Malware: types, protection, prevention, detection and removal
This article provides important information about the types, symptoms, protection, prevention, detection, and removal of malware (computer virus, ransomware, spyware, adware, rootkits, trojan horse, worms, etc.).
This article is the result of several well-known sources.
- What is malware?
- Malware types
- Malware symptoms (signs)
- Malware protection
- Malware prevention tips
- Malware detection and removal
- Read also
What is malware?
Malware short for malicious software is software that is specifically designed to damage or disrupt a system, steal information (spy on you), or destroy data. (1)
Malware is a broad term used to describe many different types of malicious programs.
Common Malware types are:
- Computer Virus - is capable of copying itself and spreading to other computers. Viruses can perform harmful activities on an infected PC such as corrupting the system or destroying data.
- Spyware (2) - secretly monitors your activities and gathers your information through your Internet connection without you knowing about it.
- Adware (3) - shows unwanted advertisements on your computer and generate revenue for its creator. These advertisements are often in the form of annoying pop-ups (windows).
- Rootkit (4) - is a collection of tools (programs) that are designed to remotely access or control a computer or network without being detected. Rootkits are difficult to detect because they are activated before your system's Operating System has completely booted up.
- Trojan Horse (5) - (also known as a Trojan) disguises itself as a normal file or program to trick users into downloading and installing malware.
- Worm (6) - is capable of copying itself and spreading to other computers. It uses networks to spread itself and causes harm by using a lot of bandwidth (this makes your internet slow) or possibly deleting files or sending documents via email. Worms can also install backdoors on computers. The difference between a worm and a computer virus is the way they spread – worms spread across networks and viruses attach themselves to various programs and executable codes. (7)
- Ransomware (8) - prevents or limits users from accessing their system or data. It forces its victims to pay the ransom through certain online payment methods to grant access to their system or to get their data back.
- Keylogger (9) - runs in the background and records every keystroke you make (everything you type on your keyboard). These keystrokes can include usernames, passwords, credit card numbers, and other sensitive and personal data. The keylogger will share this information with its creator.
- Botnet (10) - (also known as a zombie army) is a network of malware-infected computers which are controlled by the creator of the botnet (cybercriminal). Each computer functions as a bot because it's infected with a specific type of malware. A botnet can be used to send spam emails, transmit malware, perform DDoS attacks and perform other malicious tasks.
- Rogueware - often pretends to be security software such as antivirus and anti-malware software, but can also pretend to be other software such as system cleaners. This type of malware is simply misleading (fake) software that asks users to pay money for removing fake problems and threats. When a PC is infected with Rogueware, the Rogueware will give warnings in an aggressive (annoying) way and if you want to try to remove these so-called problems or threats (found by the rogueware), you will probably be redirected to the payment page where you will need to purchase the so-called software to remove the (fake) problems and/or threats.
- Cryptomining malware - (also known as cryptocurrency mining malware or cryptojacking) is malicious software and malware components developed to take over the system resources of a computer and use these system resources to mine for cryptocurrency without the owner's permission. (17)
Malware symptoms (signs)
Some Malware symptoms (signs)(11) are:
- Computer, programs and internet connection run slower than usual
- Your web browser often freezes (hangs or unresponsive)
- Annoying unwanted pop-up windows and ads appear
- System or programs regularly crash
- Hard drive continues to have excessive activity — even when you don't use it
- Sudden increase of disk space on your hard drive
- Unusual high network activity when not using your web browser
- Your web browser's homepage has been changed
- A new toolbar is placed at top of your web browser
- You want to open a website, but you are sent (redirected) to another (different) website
- Unusual messages appear
- Unusual programs start automatically
- Your antivirus program and/or its shields and update function is turned off (disabled)
- Your friends are receiving strange (weird) messages and/or emails from you (which you didn't sent)
- You're blocked from getting access to your system and get forced to pay money (ransom) to regain access again
- You are unable to access the Windows Control Panel, Task Manager, Registry Editor or Command Prompt
- Your computer automatically plays music
- There are new unknown icons on your desktop
- Your computer restarts (reboots) by itself (turns automatically off and on)
Malware protection tips
The BEST malware protection is YOU.
You can have the best malware protection on your computer, but even the best anti-malware (antivirus) software can fail to detect new malware. (12)
Malware threats have grown significantly in the past decade. These threats grow so fast, that antivirus programs take too long to catch up with malware (even the best programs). (13)
Therefore, the best protection is yourself.
