SystemsNet Blog

Category Archives: Anti-virus

4 Signs that There’s Malware Hiding on Your Work Computer

Portrait of shocked and surprised IT manager realizing there is malware hiding on the work computer

Having a proactive plan to deal with malware can minimize the impact

Malware comes from everywhere. You can pick it up from files, websites, interesting PDFs and so much more. Everyone is subject to a little malware and it’s understood that professionals who must access the internet for work will inevitably get some kind of malware on their work computers. That’s just the world we live in now, and businesses have long since adapted to the idea of Backup Recovery when cybersecurity is never 100%.

But as a professional living your day-to-day, it’s also important to know how to identify malware when you pick it up. Unlike when the trend started back in the 90s, modern malware is pretty darn sneaky. It doesn’t cover your screen in ads anymore or obviously open and close programs. Instead, it eats your processor speed and steals your data in the background. Sometimes for months before you realize.

Today, we’re here to share four of the most tell-tale signs that there’s malware hiding on your work computer and it’s time to do a little BDR with a fresh operating system.

 

Unusually Slow Performance with Offline Programs

Internet speed ebbs and flows, even in the most high-speed office or the quietest residential neighborhood. You may expect the occasional slow performance due to internet speeds (or you may not) but slow offline programs are a completely different story.

You know your computer. You know how fast it can handle the offline programs you use regularly. Things that don’t need the internet like a simple calculator, word processor, or image editor. If you’re getting serious lag and latency when you should have your computer’s whole processing power to yourself, this can indicate that you’re sharing power with malware.

A malware program may be able to hide its install location or running processes. But it can’t hide the resources it uses up.

 

Unseen Programs that “Refuse to Close” When You Reboot

When you reboot your computer, Windows will tell you if there’s a program that didn’t close out smoothly with the ShutDown command. Often, this is just a Chrome browser you didn’t fully close. But sometimes, it’s a surprise. Your computer may tell you that Internet Explorer or Microsoft Edge are still running when you never use those programs. It might tell you something called xvb55t is running and won’t close, and that is a definite tip-off.

If something is opening programs invisibly on your computer and won’t close when you shut down… that’s malware. No two ways about it. And it’s time to fully wipe your system, because it’s hidden deep.

 

Your Web Extensions Aren’t Working as Expected

So often, web extensions are the cause or target of a malware attack. Most modern professionals run with some kind of ad blocker on. If you use Adblock plus, for example, it tends to pop open an extra tab nearly every time you open a new browser window. Especially from a new or recently cache-cleared device. If that browser window stops popping open, or if any of your other extensions start acting in an unusual or suspicious fashion, malware is often the cause.

You may want to clear your caches, prune your unused extensions, and possibly recover the entire computer to make sure no malware files have been hidden on your computer.

 

After a Scan/Clean/Reboot, You Still Scan Trackers

If you have a manual scanning program like CCleaner or something similar and you suspect there’s malware on your computer, there’s one sure way to check just how virulent that malware really is.

Start with a scan-clean cycle. Scan for trackers and junk and clear them. These could be anything and are often just clearing your temp files of web-junk that could be slowing you down. Reboot your computer, then do another scan. Find new trackers? Find new junk? There’s malware adding malicious crud to your computer as soon as it gets a chance. Also, watch your scanned-for and threat-eliminated results. If the scanner says 1 tracker was found, but it eliminated 3 trackers by the end-report, those trackers were added while the sweep-and-clear was ongoing.

You not only have malware, you have seriously aggressive malware and BDR is the best option.

Find malware on your computer? Have a really intense suspicion that there’s malware lurking? Now is the time to use your company’s backup recovery plan or get in touch with your IT help desk for guidance on how to fully wipe and safely restore your work computer. For more cybersecurity, backup recovery, and malware protection insights, contact us today!

Removing SAVEfiles Virus and Others with Webroot

Hands on a keyboard removing SAVEfiles virus with Webroot

Protecting workstations and servers is critical in preventing downtime

SAVEfiles is a recent high-profile web virus making its rounds on the internet. It is attacking Windows based computers, workstations and servers with the goal of locking out the user and encrypting key files through AES and RSA algorithms. The hackers demand a ransom (in the form of Bitcoin) in order to restore full service. Like the WannaCry virus before it, this is a dangerous malware that should be avoided at all costs. In the case that it has infiltrated your system, there are a few things to know.

Response

First and foremost, users should not under any circumstances actually send the funds to the hackers. Most likely the scammers will not send the encryption key and the victim will simply be out his or her money with no result.

Secondly, even if the hackers send the encryption key, it will most likely be located on another malicious server location. Accessing that server may allow your computer to download or access additional malware. That malware could spread to other people in your network or simply lock additional files on your computer. So it is ideal to avoid this result.

