How to Detect and Remove Malware and Rogue Software
by Colin R on 08/25/2009 in Security, Virus Removal
I visit many malicious sites which contain IRC Bots, Backdoor Trojans, malicious Codec’s and so on. I also download many different applications, to run them and verify whether they are rogues or not.
In some cases a rogue is defined as having malicious content which will harm a user’s computer, and in other cases the program will find exaggerated results or false results in a bid to get users to purchase the vendors program.
Frequently, website owners will write asking why their site is listed as a Rogue or Malicious program on my List of Known Malicious Sites / Rogue Software. They believe that their program is good, and users have purchased it based on the initial scan which finds a number of problems.
Recently, in one such case, a website owner wrote asking why their site was listed. I downloaded and ran the program again, which was a spyware detector, just to get the facts right.
In this particular case it found 13 Trojan Agents and 1 Keylogger. I followed through on the results, not wishing to purchase the program, but it did list the locations within the Registry, very kind.
What did it find? Sandboxie was classified as a Trojan Agent and of a ‘Critical Level’. I have used Sandboxie for some time, and I have never had ANY program that shows it to be a Trojan Agent…apart from one! Many people I know use Sandboxie and would be mortified if it did indeed contain a Trojan.
Many Users use Spybot Search & Destroy or have their own Hosts File, either by importing hpHosts, MVPS or creating their own from scratch. I use a Hosts File, it blocks access to known bad sites and I use HostsXpert to update it and add to it manually.
Bad sites are redirected to the Local Host, which is 127.0.0.1. The spyware detector I ran found Host entries as Trojan Agents, although when you consider that my Hosts have around 12000 entries, ONE is singled out in my Registry as a Trojan Agent, all 12 references to it!
I have an anti-keylogger installed, but this program detected it as a Generic.Keylogger. This is part of MY safety, with this application I can block programs from capturing keystrokes and reading the screen.
Because of what the program found, it falls into the category of being a Rogue application due to finding false problems. If I were to purchase the program, I would lose the use of Sandboxie, my anti-keylogger and the block to a known malicious site would be removed from my Hosts, allowing full access to the site!
I simply cannot, and will not, recommend ANY program that finds false readings, exaggerated readings or downloads any kind of malware, and it will be added to my growing list!
I take security seriously and ensure that my machines are clean. There are many free programs available that offer superb protection if used correctly, and the same free programs also remove or block a lot of the threats that are waiting to attack every one of us as we surf the internet.
Good security does not need to be expensive, in fact, it can be completely free if using the right combination of programs.
There is no ‘one size fits all’, so users have to play around a little to find what works best for them and they have to be comfortable with what they are using.
Don’t forget to visit Free PC security which has free programs and tutorials.
Kikolani
Aug 25th, 2009
Your list of list of known malicious sites & software is a good reference for anyone unsure if they have come across something they are unsure of. Just this morning, one of my SU “friends” sent me to a site that came up with all these popups saying my machine was infected and I should download their software to clean it. I knew that was crap because I just ran my spyware / virus scanner yesterday afternoon, and all was clear.
.-= Kikolani´s last blog ..Merlin Crosses the Rainbow Bridge =-.
Frank J
Aug 25th, 2009
Kristi,
I thought this was one of the best security posts I have read. Colin provided a lot of good information on tools to detect, test and remove such malicious code and or software.
Colin
Aug 26th, 2009
@ Kristi – It never ceases to amaze me just how many users continue to download these rogue applications.
Many do get caught with backdoor downloads, but with good security in place the majority can be avoided.
@ Frank – Thanks bro
@ Ching – Now if there was a single tool it would be too easy lol, but with a variety of tools that are available to users, the majority of malware infections can be removed without too much trouble.
It all comes down to research, finding what works and educating users!
Frank J
Aug 26th, 2009
Colin,
Awesome post! Thanks for the education on a few tips you shared that I was not aware of.
How to remove | How to Detect and Remove Malware and Rogue Software | How To Remove
Aug 25th, 2009
[...] from: How to Detect and Remove Malware and Rogue Software Tags: backdoor, false-results, malicious-sites, other-cases, program, some-cases, the-program, [...]
Ching Ya
Aug 25th, 2009
Having to work in an IT company for quite a while, I discovered there’s never a perfect tool/application to deal with malware/viruses/trojans etc. We use ‘how powerful’ at times but even so it is not always accurate. I agree that users have to work their ways out to find the ones that suit their needs — depending on respective PC activities, the sites they often go to etc, all of these will be taken into account.
Still, I truly applaud your effort for compiling a great list of references, Frank. ^^
@wchingya
Social/Blogging Tracker
.-= Ching Ya´s last blog ..How Seriously Do You Take Blog Comments? =-.
Frank J
Aug 26th, 2009
Ching,
You’re right! That’s what keeps us in jobs.
saas
Aug 27th, 2009
Colin, thanks for sharing this … Indeed ,there is not perfect tool to remove all the security threats , at least that is helping us.
.-= saas´s last blog ..bizoservices.com =-.
plumber sydney
Aug 27th, 2009
So does it mean I have to keep trying different types Of antivirus or anti malware programs,
I normally just Use kaspersky and dont download softwares from unsecure sites, mostly i go for softpedia,
Thanks for the list of the sites
Frank J
Aug 27th, 2009
Plumber,
Not at all. If what you have is working and I am familiar with Kaspersky than don’t change anything. But if something that you current program can’t seem to resolve this post provides different tools to remove the malicious data.