Some of our blog readers have asked us via our feedback email address for some basic tips and tricks on how users can spot a malware infection on their machine. Now, the simple answer here is that it's easy, Sophos will find it, notify you, and remove it :) However, we do appreciate that we have a lot of users reading the blog who aren't Sophos customers, along with users who would find it extremely helpful to have some kind of quick reference guide which they can pass on to friends, family or colleagues for whatever reason. Whilst we as a company focus primarily on corporate users, those users may be entitled to run Sophos on their home machines if they so desire. Consequently we're happy to divert from our more traditional audience here to provide some guidance on a very basic level, directed at the home rather than the business user.
The first thing to bear in mind is that if you do suspect an infection and turn to an online search engine for help, a certain amount of caution is needed. With so many rogue anti-virus and anti spyware applications currently in circulation you may find your search results poisoned by scamware. When looking through the results keep an eye out for the names of websites and companies that you're familiar with and feel you can trust. With a lot (but sadly not all) of rogue applications a bit of common sense is all you need to spot them. Misspelled words, unrealistic claims and a total lack of grammar will often tell you all you need to know. When looking for advice relating to any aspect of diagnosing and removing malware from your system, stick to names that you know and trust, and if you're at all unsure Google the company in question for more information. Have a look at Pete's earlier blog for more information on keeping your grey matter well and truly patched.
So, assuming you're either a home user or have the home user in mind, here's some very basic guidance from us on how to spot the telltale signs of infection.
We all know that each time we go online we're exposesd to the possibility of infection. No matter which internet browser you use, there are simple ways you can spot the common symptoms of a malware infection. People will happily argue until they're blue in the face about which internet browser is the most secure, and at the same time people will continue to use whichever browser they prefer regardless of what anyone else says. For any browser though, the following are all indications that you could be infected:
- Popups that are excessive in number, unrelated to whatever you're browsing, or 'X rated' in nature (keep in mind that some popups will be irritating but relatively legitimate)
- Changes to your homepage (some ISPs and applications will automatically set your homepage for you, but you should be on your guard if you open your browser and are presented with a homepage you don't recognise. If you find yourself unable to reset this through the usual method then you should definitely be concerned)
- Crashes. Your browser crashes repeatedly and/or unexpectedly, or presents you with error messages referencing unfamiliar/unusual filenames (often you will find that Googling the filename mentioned will give you a clue as to which, if any, piece of malware you're dealing with)
- Altered bookmarks. Your browser bookmarks or favourites have changed without your knowledge.
- Search engine changes. Your usual search engine of choice has been replaced with something unfamiliar.
- Slow browsing. Your browsing speed is significantly slower than normal.
- Redirects. You find yourself randomly being redirected to websites that are unrelated to the sites you intended to visit
A huge proportion of in-the-wild malware is geared towards stealing users' personal information. Theft of bank details, gaming logons, IM and email accounts are all big business for malware authors. If you find that any of your online account details stop working unexpectedly you should contact the provider in question immediately. Malware authors will do their utmost to leave their programs sitting unnoticed on your system, but they often leave behind traces like the above which are easy to spot.
General computer use
Outside of browsing there are plenty of other places you can check for signs of infection. Whilst the following can be caused by many things other than infection, they should all be borne in mind as possible symptoms of the presence of malware on your system:
- Your machine becomes sluggish and unresponsive
- You notice unfamiliar icons and/or shortcuts on your system
- You spot unfamiliar programs in the add/remove section of your Control Panel
- You see unexpected changes in your desktop appearance, including background wallpaper and screensavers
- You receive email bounces relating to emails that you haven't sent
- Your time and date settings have been altered
- Your machine shuts itself down without warning
- Your Taskbar is no longer visible
- You spot unexpected and unfamiliar message boxes
- Your machine notifies you on shutdown that other users are still connected
- You hear unexpected sounds being played on your machine
- You receive notifications from your router or firewall about unfamiliar applications attempting to connect to the internet
- Your machine freezes unexpectedly
The above are all obviously easy to spot and monitor. If your wallpaper changes or your machine is riddled with pornographic popups you're not going to miss it. One other effective way of checking for infection, which is a lot less obvious and a lot more hassle, is to monitor the file size of programs installed on your hard drive. Whislt everything else we've covered so far can indicate the presence of a Trojan or a worm on you machine, unexplained file size changes are an excellent indicator of an actual virus infection on your system.
Ask the experts
If you've noticed any of these possible symptoms and are concerned that you may be infected, there are plenty of free online scans you can use to check and be sure. Our online tools can found here, and are free for anyone to use. As I've already mentioned I can't over emphasise the need to take care in who you trust to scan your system. Pick a company whose name you at least recognise, and if you don't know their reputation personally take a few seconds to see what a Google search throws up.
It goes without saying that keeping your anti-virus software and security patches up to date is a must. Regardless of which anti-virus provider you use, if you find a file on your system that you're suspicious of you can always send it in to us for analysis if you're concerned. We look at samples from both customers and non-customers alike, although of course our customers will always get much higher priority treatment. Whilst our focus and priority are our business customers, our interest is of course in thwarting as much malware out there as possible, regardless of where we find it.
Blog readers are always welcome to let us know what they'd like to see more (or less!) of on the blog, and can contact us at the usual address.