Next, use reimage repair to start over from the beginning with your Windows system. That detects the ransomware and helps to restart and avoid the malware. Finally, use a high quality anti virus tool like Webroot to eliminate the malicious software and free yourself of the damage.

Anti-Virus Tools

In order to solve this dilemma, the best thing to do is apply a Webroot Anti-virus tool. It is an evolution of the well-known Spy Sweeper product. It has a handy “fix it now” feature that does not require the user to do anything but click the button to resolve the problem. At that point, the software will search the entire system for foreign, unauthorized files and eliminate them.

Webroot has a vast library of potential viruses that it can knock out with ease. Additionally, it can detect new files that enter the system if they are not authorized. It will then eliminate those after the user authorizes it.

Webroot has one the Virus Bulletin certification for excellence four times. ICSA labs has also certified it as a dependable anti virus solution for computers and servers. For this reason, many people are willing to rely on it to fix their systems.

The Webroot version 7.0 is the most impressive release yet. This version has much better user interface design. It also divides messages into “Green”, “Yellow” and “Red” so that it is very simple to prioritize. Green means that the system is clear, yellow messages are warnings and red messages indicate a virus must be removed. It also offers automatic periodic scans that are either Quick Sweeps or Full Sweeps.

Other Actions

In the future, there several additional security steps you may take. Firstly, you can purchase a USB stick and keep sensitive files in this device offline. Additionally, you may keep redundant files in different locations on the cloud. That way, if your device is compromised you still can access the important files from another device.

Of course, don’t click on suspicious links or download software from unverified sources. These are the most common sources of viruses online.

Make sure to change passwords every so often so that if the device is compromised once, it won’t continue to be compromised.  Network admins should make sure to have different passwords and authentications for different levels of the network as well.

Get Started

Webroot Antivirus is a leading provider of antivirus tools. They have helped large and small companies attack malicious software and prevent it from infecting an entire network. For more information, please contact us.

Kovter Strikes Computers Everywhere

Removing Trojan Kovter Malware

Are you prepared for when disaster strikes

Every year, there are high-impact viruses that plague individuals and businesses alike. One of the newest that has wreaked havoc on the world of IT is known as Kovter. It’s affecting a number of computers and there are a lot of people that have been impacted by its destruction.

What is Kovter?

Kovter works as a Trojan. It has acted as a ransomware downloader as well as click-fraud malware. It is disseminated using malspam email attachments that contain malicious office macros. One of the ways that this fileless malware has been able to evade detection is by hiding inside of registry keys.

There has been a number of reports that indicate the Trojan infections receive updated instructions from a command and control infrastructure that serves as a remote access back door. When this happens, the hackers will have an access point into your computer or server.

Kovter showed up several years ago and continues to be the biggest threat throughout 2018. Part of this is because it has evolved significantly. It may use code injection as a way of infecting the target and will steal information so that it goes back to the command and control servers.

How to Look for Kovter

Kovter is really good at hiding itself. It generally infects a computer using an attachment that comes over as a micro-based spam. Once the attachment is opened, it will install on the computer and hide within the registry entries. Most of the attachments are compromised Microsoft office files.

Since it is fileless, it can be difficult to detect. However, you want to make sure that your organization is aware of how to protect against email threats. Use various anti-spam filters so that malicious emails can be blocked before reaching the endpoint user. You also want to make sure that security updates are applied as soon as possible.

Who Has Been Affected?

A number of people throughout the UK, US, Canada, and Australia have been affected by the Trojan. Many people found the virus through a malvertising campaign or Traffic Junky. People were sent to a pop-up that told them they needed to install an update to their browser. By doing so, they unknowingly downloaded Kovter to their computer.

It’s unclear as to how many computers have actually been affected – though the number is easily into the tens of thousands since one version or another has been around since as early as 2011.

What You Can Do

You need to be sure that you have a high level of security within your business. You want to make sure that you are protecting your servers and workstations so that they stay free of viruses and Trojans. Otherwise, malware can render your computer absolutely useless or result in important data being lost or stolen.

Webroot Antivirus is a 20-time winner from PCMag. It provides you with the antivirus protection on all of your devices so that you can enjoy a greater level of peace of mind. You get advanced threat protection and the security is always on. You can stop ransomware and enjoy real-time blocks on harmful sites. This way, no matter how much you teach your employees not to go to specific sites, you can ensure that dangerous sites are blocked to avoid various problems. Additionally, based on the antivirus protection that you choose, you will also be able to monitor your firewall and network connection and secure various smartphones and tablets that are used by your employees.

Learn more about Webroot Antivirus and how it can protect your servers and workstations by contacting SystemsNet today. Our various packages will monitor your systems and help you with all of the various components of your IT infrastructure. As geeks, we work hard to help you protect your systems

What Can You Do To Defend Yourself Against Ransomware?