This section offers information and tools to keep your PC free of computer viruses and other malwares.
General Virus InformationA virus is a piece of software designed and written to adversely affect your computer by altering the way it works without your knowledge or permission.
In more technical terms, a virus is a segment of program code that implants itself to one of your executable files and spreads systematically from one file to another.
Computer viruses do not generate spontaneously: They must be written and have a specific purpose.
Usually a virus has two distinct functions:
A benign virus is one that is designed to do no real damage to your
A malignant virus is one that attempts to inflict malicious damage to your
computer, although the damage may not be intentional. There are a
significant number of viruses that cause damage due to poor programming
and outright bugs in the viral code.
Some of the viruses identified are benign; however, a high percentage of them are very malignant. Some of the more malignant viruses will erase your entire hard disk, or delete files.
How Virus Infections Spread:
The High Cost of VirusesWhile some viruses are designed to be mere annoyances, others are programmed with the dangerous ability to damage files, destroy data and crash entire computer systems. Since 1990, computer viruses have cost companies worldwide nearly $2 billion in lost data, repair costs, loss of productivity, and more.
Viruses can be equally devastating to the home user. If you notice any of the following symptoms on your home PC or portable computer, you may have a virus.
Common Symptoms of Computer Viruses:
Viruses: The Threat is RealIt is not overstating the case to say that viruses could interrupt the free flow of information that has been built up by the personal computer in the last 10 years. Indeed, the prevalence of viruses has ushered in a new era of safe computing, to the point where those that ignore the guidelines run grave risks. Considering the extreme warnings of danger - and the incidents already on record - it is a mystery that there are those in the computing industry who claim news reports of viruses are exaggerated.
The National Center for Computer Crime Data in Los Angeles estimates that American business have lost as much as $550 million from unauthorized access to computers yearly. The amount of lost time may be incalculable.
As an indication of the severity of the problem, the federal government has helped to form a virus SWAT team called the Computer Emergency Response Team. Its job is to investigate security threats in major computer networks across the country. The Software Publishers Association has also adopted certain measures to address the problem.
Furthermore, in the last year many Fortune-listed companies have begun to establish computer policies to deal with viruses. In many cases those new procedures will set practices for testing in all software before it is put on a network and restrict the downloading of software from electronic bulletin boards. Literally no one who uses computers--not the government nor the police nor even your local bank--is immune from computer viruses.
Suppose a space shuttle executed order from a virus-infected software program. Or an air traffic controller was given incorrect information from a fouled system. Or your company’s financial records were suddenly eradicated or permanently altered.
These are not necessarily fantasies of impending doom. Thus far, computer viruses have hit a variety of systems, including Fortune 500 companies, government agencies, major universities, newspapers, and large networks linking vast numbers of computers and huge volumes of information.
Security information is of a time-critical nature.
Types of Computer Viruses:A computer virus is a program designed to replicate and spread on its own, preferably without you knowing it exists. Computer viruses spread by attaching themselves to another program (such as your word processing or spreadsheet programs) or to the boot sector of a diskette. When an infected file is executed, or the computer is started from an infected disk, the virus itself is executed. Often, it lurks in memory, waiting to infect the next program that is run, or the next disk that is accessed. In addition, many viruses also perform a trigger event, such as displaying a message on a certain date, or deleting files after the infected program is run a certain number of times. While some of these trigger events are benign (such as those that display messages), others can be detrimental. The majority of viruses are harmless, displaying messages or pictures, or doing nothing at all. Other viruses are annoying, slowing down system performance, or causing minor changes to the screen display of your computer. Some viruses, however, are truly menacing, causing system crashes, damaged files, and lost data.
These are viruses that attach themselves to (or replace) .COM and .EXE files, although in some cases they can infect files with extensions .SYS, .DRV, .DLL, .BIN, .OVL and .OVY. With this type of virus, uninfected programs usually become infected when they are executed with the virus in memory. In other cases they are infected when they are opened, or the virus simply infects all of the files in the directory it was run from.
Boot Sector Infectors:
Every logical drive, both hard disk and floppy, contains a boot sector. This is true even of disks that are not bootable. This boot sector contains specific information relating to the formatting of the disk, the data stored there, and also contains a small program called the boot program (which loads the DOS system files). The boot program displays the familiar "Non-system Disk or Disk Error" message if the DOS system files are not present. It is also the program that gets infected by these viruses.
