Docstoc
EXCLUSIVE OFFER FOR DOCSTOC USERS
Try the all-new QuickBooks Online for FREE.  No credit card required.

Virus Prevention

Document Sample
Virus Prevention Powered By Docstoc
					Greetings, You Have A Virus.

Viruses, trojans, spyware...the arch enemy of computer users and the
prize of hackers. In this post I am going to list the most easiest ways
to get rid of those pests forever, but first of all, a small checklist:

-Do you have any antivirus software installed? I recommend Avast
-Do you have a firewall installed? I recommend ZoneAlarm
-Do you have automatic updates enabled or do you install updates
regularly?

Now, if you have answered yes to all of those you may proceed to scan
your computer, I recommend you to download one or more of these tools.

    Malwarebytes - Download
    Spybot: Search & Destroy - Download
    SuperAntiSpyware - Download



Do a full scan with them. If anything is found, delete them and restart
your computer immediately. If that didn't work, keep reading.

Look at your processes
.You can view your processes by starting Task Manager and clicking the
"Processes" tab. We are basically looking for any suspicious process that
indicates an infection.

Non-suspicious processes

    taskhost.exe
    csrss.exe
    nvvsvc.exe
    winlogon.exe
    svchost.exe
    explorer.exe

If you find any process that you don't know about, multiple of the same
process or a process with an unusual name/description, you may right-
click >> end process. Note that it is not uncommon for there to be
several svchost.exe processes.

Look for active connections

Go Start>Run>cmd and type netstat - wait till it lists all connections.
You should see many 127.0.0 connections as well as your ip connections on
the Local Address tab. They are fine.

If you look under Foreign Address and find your ip, there should be
"xxx.xxx.xxx.xx:80" They are fine too. That 80 is a port number, and it
shows up when your internet is on. If there is many non-80 or 25 ports,
close ALL programs FULLY and do this scan again. Also, look for any
suspicious or unknown IP address. Retype netstat, if it is still there
then it MAY be a rat or keylogger. Don't worry we will fix it.
Disable the startup of a virus

Go Start>run>msconfig.
Then go to "startup" tab and try to find a suspicious application there.
If you see something like "server.exe" uncheck it!
Now the rat / keylogger wont start when the computer boots up next time.




How to prevent getting a virus

Download Sandboxie and run all suspicious files in it, check how many
processes pops up (Sandboxie Control). Don't download everything you see
and remember, if it sounds too good to be true, it probably is!

Good luck!
Damien.