You might be wondering:
What does he exactly mean?
Well, if you do any of the following:
- Use illegally downloaded software on your computer
- Install free software without checking it out first (reviews).
- Click on OK, Yes, Continue or Run when a pop-up window appears and asks you to install unknown software.
- Click on links in emails you don't trust.
- Download and open email attachments you don't trust.
- Ignore security warnings from Windows or your antivirus program
- Never update your operating system (Windows) and software
- Don't use antivirus software
- Use an insecure web browser
Then there's a big chance that your computer will get infected with malware.
There's no better malware protection than yourself, so pay attention to everything you do, online and offline.
Antivirus software (free and paid)
You should always use antivirus software on your computer – even when antivirus programs can't protect you 100% against all malware.
It's better to have some protection than no protection at all.
Good antivirus software can protect you against most known malware.
You should always install and use only one (1) antivirus program on your computer.
Using multiple antivirus programs on a PC is a very bad idea! (14) Why?
- They might attack each other: because one of them might think that the other one malware is because it's monitoring your system (same like spyware or other malware) and then it will attempt to block and remove it.
- They will fight over malware: when one of them detects, removes and places malware in quarantine, then the other program might also detect the same malware (even when the other program already has it in quarantine) and then it will also try to remove the malware and place it in quarantine. Then you will keep getting the same notifications about this malware over and over again.
- They will make your system slow: antivirus programs use a lot of your system memory to perform system scans and other related tasks. So your system will become slower when using two antivirus programs.
There are so many free and paid antivirus programs out there that it's difficult to choose one.
The free antivirus programs I recommend are:
If you need more functions (e.g., multi-layer ransomware protection) and settings, then you can try a paid antivirus program.
Most antivirus companies offer the option to download and try their paid antivirus programs for free for 30 days.
The paid antivirus programs I recommend are:
Free second opinion malware scanners
It's also recommended to use second opinion malware scanners to get more complete detection coverage, because some programs may detect malware that others might miss.
The free second opinion malware scanners I recommend are:
- Kaspersky Virus Removal Tool
- Malwarebytes (note: to download the free version, you will have to scroll down to the bottom of the page and then click on DOWNLOAD 14 DAY TRIAL. You will get the Premium version for the first 14 days and after the 14 days it will turn into the free version – which is an on-demand malware scanner)
- Zemana Antimalware
- Emsisoft Emergency Kit
- ESET Online Scanner
- Norton Power Eraser
You can use these scanners to scan your PC periodically (e.g., once a week) or when you think your PC is infected.
You can use malware scanners alongside your current antivirus software. Which means you get the chance to use other antivirus software on your PC without any problems.
Extra security tools
You can use the following two tools to add extra protection to your PC:
- OSArmor: monitors and blocks suspicious processes behaviors to prevent infections by malware. This tool analyzes parent processes and prevents, for example, MS Word from running cmd.exe or powershell.exe, it prevents ransomware from deleting shadow copies of files via vssadmin.exe, it blocks processes with double file extensions (i.e invoice.pdf.exe), it blocks USB-spreading malware, and much more. It is lightweight, zero-configuration and runs in the background protecting your system.
- SysHardener (portable): allows you to harden Windows settings to mitigate cybersecurity threats. You only need to run it once.
Malware prevention tips
You can prevent malware by following these tips:
- Keep your operating system and software always up-to-date
- Use a firewall (Windows firewall is enough).
- Always take security warnings from Windows or your antivirus program seriously. Never ever ignore security warnings!
- Don't download and use pirated software.
- Never click on OK, Yes or Run when a pop-up window appears and asks you to download and install unknown software.
- Never click to fast on Next, Install, OK, etc. when installing software, because you might install extra unwanted third-party software (like toolbars). If you see extra offers, then uncheck all their checkboxes.
- Always download software from the official link or from a trusted website.
- Don't click on links in emails from unknown senders.
- Don't download and open email attachments – unless you can verify the source.
- Check free software before downloading and installing it on your computer. Just Google the software first and look for reviews or forums.
- Use a secure and safe web browser like Google Chrome, Mozilla Firefox, Microsoft Edge, and Opera and keep it updated.
- Disable or uninstall Java if you don't need it.
- Disable or uninstall Adobe Flash Player if you don't need it. You can also disable Flash Player in your web browser.