Master Boot Record Infectors:
The first physical sector of every hard disk (Side 0, Track 0, Sector 1) contains the disk's Master Boot Record and Partition Table.
A virus that is active only while an infected file is being executed.
A Memory-Resident Infector virus is much like a conventional terminate-and-stay-resident program (TSR). It takes over the system when activated. A Memory Resident Infector maintains control of the system and continues to spread as you use your computer, even if you close the infected program. It keeps control until the computer’s memory is cleared by rebooting from a "cold boot", that is, a power off or the reset button. (Some viruses can survive a Control/Alt/Delete).
A virus that deliberately changes its own programming code to prevent detection. Every file that a Polymorphic Virus infects will contain a different set of instructions, even though they are all infected with the same virus.
A virus that actively seeks to conceal itself from discovery or defends itself against attempts to analyze or remove it.
A stand-alone program that promises to be something useful or interesting (like a game or a program to investigate the communications accounts of your contacts), but may covertly damage or erase files on your computer while you are running it. Trojan Horses are not viruses. Trojan Horses are generally difficult to detect.
Programs that spread themselves from computer to computer over a network without user intervention.
Keep your operating system and e-mail software updated, to eliminate vulnerabilities discovered
in older versions that permit attachments to open automatically.
Consider that some virus fake the sending address to gain your confidence and
get you to execute an attached program, believing it to come from a known address.
Do not use ActiveX applications from untrusted sources.
Visit Java Download to download and install the latest available version of the Java Runtime Environment (JRE). Then uninstall any older, vulnerable versions. JRE version 7 is now available.
"The current exploit is triggered by a known flaw in Java, which was installed on every copy of OS X until the release of Lion (OS X 10.7) last summer. The flaw was reported in January and patched by Oracle in February, but the Apple version of Java didn't get a patch until early April. So for several months, every Mac owner was vulnerable unless they took specific steps to remove or disable Java."
"If you use any version of OS X before Snow Leopard (10.6) and you have Java installed (all versions of OS X before 10.7 include Java by default), you are vulnerable to this exploit and there is no patch available." [Disabling Java, or updating to OS X 10.7, is recommended]
See New Mac malware epidemic exploits weaknesses in Apple ecosystem (ZDNet, Ed Bott. April 6, 2012)
See Trojan-Downloader: OSX/Flashback.k (Test and Manual Removal, F-Secure)
See Apple releases Flashback removal tool, infections drop to 270,000 (ZDNet, Ed Bott. April 12, 2012)
See Russian security firm says Flashback infection rates still high (ZDNet, Ed Bott. April 20, 2012)
See Flashback malware exposes big gaps in Apple security response (ZDNet, Ed Bott. April 29, 2012)
The technique is simple social engineering, and it works by scaring the target into thinking their system has been infected with a virus (or a whole bunch of them) and then offering to fix the problem-for a fee. The fake AV software often downloads additional Trojans and can actually cause the sort of problems it claims to be solving.
Internet Explorer 9 uses some new technology to flag the some sites and files as suspicious,
providing unmistakable warnings that have been shown to stop 95% of these attacks.
The SmartScreen filter algorithm assumes that a file, signed or unsigned, is untrustworthy until it establishes a reputation. No domain or file gets a free pass-not even a new signed release from Microsoft or Google. Every file has to build a reputation.
Macro Viruses (Historic Information):
MS Word Macro Virus FamilyThe MS Word Macro family of viruses uses the WordBasic macro language to infect and replicate in and among MS Word documents and templates. Most notably, this new family of viruses is platform independent:
They will infect documents and templates on DOS, Windows 3.x, Windows 95, Windows NT, and Macintosh operating systems.
MS Excel Macro Virus FamilyThe MS Excel Macro family of viruses uses the ExcelBasic macro language to infect and replicate in and among MS Excel documents and templates. This new family of viruses tends to be platform dependent - they will not infect documents or templates on different operating systems.
Virus Hoaxes:Although there are thousands of viruses discovered each year, there are still some that only exist in the imaginations of the public and the press.
