that is open during Mountain time zone hours or other US time. One of the tell tale signs that these sites are fraudulent is the grammatical errors and just plain bizarre language seen in their "terms and conditions", "FAQ", and "privacy" pages. Example: "We'll take no responsibility for any your action."
These sites may actually provide you with actual software to download, however the software is pirated and illegal. Don't be lured by the low prices. They will fraudulently charge your credit card later in time when you least expect it.
Beware if you are prompted to install a Flash Player, Flash plug-in, or other software in order to play a video on ANY website
This is especially true if you can already watch videos on YouTube without any problem. The newest way that the bad guys get you to install viruses on your computer is to trick you into thinking that a video won't play because you don't have the proper Flash Player or Flash plug-in installed on your computer. This can happen when visiting even ordinary sites such as Facebook, or sites that mimic familiar sites -- check the URL to verify if the site is really what it appears to be...
example: http://www.youtube.com/watch?v=vRXgpR2lzo4 is really hosted by YouTube
example: http://youtube.2468975.com is not YouTube
Installing what appears to be an "update" may instead install a virus on your computer. It may have a legitimate looking file name such as "Flash_Plug_In" or something to that effect. Once you click to install it, your computer becomes infected with a virus.
This image from an actual infected website looks like a QuickTime or Flash movie, but actually it's just a picture with a link to a .exe file that contains a virus...
If you click the play button, you are asked if if you want to supposedly install some "video plugin". Be very suspicious if you are already able to play videos on YouTube without any problem. Also "ezonlinedata" is NOT a familiar name like Macromedia (Flash), Apple (Quick Time), Windows Media Player, or VLC Media Player. Even if asked to install a familiar and legitimate program such as Quick Time or VLC Media player, you should go DIRECTLY to the distributor's web site only. If you click the "Run" button, a virus will install on your computer. Notice that the file ends in 'exe. As previously discussed, this should always have you on alert.
When in doubt go to the REAL site for updates
http://get.adobe.com/flashplayer/
Beware if you are prompted to install a Java update
When in doubt choose not to install the Java update, then INSTEAD navigate to your control panel (START > Control Panel), select Java (switch to "classic view" if you don't see a Java icon), then click the "update" tab, and manually check for updates.
BEWARE OF "EMAIL SPOOFING"
Just because you receive an email from [ANY NAME] and [ANY EMAIL ADDRESS] doesn't mean that they really sent you the email. It is very easy for ANYONE to impersonate and forge emails! Email spoofing is a way in which the sender address and sender name and other parts of the email header are altered to appear as though the email originated from a different source.
Why do people send spoofed emails? Usually it's to get you to look at advertisements, but other times it's to get you to open viruses.
Below is an actual example of an email spoof that I received. Often the web page link that is displayed (agencesmadagascar.com) is merely a redirect page, so you get sent off to a completely different web site.
( NOTE: I have blurred out the full email addresses )
Be suspicious if strange new things start happening to your computer
Your computer may be infected with a dangerous virus without you even knowing. Some viruses run in the "background" as hidden processes. For example the Trojan "Spy Eye" attempts to connect to the Internet then sends your usernames, passwords, and other critical personal information to a remote computer on the Internet.
In this case of an infected computer, I physically disconnected the Ethernet cable from the computer. Like clockwork, a virus attempted to connect to the Internet. A Windows 7 error message popped up (because I physically cut off the Internet connection). Under normal circumstances, even with the Ethernet cable connected, this error message should not appear. The logical explanation was a virus...
With the Ethernet cable reconnected I was able to use the diagnostic program TCPView to see hidden processes related to network connectivity. A suspect connection to ikexpress.com is identified below...
A who is search reveals that ikexpress.com is a server hosted in France of all places!!! So this was obvious surreptitious activity...
If you continually get viruses then consider switching to MAC or installing the Ubuntu operating system on your Windows computer.
If all you need is to surf the web, check emails, view photos, create documents and spreadsheets then Ubuntu might be right for you. Be sure that your peripheral devices are compatible with Ubuntu before switching. Many programs and devices are not compatible with Ubuntu.
Since 8/12/2010