- Don't click on links you don't trust, but first, check the link. When you go with your mouse cursor on the link, then you can see at the bottom left corner of your browser window the REAL location the link is pointing to. You can also check the link using VirusTotal.com.
- Never download codecs or players to watch videos online. If you can't play the video online in your secure web browser then there's something wrong with the video or website.
- When you insert a USB flash drive or external hard drive from someone else into your PC, then scan it first with your antivirus program before opening or copying anything.
- If you want to take risks, then at least install VirtualBox on your PC, then install an operating system, like Linux (Linux Mint or Ubuntu) as a virtual machine in VirtualBox and do your risky things in there. But remember that also this is NOT 100% safe.
- Don't use a Windows administrator account for daily use, but use a standard account instead. If malware or a hacker gets access to your system, then the malware or hacker has the same rights to whatever account you're using. So if you use an administrator account and malware or a hacker takes control of your system, then the malware or hacker can do anything he, she or it wants and have full control of your system, but if you use a standard account then they can only do things that don't require administrator permission, so he or she can't change important system settings or install malware, and malware can't install itself unless you enter the administrator password.
- Microsoft recommends that you disable SMB1 on Windows for security reasons. (15) (16)
- If you are curious about a file or link, then you can also analyze it on www.virustotal.com.
Malware detection and removal
I will show you step by step how to detect and remove (get rid of) malware from your infected PC in a few different ways using free second opinion malware scanners (malware removal tools).
The good thing about second opinion malware scanners is, that you can use them alongside your current antivirus software.
- Create a system restore point. If something goes wrong you can restore the mistake with a system restore point.
- Always scan your PC with multiple second opinion malware scanners to get more complete detection coverage, because some programs may detect malware that others might miss.
- Always double check the results of each scan and make sure that nothing important is selected for removal. Even malware scanners can make mistakes and sometimes see something harmless as a threat.
- If you are having problems installing and/or opening second opinion malware scanners, then start Windows in “Safe Mode with Networking” and try again. How to start Microsoft Windows in “Safe Mode with Networking” (link opens in a new tab).
If your computer is infected with malware (computer virus, spyware, rootkit, trojan horse, worm, etc.), and you want to be 100% sure that your system will be clean, then the best solution is to back up any data you might have and reinstall Windows or restore a system image backup that's 100% clean.
Well, if your antivirus (antimalware) software detected malware, then you will never know for sure if that's the only piece of malware that has infected your system.
Malware can nestle itself deeper into your system and hide so that it can't be discovered by your security software and it can also open doors to other malware.
You also may end up with a damaged Windows installation.
Considering time and effort, sometimes it's better to wipe everything and start all over again. But, if you wanted to do that, you probably wouldn't be reading this article, so, follow the steps below.
With the following steps, I assume that you have access to your system or at least can boot into “Safe Mode with Networking”.
If you cannot access your computer then I recommend Kaspersky Rescue Disk (located in the “Free Tools” section).
Once you have the ISO file you can install it on a USB flash drive with the help of a free tool called Rufus and then you can boot from the USB drive and use the rescue disk.
Let's continue with the next step.
Step 1: Find out if your files are affected by Ransomware
If you cannot open some files on your computer or you see files with missing or weird file extensions (e.g., .cry, .crypto, .locked, .kraken, etc.), your system is probably infected by Ransomware.
If your system is infected by Ransomware, the first thing you should do is to check if your files can be decrypted.
But to do this, you first need to find out which Ransomware has infected your PC.
To find out which Ransomware has infected your PC, look at the ransom note, or look at any messages on the screen or look at the encrypted files and the extension they have.
If you cannot find out which Ransomware infected your PC you can visit ID Ransomware by MalwareHunterTeam and upload the ransom note or an encrypted file.
You can also visit a cybersecurity forum like BleepingComputer.
On this forum, you can find a lot of malware analysts that you can talk to.
You can post something in the forums and upload one of your encrypted files.
They might be able to tell you whether or not you can decrypt your files.
You can also download the Bitdefender Ransomware Recognition Tool to find out which ransomware has encrypted your data and then get the appropriate decryption tool if it exists.
You can visit NoMoreRansom.org or the free ransomware decryptors page on Kaspersky.com and check if they have a decryptor tool for the ransomware that infected your PC.
Step 2: Make a backup of your files
If your files were not affected by ransomware or you were able to decrypt your files, then you should make a backup of your files.