This are viruses that DO NOT EXIST, despite rumors of their creation and distribution.
Please ignore any messages regarding supposed "viruses" and do not pass on any messages regarding them.
Symantec maintains a page with information on these Virus Hoaxes.
Rob Rosenberger maintains a site on Computer Virus Myths, hoaxes and urban legends at: Vmyths.com
Test your Anti-Virus Protection:
The EICAR Standard Anti-Virus Test File
This free test file is known as the "EICAR (European Institute for Computer Anti-virus Research) Standard Anti-Virus Test File".
It is safe to pass around, because it is not a virus, and does not include any fragments of viral code. Most products react to it as if it were a virus (though they typically report it with an obvious name: Sophos SWEEP, for example, calls it "EICAR-AV-Test").
The file is a legitimate DOS program, and produces sensible results when run (it prints the message "EICAR-STANDARD-ANTIVIRUS-TEST-FILE"). It is also short and simple -- in fact, it consists entirely of printable ASCII characters, so that it can easily be created with a regular text editor. Any anti-virus product which supports the EICAR test file should "detect" it in any executable file which starts with the following 68 characters:
Copyright © 1997 Sophos Plc.
Reprinted here by permission of Sophos Plc.
Original information from Paul Ducklin, 15th October 1997, Sophos (Updated on January 14 '03).
Also, you can download and save a version of the file (from www.eicar.org).
Then, you should try to create a copy of EICAR.txt as EICAR.com; your Anti-Virus program should not let you create the new file. You should have to temporarily deactivate it.
After creating EICAR.com, re-activate your Anti-Virus program.
Then, you should try to run EICAR.com; your Anti-Virus program should not let you run EICAR.com. You should have to again temporarily deactivate it.
After running EICAR.com, again re-activate your Anti-Virus program.
Then you should scan the folder (directory) where you put EICAR.com; your Anti-Virus program should "detect" it as a virus.
Anti-Virus Online Scanners
[Running an Online Scanner under Windows Vista in general requires accessing it with Microsoft Internet Explorer in Administrator mode: Select a start icon for Microsoft Internet Explorer with a right click, select Run as Administrator]
Downadup (or Conficker) is a self-updatable network worm that takes advantage of a Windows vulnerability to spread. Its removal is complicated by the fact that it blocks many known antivirus software and associated websites. Conficker disables the Microsoft Windows Firewall service.
See An Analysis of Conficker (SRI Malware Threat Center, March 19, 2009)
Analyze your PC with the Emsisoft Anti-Malware:
Comprehensive PC protection against viruses, trojans, spyware, adware, worms, bots, keyloggers and rootkits. (Previously a-squared Anti-Malware)
2 cleaning programs in 1: Anti-Virus + Anti-Malware
When downloading, you'll get the full version including all protection features for 30 days for free. Afterwards the unpaid software switches to a limited freeware scanner mode that allows you to scan and clean your PC whenever you want, but does not include the protection features against new infections.
The Conficker Worm shocked PC security experts. Millions of computers were supposed to have been infected. The free program Emsisoft Emergency Kit checks whether Conficker (or other worms) are present in a computer. In the worst case, the free program can immediately remove the security risk.
Install the Emsisoft Anti-Malware EMSI Software - virus and malware prevention and remover software
Or use the Free Emsisoft Emergency Kit malware scanner and remover software that requires no installation or changes to your PC.
The Emsisoft Emergency Kit scanner includes the powerful Emsisoft Scanner complete with graphical user interface. Scan the infected PC for viruses, trojans, spyware, adware, worms, bots, keyloggers, ransomware and other malicious programs.
Emsisoft Emergency Kit (Free Scanner)
The Emsisoft Emergency Kit contains a collection of programs that can be used without a software installation to scan and clean infected computers for malware.
With the Emsisoft Emergency Kit Scanner you have got the powerful Emsisoft Scanner including graphical user interface. Search the infected PC for Viruses, Trojans, Spyware, Adware, Worms, Dialers, Keyloggers and other malign programs.
After downloading and decompressing the file EmsisoftEmergencyKit.zip (~90 MBytes), run the Emsisoft Emergency Kit Scanner with a double click on a2emergencykit.exe. Found malware can be moved to quarantine or finally deleted.
