5 tips for identifying signs of malware
on
November 9, 2010
We all know what a big hassle a malware infection can be. By identifying the symptoms of the malware infection and the means available to clean malware on your PC you can restore the machine to a stable state and also safe-guard it from any future malware attacks. The following 5 recommendations should go a long way to help you recognize any signs of a malware contamination.
- Software
One of the easiest methods of locating malware on a machine would be to run anti-malware software. Many anti-malware and anti-virus software such as GFI VIPRE Antivirus Business include real-time protection, spyware and adware protection as well as unknown malware detection. The advantage of having real-time scanning is that all the 24/7 protection is done by the anti-virus product itself. This means that users do not have to perform frequent scans to ensure their machine is malware free. - PC slowdowns
Malware is well known for slowing down machines, be it network performance or the speed of application use. Naturally, just having a slow PC does not necessarily mean your machine is infected. Other factors can cause a machine to slow down, for example a fragmented system and/or lack of memory. It would therefore be advisable to check these things and schedule some routine maintenance, such as defragmenting your hard-disks, running a check-disk and a disk cleanup. Should the machine remain slow, the most likely cause would be malware. - Pop-ups
A recent, annoying sign of malware is the pop-up. Lately, there has been a boom of porn-related pop-up malware issues. Unwanted pop-ups are a sure sign of malware infection. The problem here is that they can’t always be removed in a conventional manner. In some cases, the machine must be booted into safe mode. As is the case with all malware, you’ll need a strong anti-malware application to remove them. - Change of home and/or Google links
Another common sign of malware infection is the sporadic web browser home page change. The same is true if you search using a search engine, click on a provided link, and are sent to a random link. If you’re seeing this behaviour, you have a malware or virus infection. - Browser offline
If you cannot get to the internet but you are sure that network connectivity is fine (you can ping a public DNS such as 4.2.2.2) you might be suffering from a malware infection. First thing to check is if you are using any foreign proxy in your Internet Options -> LAN Settings. Some malware configures your browser to pass through an unsafe proxy. You’d definitely want to remove those proxy settings.
Having anti-virus/anti-malware software installed isn’t always effective since some malware is programmed to disable it. It’s a good idea to have an software solution you can run from an USB drive or external hard drive or one you can do online.
I think benchmarks are a good identifier of anomalous PC slowdowns. It’s true that it’s hard to distinguish malware slowdowns from just plain old bad maintenance, but by running benchmarks under different conditions you’ll be able to see how your PC should perform at optimum conditions. If the performance begins to drop, you’ll see it in the numbers, and you’ll be able strike out malware or hardware malfunction in the process.
@antonio gevido
I think using performance benchmarks as the single topmost indicator of malware may be a bit misleading. All it may prove is that your workstation isn’t performing to the level intended. There’s a million reasons why that might happen (e.g faulty hardware, fragmented drives, software conflicts, unmaintained registry, etc.). And ruling the cause of a performance hit as either malware or hardware malfunction is not as simple as it may sound.
@antonio gevido
Actually, aside from benchmarking your PC performance, one could opt to benchmark their internet speed. Malware has been known to eat up large amounts of bandwidth when left unchecked (usually sending out user data to the originator). After experiencing frequent (and consistent) slowdown, and ruling out your internet provider or your router as a culprit, it might be safe to say that malware has gotten the best of you.
I think the supposed recent “boom of porn-related pop-up malware issues” isn’t recent at all. I’ve been running into those blasted pop-ups for over ten years now, and when I say “me”, I really mean all those people from the marketing department who keep on snooping around websites they shouldn’t and carrying to the office the malware they managed to “catch” at home.
Sorry about that. Just had to vent.
There are still too many factors to account for even if you cross check against previous benchmarking and internet speed test results. Malware will affect you in a number of difference ways, and internet and hardware performance slowdowns aren’t always a given. If you’re on a high speed internet connection, or a multicore processor, the slowdowns might actually be too negligible to notice. Multiple and thorough system scans are still the way to go, I believe.
I have to agree with Adrian when it comes to speed tests and benchmarks as a supposed indicator for identifying malware on a system. There are just too many scenarios to consider before checking off malware with a hundred percent certainty. Of course, it’s one way to do it, but I’ve been working on systems where malware wasn’t discovered until months after it’s initial installation.
Like it or not, spotting malware on your workstation (remote or mobile) has turned into a necessary skill for professionals who rely on their computers on a daily basis (which is practically everyone). Because of the widespread proliferation of malware, identifying signs of harmful software can no longer fall under the shoulders of IT specialists alone. Private users should also educate themselves on proper malware identification.
I think a lot of people commenting here are missing a major point of the article. Though we’re all arguing on the best way of spotting malware on a workstation, the article makes no claim that these are the only ways. The author only lists that these are five possible methods in a whole host of others. I don’t think that the methods indicated here are necessarily wrong, but neither are they exclusively right.
A wide variety of malware have been designed to shut off browsing capabilities. For this reason alone, I think it is imperative that users install multiple internet browsers to be able to identify if their computers have been infected with malware. Although individuals may be inclined to use one browser over the other, having Mozilla’s Firefox, Google’s Chrome and even Microsoft’s Internet Explorer on hand is important to check if browsing capabilities have been affected by malware.
One anti-virus is not sufficient. I have seen in the last few months that a file, which was given GREEN signal by an anti-virus an hour back, is detected as a malicious file as soon as you receive the update.
In a most recent scenario I noticed a network containing malicious files in all nodes with an anti-virus already running with updated definitions.
I use three tools for protection but as you know two anti-virus programs are not recommended, so I have planned it differently:
(1) I use GFI Vipre Anti-Virus Premium as main protection. Though it updates automatically still I check the updates from time-to-time.
(2) I use a tool called Malware Bytes Anti-Malware. Since it does not work as a resident tool, it never interferes with Vipre. I use it once a week. Before using it, I update it, disconnect my internet connection and disable Vipre’s Active Protection.
It detects few threats that were skipped by Vipre.
(3) Once a week I also perform online virus scan from ESET website. I would say, ESET heuristic engine is one of the best. Since it is also not resident and running on my PC in the background, there is no question of it interfering with my resident anti-virus.
I feel a multi-layer protection is needed as you can’t rely even on heuristics these days.
Hi everybody,
Thank you for all the comments.
Can you think of any other symptoms which might indicate a malware infection?
Kind regards,
Ben Vincenti
If you’re using Windows-based OS (such as XP, Vista, and Windows 7), you can identify malwares by just knowing what applications or programs load at startup.
In Windows, you can do this by accessing the System Configuration > Startup.
The Startup tab displays all programs that load when your PC starts from a shutdown or a restart. You can disable applications you dont need by unchecking an item.
I hope this helps.