You can use a free backup program like AOMEI Backupper Standard or copy your files to a USB flash drive or external hard drive.
Step 3: Disable startup programs in Windows
1. Open Windows Task Manager.
Three ways to open Task Manager:
- Press the [ctrl] + [alt] + [delete] (del) keys on your keyboard and then click on Task Manager.
- Press the [Windows] + [R] keys on your keyboard, type taskmgr and then click on the OK button or press [Enter].
- In Windows 10, you right-click on the taskbar or start menu button and then click on Task Manager.
2. Click on the Startup tab.
Note: if you don't see the Startup tab then click on More details located at the bottom left of the Taskmanager window.
3. Disable everything that you see here, including your antivirus software.
To do this, right-click on the program and then click on Disable.
Step 4: Disable services in Windows
1. Open Windows System Configuration.
Three ways to open System Configuration:
- Press the [Windows] + [R] on your keyboard, type msconfig and press [Enter].
- Search for msconfig using the Windows search box and then click on System Configuration when it appears.
- Click on the start menu button, click on Windows Administrative Tools and then click on System Configuration.
2. Click on the Services tab.
3. Check (select) the Hide all Microsoft services option located below the list.
4. Click on the Disable all button.
5. Click on the Apply button.
6. Click on OK.
7. Click on Restart to restart your computer.
Important! The order of the following steps are very important, so don't do these steps in reverse. Don't scan with Zemana first and then scan with Kaspersky.
Step 5: Kaspersky Virus Removal Tool
You can download Kaspersky Virus Removal Tool here.
1. Start Kaspersky Virus Removal Tool.
2. Accept the End User License Agreement.
3. Click on Change parameters.
4. Select (check) all options.
5. Click on OK.
6. Click on Start scan.
Kaspersky will now scan your computer for malware.
This process may take a while.
When the scan is completed it will show you the results of the scan.
7. If malware is detected, you click on Continue to remove the malware.
Step 6: Malwarebytes
You can download Malwarebytes here (note: to download the free version, you will have to scroll down to the bottom of the page and then click on DOWNLOAD 14 DAY TRIAL. You will get the Premium version for the first 14 days and after the 14 days, it will turn into the free version – which is an on-demand malware scanner).
When you install Malwarebytes it will automatically enable a two-week trial version of the premium version, but if you don't want the two-week trial, then you can easily disable it in the settings.
Enable Scan for rootkits
You will only have to change this setting once.
1. Start Malwarebytes.
2. Click on Settings in the left sidebar.
3. Click on Protection at the top.
4. Go to Scan Options.
5. Turn on Scan for rootkits.
Scan for Malware
1. Open Malwarebytes.
2. Click on Scan Now.
Malwarebytes will now scan your computer for malware.
This process can take 15 minutes or longer.
When the scan is completed it will show you the results of the scan.
3. If malware is detected, you click on Remove Selected to remove the malware.
Malwarebytes may ask you to restart your PC.
Step 7: Zemana Antimalware
You can download Zemana Antimalware here (for the download button of the free version you will have to scroll down to the comparison table).
1. Start Zemana Antimalware.
2. Click on the Scan button.
Zemana will now scan your computer for malware.
This process can take 20 minutes or longer.
When the scan is completed it will show you the results of the scan.
3. If malware is detected, you click on the Next button to remove the malware.
After these steps, your system should be relatively clean.
If you want to scan your PC with more second opinion malware scanners, then you can also try the following malware scanners:
Thank you for reading this article. Hopefully, you learned enough about malware to keep your PC clean and safe. If you want to learn more about computer and Internet security (cybersecurity), then you can visit this page.
Maybe you're also interested in:
Important computer and internet security tips
Computer virus: Types, symptoms, protection, and removal
Windows 10 security tips and is Windows Defender good enough?
Kaspersky: Trojan Horse
Kaspersky: Computer viruses vs worms
HeimdalSecurity: Warning signs that your computer is malware-infected
LastLineLabs: Antivirus isn't dead, it just can't keep up
GCN: Is antivirus now useless?
Kaspersky: Why using multiple antivirus programs is a bad idea
Microsoft: SMBv1 is not installed by default in Windows 10 Fall Creators Update and Windows Server, version 1709 and later versions
TheWindowsClub: Why and how to disable SMB1 on Windows 10/8/7
Webopedia: Cryptomining malware
YouTube: How to clean an infected computer