NETWORK TECH WORLD
Hiding Places for Malware
Malicious
software, or malware, does not simply place itself in an obvious
location and may even move around your computer’s hard drive to prevent
detection. This is part of what makes it so difficult to remove some
infections that can cause sluggish behavior, Internet redirects, pop-up
windows and even failure of your anti-virus software.
Restore Data
Software infections may hide in partitions on your computer’s hard drive that are dedicated to saving restore files. Typically, you don’t use these files on a daily basis. They exist as a backup should you need to restore your computer to an earlier date. Anti-malware programs may not be able to find or delete infected files in the restore partition. Because of this, sources such as the Computer Hope website, which gives troubleshooting advice, recommend turning off System Restore before running a scan with your anti-virus or anti-malware program. This is especially true if your computer uses Windows XP as an operating system. When your anti-virus program has removed all infections and behavior returns to normal, you can then enable System Restore once more.
Software infections may hide in partitions on your computer’s hard drive that are dedicated to saving restore files. Typically, you don’t use these files on a daily basis. They exist as a backup should you need to restore your computer to an earlier date. Anti-malware programs may not be able to find or delete infected files in the restore partition. Because of this, sources such as the Computer Hope website, which gives troubleshooting advice, recommend turning off System Restore before running a scan with your anti-virus or anti-malware program. This is especially true if your computer uses Windows XP as an operating system. When your anti-virus program has removed all infections and behavior returns to normal, you can then enable System Restore once more.
Registry
The Windows Registry is a database of settings that your operating system relies on to run properly. The Registry uses a hierarchical structure to store these settings. Individual settings are stored in what are known as “keys,” and malicious software can change the values of these keys or add keys that are not necessary. For example, one Registry key can instruct your computer to not show file extensions. Thus, when you look for infected files, you may not be able to tell a legitimate file from malware. Some malware solutions may require you to open the Registry Editor, a component of Windows, and search for keys or values that are associated with malware.
The Windows Registry is a database of settings that your operating system relies on to run properly. The Registry uses a hierarchical structure to store these settings. Individual settings are stored in what are known as “keys,” and malicious software can change the values of these keys or add keys that are not necessary. For example, one Registry key can instruct your computer to not show file extensions. Thus, when you look for infected files, you may not be able to tell a legitimate file from malware. Some malware solutions may require you to open the Registry Editor, a component of Windows, and search for keys or values that are associated with malware.
Startup
Windows computers have a “Startup” folder that contains programs that begins as soon as you boot up. Malware may hide in this folder and execute itself in the background without your knowledge. Your anti-malware software may not be able to locate processes that are already running when you perform a scan, or if your software does find the infection, it may not be able to remove it because it is running and refuses to shut down. To remedy this situation, you can start your computer in Safe Mode. Restart and press the “F8″ key when you see the black screen with your manufacturer’s logo. Safe Mode prevents unnecessary applications from running at startup. It may show your screen in fewer colors than normal; however, this is normal. Perform your scans in Safe Mode to remove malware infections.
Windows computers have a “Startup” folder that contains programs that begins as soon as you boot up. Malware may hide in this folder and execute itself in the background without your knowledge. Your anti-malware software may not be able to locate processes that are already running when you perform a scan, or if your software does find the infection, it may not be able to remove it because it is running and refuses to shut down. To remedy this situation, you can start your computer in Safe Mode. Restart and press the “F8″ key when you see the black screen with your manufacturer’s logo. Safe Mode prevents unnecessary applications from running at startup. It may show your screen in fewer colors than normal; however, this is normal. Perform your scans in Safe Mode to remove malware infections.
Miscellaneous
Other common places that may hide malware include the Hosts file, which contains a list of human-friendly URLS, like “google.com” and their corresponding computer-friendly Internet Protocol addresses, which used a numeric system. An alternative hiding spot for malware is in any file that allows embedded media. Screen savers, Web pages and presentations are just a few of the file types that allow embedded content. You may not know that this file is letting malicious software onto your computer when you open it. Real-time anti-virus protection applications can scan downloaded files to check for known infections.
Other common places that may hide malware include the Hosts file, which contains a list of human-friendly URLS, like “google.com” and their corresponding computer-friendly Internet Protocol addresses, which used a numeric system. An alternative hiding spot for malware is in any file that allows embedded media. Screen savers, Web pages and presentations are just a few of the file types that allow embedded content. You may not know that this file is letting malicious software onto your computer when you open it. Real-time anti-virus protection applications can scan downloaded files to check for known infections.
Comments
Post a Comment