Get the latest version at Emsisoft Emergency Kit (EMSI Software)
Analyze your PC with the Trend Micro HouseCall AntiVirus - Scan Online: (Free)
HouseCall AntiVirus - Scan Online can quickly identify and fix a wide range of threats including viruses, worms, Trojans, and spyware.
Analyze your PC with the F-Secure Online Scanner: (Free)
The Web-based F-Secure Online Virus Scanner will help ensure a safe and productive Internet experience for you and your family. The Online Virus Scanner uses F-Secure's virus detection technology to check for and eliminate virus infections and spyware.
Analyze your PC with the ESET-NOD32 AntiVirus - Online Scanner: (Free)
The ESET Online Scanner is a good free virus scan in the Web. A user-friendly, powerful tool, the ESET online antivirus utility can remove malware - viruses, spyware, adware, worms, trojans, and more - from any PC utilizing only a web browser. The AntiVirus - Online Scanner uses the same ThreatSense technology and signatures as ESET NOD32 Antivirus, which means it is always up-to-date.
Operating Systems: Microsoft Windows 7/Vista/XP/2000/NT (32/64-bit)
McAfee Stinger: (Free Scanner)
Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.
The supported versions of Windows are XP SP2, 2003 SP2, Vista SP1, 2008, 7 and 8.
Get the latest version at McAfee Stinger
Microsoft Safety Scanner: (Free)
Do you think your PC has a virus?
Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.
Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.
The Microsoft Safety Scanner is not a replacement for using an antivirus software program that provides ongoing protection, like Microsoft Security Essentials.
Microsoft Windows Malicious Software Removal Tool:
Microsoft released on January '05 the Microsoft Windows Malicious Software Removal Tool
to help remove specific, prevalent malicious software from computers that are running
Microsoft Windows 8, Windows 7, Windows Vista, Windows XP, Windows 2000, Windows Server 2012, Windows Server 2008, and Windows Server 2003.
You can download the Malicious Software Removal Tool from the Microsoft Download Center.
You can also run an online version of the tool from the
Microsoft Malicious Software Removal Tool.
The Malicious Software Removal Tool is released on the second Tuesday of every month. Each release of the tool helps detect and remove current, prevalent malicious software. This malicious software includes Viruses, Worms, and Trojan Horses. The tool can also remove any known variants at the time of release.
Each release of the tool is cumulative. That is, each release not only helps detect and remove new malicious software families, it also helps detect and remove all the malicious software covered in earlier versions. New variants of malicious software that is detected and removed in previous releases are also covered in each monthly release.
The Microsoft Knowledge Base article, KB 890830, will be updated with information for each monthly release so that the number of the relevant article remains the same.
This tool reports anonymous information back to Microsoft in the event that an infection is found or an error is encountered.
The Microsoft Malicious Software Removal Tool (MSRT) is an anti-malware utility that checks computers running Windows 10 Technical Preview, Windows 8 and Windows 8.1, Windows 7, Windows Vista, Windows XP*, Windows Server 2012 R2 and Windows Server 2012, Windows Server 2008, and Windows Server 2003 for infections by specific, prevalent malicious software - including Blaster, Sasser, and Mydoom - and helps remove malware and any other infections found.
When the detection and malware removal process is complete, the tool displays a report describing the outcome, including which, if any, malware was detected and removed.
* The Malicious Software Removal Tool continued to be provided for Windows XP through July 14, 2015; it also continued to be delivered automatically via Windows Update and for download via the Download Center.
See Virus alert about the Win32-Conficker.B worm (Microsoft Help and Support)
Analyze your PC Security with the Symantec Norton Security Scan: (Free)
The Web-based Norton Security Scan and Virus Detection determines whether your PC is protected from hackers, viruses, and privacy threats. Virus Detection uses Symantec's virus detection technology to check for virus infections.
Use Norton Security Scan to determine if your system has been infected with viruses, malware, spyware, or other threats. Newly added - the Cookie Manager that you can use to check for suspicious or dangerous cookies and remove those that raise a concern.
Norton Security Scan is a free scanner which can identify threats but does not resolve them.
Avast Free Antivirus: (Free)
New viruses are being found "in the wild" all the time.
Further, the speed at which these new viruses spread is increasing all the time.
A key problem is not that antivirus programs do not detect such viruses,
but the fact that most users do not use any antivirus program at all or, perhaps worse,
the antivirus software and/or virus definitions database is out of date.
Get the latest version at Avast (Free) [In various languages]
Avira Free Antivirus: (Free)
Avira Free Antivirus is a reliable free antivirus solution, that constantly and rapidly scans your computer for malicious programs such as viruses, trojans, backdoor programs, hoaxes, worms, dialers etc. Monitors every action executed by the user or the operating system and reacts promptly when a malicious program is detected.
Basic protection: Protects your computer against dangerous viruses, worms, trojans and costly dialers. New: Basic Anti-Spyware.
Get the latest version at Avira Free Antivirus [In various languages]
AVG Anti-Virus: (Free)
You can get your free copy of the AVG Anti-Virus System - AVG Anti-Virus Free Edition,
and you will be able to use it for an unlimited period of time.
With AVG, you will get a high-end software solution for reliable protection against
the threat of computer viruses from opening files, running programs and e-mail.
Get the latest version at AVG Anti-Virus Free Edition
Comodo Internet Security: (Free)
If you use Windows 7, Vista or Windows XP SP2, install a complete security program, like the
Comodo Internet Security
(Free), offering complete protection from Hackers, Virus, Spyware, Trojans and Identity theft,
and a Host Intrusion Prevention System that stops malware from being installed.
An extensive white list database of trusted applications helps reducing the number of initial alerts after installation.
The Firewall and Antivirus components can be installed separately.
For additional protection, also install the
Comodo BOClean Anti Malware software (Free).
Microsoft Security Essentials: (Free)
Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
Microsoft Security Essentials is a free* download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It's easy to tell if your PC is secure - when you're green, you're good. It's that simple.
Microsoft Security Essentials runs quietly and efficiently in the background so that you are free to use your Windows-based PC the way you want-without interruptions or long computer wait times.
* Your PC must run genuine Windows 7 or Windows Vista to install Microsoft Security Essentials.
See What is Windows Defender Offline? Removes malicious and potentially unwanted programs (Free)
RKill - What it Does and What it Doesn't: (Free Software)
RKill is a program developed at BleepingComputer.com by Lawrence Abrams (Grinler) that was originally designed for the use in our malware removal guides. It was created so that we could have an easy to use tool that kills known processes that stop the use of normal anti-malware applications. Simple as that. Nothing fancy. Just kill known malware processes so that anti-malware programs can do their job.
So in summary, RKill just kills processes, imports a Registry file that removes incorrect file associations and fixes policies that stop us from using certain tools. Then it kills Explorer.exe so it will restart and enable the Registry changes. When done, RKill will then create a log listing all processes that were terminated while the program was running. Please note that this will include processes that were terminated manually by the user as well as RKill. Other than what is listed above, it does nothing else.
Since RKill only terminates processes, after running it you should not reboot your computer as any malware processes that are set to start automatically, would just start up again. Instead, after running RKill you should scan and clean your computer using your malware removal tool of choice. If there is a problem after running RKill, just reboot your computer and you will be back to where you started before running the program.
The latest version of RKill can be downloaded from the following locations (in BleepingComputer.com):
(Please note that the other filenames are RKill as well, just renamed in order to allow it to run by certain malware)
These warnings are just fake alerts by the malware that has hijacked your computer trying to protect itself. Two methods that you can try to get past this and allow RKill to run are:
1. When you receive the warning message, leave the message on the screen and try running RKill again.
On a final note, when you download and run RKill, certain anti-virus programs may state that the program is a security risk. This is because some of the tools used by RKill can be used for good or bad, though the programs themselves are perfectly harmless, and most anti-virus programs just lump them into the bad category. I assure you we are using them only for good purposes.
Other Free Antivirus Software:
BitDefender (Antivirus and security software, with Free Scan)
Symantec Security Response:
Virus Removal Tools Page (Free)
Updated: July 31 '15
Castellano: Sección de Información Anti Virus
Back: Home Page (PC Security and Updating Service)
Andrés Valencia: Communications